mimo-dashboard.conf

upstream dashboard {
    server dashboard:8080;
}

server {
  listen 8080;
  listen 8443 ssl;
  server_name dashboard.HOSTNAME;
  expires max;

  server_tokens off;

  ssl_certificate      /etc/nginx/certs/dashboard.HOSTNAME/fullchain.pem;
  ssl_certificate_key  /etc/nginx/certs/dashboard.HOSTNAME/key.pem;

  ssl_session_timeout  5m;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers  HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers   on;

  location ^~ /.well-known/acme-challenge/ {

      # Set correct content type. According to this:
      # https://community.letsencrypt.org/t/using-the-webroot-domain-verification-method/1445/29
      # Current specification requires "text/plain" or no content header at all.
      # It seems that "text/plain" is a safe option.
      default_type "text/plain";

      # This directory must be the same as in /etc/letsencrypt/cli.ini
      # as "webroot-path" parameter. Also don't forget to set "authenticator" parameter
      # there to "webroot".
      # Do NOT use alias, use root! Target directory is located here:
      # /var/www/common/letsencrypt/.well-known/acme-challenge/

      auth_basic off;
      allow all;
      root /usr/share/nginx/html;
      try_files $uri =404;
      break;
  }


  location @dashboard {
    #limit_req_zone $http_x_forwarded_for zone=perip:10m rate=5r/s;
    #limit_req_zone $server_name zone=perserver:10m rate=50r/s;
    #limit_req_status 429;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_intercept_errors on;
    proxy_redirect off;
    proxy_pass http://dashboard;
    expires off;
  }

  location /_health {
    try_files $uri @dashboard;
  }

  location / {
    #if ($http_x_forwarded_proto != "https") {
    #  return 301 https://$host$request_uri;
    #}

    try_files $uri @dashboard;
  }
}