UniqAI/hexabot
1
0
Fork 0
mirror of https://github.com/hexastack/hexabot synced 2025-06-26 18:27:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: initial commit

Browse Source
This commit is contained in:
Mohamed Marrouchi
2024-09-10 10:50:11 +01:00
commit 30e5766487
879 changed files with 122820 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
docker/.env.example Normal file
View File

@@ -0,0 +1,52 @@
# API & Common
NODE_ENV=dev
API_PORT=4000
APP_MONGO_EXPRESS_PORT=9000
APP_SMTP_4_DEV_PORT=9002
APP_SCRIPT_COMPODOC_PORT=9003
API_ORIGIN=http://localhost:4000
FRONTEND_ORIGIN=http://localhost:8080,http://localhost:8081,http://localhost:5173,http://localhost,http://localhost/*,*
MONGO_USER=dev_only
MONGO_PASSWORD=dev_only
MONGO_URI=mongodb://dev_only:dev_only@mongo:27017/
MONGO_DB=hexabot
JWT_SECRET=dev_only
JWT_EXPIRES_IN=60
SALT_LENGTH=12
HTTPS_ENABLED=false
SESSION_SECRET=f661ff500fff6b0c8f91310b6fff6b0c
SESSION_NAME=s.id
UPLOAD_DIR=/uploads
UPLOAD_MAX_SIZE_IN_BYTES=2000000
INVITATION_JWT_SECRET=dev_only
INVITATION_EXPIRES_IN=24h
PASSWORD_RESET_JWT_SECRET=dev_only
PASSWORD_RESET_EXPIRES_IN=1h
CONFIRM_ACCOUNT_SECRET=dev_only
CONFIRM_ACCOUNT_EXPIRES_IN=1h
FRONTEND_DOCKER_IMAGE=linuxtry
EMAIL_SMTP_HOST=smtp4dev
EMAIL_SMTP_PORT=25
EMAIL_SMTP_SECURE=false
EMAIL_SMTP_USER=dev_only
EMAIL_SMTP_PASS=dev_only
I18N_TRANSLATION_FILENAME=messages
# NLU Server
AUTH_TOKEN=token123
LANGUAGE_CLASSIFIER=language-classifier
INTENT_CLASSIFIERS=en,fr
TFLC_REPO_ID=Hexastack/tflc
JISF_REPO_ID=Hexastack/jisf
NLP_PORT=5000
# Frontend (Next.js)
APP_FRONTEND_PORT=8080
NEXT_PUBLIC_API_ORIGIN=http://localhost:4000/
NEXT_PUBLIC_SSO_ENABLED=false
# Widget
APP_WIDGET_PORT=5173
REACT_APP_WIDGET_API_URL=http://localhost:4000
REACT_APP_WIDGET_CHANNEL=offline
REACT_APP_WIDGET_TOKEN=token123

57
docker/docker-compose.dev.yml Normal file
View File

@@ -0,0 +1,57 @@
version: "3.8"
services:
database-init:
volumes:
- ../api/src:/app/src
- ../api/migrations:/app/migrations
# - ../api/node_modules:/app/node_modules
api:
ports:
- ${API_PORT}:3000
- 9229:9229 # vscode debug port
volumes:
- ../api/src:/app/src
- ../api/migrations:/app/migrations
#- ../api/node_modules:/app/node_modules
command: ["npm", "run", "start:debug"]
smtp4dev:
image: rnwood/smtp4dev:v3
restart: always
ports:
- ${APP_SMTP_4_DEV_PORT}:80
- "25:25"
- "143:143"
volumes:
- smtp4dev-data:/smtp4dev
environment:
- ServerOptions__HostName=smtp4dev
- ServerOptions__LockSettings=true
networks:
- db-network
mongo-express:
container_name: mongoUi
image: mongo-express:1-20
restart: always
ports:
- ${APP_MONGO_EXPRESS_PORT}:8081
networks:
- db-network
environment:
ME_CONFIG_MONGODB_ADMINUSERNAME: ${MONGO_USER}
ME_CONFIG_MONGODB_ADMINPASSWORD: ${MONGO_PASSWORD}
ME_CONFIG_MONGODB_URL: ${MONGO_URI}
widget:
build:
target: development
volumes:
- ../widget/src:/app/src
ports:
- ${APP_WIDGET_PORT}:5173
volumes:
smtp4dev-data:

8
docker/docker-compose.nginx.dev.yml Normal file
View File

@@ -0,0 +1,8 @@
version: "3.8"
services:
nginx:
container_name: nginx
volumes:
- ./nginx/unsecure/:/etc/nginx:ro
- /etc/localtime:/etc/localtime:ro

