events {} http { upstream backend { server backend-a:8000; } upstream frontend { server frontend:5173; } upstream wiki { server wiki:8001; } upstream dns { server dns:8053; } server { listen 8080 ssl; server_name localhost; ssl_certificate /etc/nginx/nginx.crt; ssl_certificate_key /etc/nginx/nginx.key; location /api { proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Port $server_port; proxy_pass http://backend; } location /auth { proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Port $server_port; proxy_pass http://backend; } location /docs { proxy_pass http://backend/docs; } location /static { proxy_pass http://backend/static; } location /wiki { proxy_pass http://wiki/wiki; } location /livereload { proxy_pass http://wiki/livereload; } location /local/ { alias /var/www/; try_files $uri.json =404; add_header Content-Type application/json; } location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_pass http://frontend; } } # DoH server server { listen 5353 ssl; server_name localhost; ssl_certificate /etc/nginx/nginx.crt; ssl_certificate_key /etc/nginx/nginx.key; location /dns-query { proxy_pass http://dns; # allow any origin add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; } } }