{# SPDX-FileCopyrightText: 2024 MDAD Team and contributors SPDX-License-Identifier: AGPL-3.0-or-later #} #jinja2: lstrip_blocks: "True" # This is a custom nginx configuration file that we use in the container (instead of the default one), # because it allows us to run nginx with a non-root user. # # For this to work, the default vhost file (`/etc/nginx/conf.d/default.conf`) also needs to be removed. # (mounting `/dev/null` over `/etc/nginx/conf.d/default.conf` works well) # # The following changes have been done compared to a default nginx configuration file: # - default server port is changed (80 -> 8080), so that a non-root user can bind it # - various temp paths are changed to `/tmp`, so that a non-root user can write to them # - the `user` directive was removed, as we don't want nginx to switch users worker_processes 1; error_log /var/log/nginx/error.log warn; pid /tmp/nginx.pid; events { worker_connections 1024; } http { proxy_temp_path /tmp/proxy_temp; client_body_temp_path /tmp/client_temp; fastcgi_temp_path /tmp/fastcgi_temp; uwsgi_temp_path /tmp/uwsgi_temp; scgi_temp_path /tmp/scgi_temp; include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; server { listen 8080; server_name localhost; root /usr/share/nginx/html; location / { # Inspired by: https://raw.githubusercontent.com/cinnyapp/cinny/dev/docker-nginx.conf root /usr/share/nginx/html; rewrite ^/config.json$ /config.json break; rewrite ^/manifest.json$ /manifest.json break; rewrite ^.*/olm.wasm$ /olm.wasm break; rewrite ^/sw.js$ /sw.js break; rewrite ^/pdf.worker.min.js$ /pdf.worker.min.js break; rewrite ^/public/(.*)$ /public/$1 break; rewrite ^/assets/(.*)$ /assets/$1 break; rewrite ^(.+)$ /index.html break; } } }