Added nginx configuration files

Author: Yuval-Roth

nginx/nginx.conf

@@ -0,0 +1,97 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}
+
+stream {
+    server {
+        listen 8644;
+        
+        # SSL certificates
+        # ssl_certificate /etc/letsencrypt/live/ims-project.cs.bgu.ac.il/fullchain.pem;
+        # ssl_certificate_key /etc/letsencrypt/live/ims-project.cs.bgu.ac.il/privkey.pem;
+
+        proxy_connect_timeout 60s;
+        proxy_socket_keepalive on;
+        proxy_pass localhost:5432;
+    }
+}
+
+
+#mail {
+#	# See sample authentication script at:
+#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+#	# auth_http localhost/auth.php;
+#	# pop3_capabilities "TOP" "USER";
+#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+#	server {
+#		listen     localhost:110;
+#		protocol   pop3;
+#		proxy      on;
+#	}
+#
+#	server {
+#		listen     localhost:143;
+#		protocol   imap;
+#		proxy      on;
+#	}
+#}

nginx/sites-available/default

@@ -0,0 +1,61 @@
+# Redirect HTTP traffic to HTTPS
+server {
+    listen 80;
+    listen [::]:80;
+    server_name ims-project.cs.bgu.ac.il;
+
+    # Serve .well-known/acme-challenge before redirecting to HTTPS
+    location ^~ /.well-known/acme-challenge/ {
+        root /var/www/html;
+        allow all;
+    }
+
+    # Redirect all HTTP traffic to HTTPS
+    if ($host = ims-project.cs.bgu.ac.il) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+}
+
+# HTTPS server block
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name ims-project.cs.bgu.ac.il;
+
+    # SSL certificates
+    ssl_certificate /etc/letsencrypt/live/ims-project.cs.bgu.ac.il/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/ims-project.cs.bgu.ac.il/privkey.pem; # managed by Certbot
+
+    # Improve SSL security
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+
+    # Root directory
+    root /var/www/html;
+
+    # Add index.php to the list if you are using PHP
+    index index.html index.htm index.nginx-debian.html;
+
+    location ^~ /.well-known/acme-challenge/ {
+        root /var/www/html;
+        allow all;
+    }
+
+    # Location for serving requests
+    location / {
+        # Proxy requests to Flask application
+        proxy_pass http://127.0.0.1:5000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # Deny access to .htaccess files if present
+    location ~ /\.ht {
+        deny all;
+    }
+
+}

nginx/sites-available/ims-project

@@ -0,0 +1,97 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name manager-http;
+
+    # Redirect all HTTP traffic to HTTPS
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name manager-https;
+
+    # SSL certificates
+    ssl_certificate /etc/letsencrypt/live/ims-project.cs.bgu.ac.il/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/ims-project.cs.bgu.ac.il/privkey.pem;
+
+    # Improve SSL security
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+
+    # Root directory
+    root /var/www/html;
+
+    # Add index.php to the list if you are using PHP
+    index index.html index.htm index.nginx-debian.html;
+
+    # Location for serving requests
+    location / {
+        proxy_pass http://127.0.0.1:5000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # Deny access to .htaccess files if present
+    location ~ /\.ht {
+        deny all;
+    }
+}
+
+server {
+    listen 8640 ssl;
+    listen [::]:8640 ssl;
+
+    server_name game-server;
+
+    # SSL certificates
+    ssl_certificate /etc/letsencrypt/live/ims-project.cs.bgu.ac.il/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/ims-project.cs.bgu.ac.il/privkey.pem;
+
+    # WebSocket traffic
+    location /ws {
+        proxy_pass http://127.0.0.1:8080;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # All other requests (REST API, static files, etc.)
+    location / {
+        proxy_pass http://127.0.0.1:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+
+server {
+    listen 8645 ssl;
+    listen [::]:8645 ssl;
+
+    server_name server-manager;
+
+    # SSL certificates
+    ssl_certificate /etc/letsencrypt/live/ims-project.cs.bgu.ac.il/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/ims-project.cs.bgu.ac.il/privkey.pem;
+
+    # Location for serving requests
+    location / {
+        proxy_pass http://127.0.0.1:8085;
+        proxy_set_header Host $host:$server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}