18
docker/docker-compose.nginx.prod.yml Normal file
View File

@@ -0,0 +1,18 @@
version: "3.8"
services:
nginx:
container_name: nginx
volumes:
- ./nginx/secure/:/etc/nginx:ro
- /etc/localtime:/etc/localtime:ro
- ./nginx/certbot/conf:/etc/letsencrypt
- ./nginx/certbot/www:/var/www/certbot
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
certbot:
image: certbot/certbot
volumes:
- ./nginx/certbot/conf:/etc/letsencrypt
- ./nginx/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"

19
docker/docker-compose.nginx.yml Normal file
View File

@@ -0,0 +1,19 @@
version: "3.8"
services:
nginx:
container_name: nginx
image: nginx:latest
restart: unless-stopped
networks:
- app-network
ports:
- 80:80
- 443:443
volumes:
- ./nginx/unsecure/:/etc/nginx:ro
- /etc/localtime:/etc/localtime:ro
depends_on:
- api
- hexabot-frontend
- widget

6
docker/docker-compose.nlu.dev.yml Normal file
View File

@@ -0,0 +1,6 @@
version: "3.9"
services:
nlu-api:
ports:
- ${NLP_PORT}:5000

27
docker/docker-compose.nlu.yml Normal file
View File

@@ -0,0 +1,27 @@
version: "3.9"
services:
api:
networks:
- nlp-network
depends_on:
nlu-api:
condition: service_healthy
nlu-api:
container_name: nlu-api
build:
context: ../nlu
dockerfile: Dockerfile
env_file: .env
networks:
- nlp-network
healthcheck:
test: curl --fail http://localhost:5000/health || exit 1
interval: 10s
timeout: 10s
retries: 5
start_period: 10s
networks:
nlp-network:

5
docker/docker-compose.prod.yml Normal file
View File

@@ -0,0 +1,5 @@
version: "3.8"
widget:
build:
target: production

96
docker/docker-compose.yml Normal file
View File

@@ -0,0 +1,96 @@
version: "3.9"
services:
database-init:
container_name: database-init
build:
context: ../api
command: sh -c "npm run cache:init && npm run migrate prune && npm run migrate up"
env_file: .env
networks:
- db-network
depends_on:
mongo:
condition: service_healthy
api:
container_name: api
build:
context: ../api
env_file: .env
ports:
- ${API_PORT}:3000
networks:
- db-network
- app-network
volumes:
- api-data:/uploads
depends_on:
mongo:
condition: service_healthy
database-init:
condition: service_completed_successfully
healthcheck:
test: "wget --spider http://localhost:3000"
interval: 10s
timeout: 10s
retries: 5
start_period: 10s
hexabot-frontend:
container_name: frontend
build:
context: ../
dockerfile: ./frontend/Dockerfile
args:
- NEXT_PUBLIC_API_ORIGIN=${NEXT_PUBLIC_API_ORIGIN}
- NEXT_PUBLIC_SSO_ENABLED=${NEXT_PUBLIC_SSO_ENABLED}
env_file: .env
ports:
- ${APP_FRONTEND_PORT}:8080
networks:
- app-network
depends_on:
api:
condition: service_healthy
mongo:
container_name: mongo
image: mongo:7.0
restart: always
environment:
MONGO_INITDB_ROOT_USERNAME: ${MONGO_USER}
MONGO_INITDB_ROOT_PASSWORD: ${MONGO_PASSWORD}
networks:
- db-network
healthcheck:
test: echo 'db.stats().ok' | mongosh localhost:27017 --quiet
interval: 10s
timeout: 10s
retries: 5
start_period: 10s
volumes:
- mongo-data:/data/db
widget:
container_name: widget
build:
context: ../widget
args:
REACT_APP_WIDGET_API_URL: ${REACT_APP_WIDGET_API_URL}
REACT_APP_WIDGET_CHANNEL: ${REACT_APP_WIDGET_CHANNEL}
REACT_APP_WIDGET_TOKEN: ${REACT_APP_WIDGET_TOKEN}
networks:
- app-network
depends_on:
api:
condition: service_healthy
volumes:
mongo-data:
api-data:
networks:
db-network:
app-network:

82
docker/init-letsencrypt.sh Executable file
View File

@@ -0,0 +1,82 @@
#!/bin/bash
# Source the .env file
if [ -f .env ]; then
export $(grep -v '^#' .env | xargs)
fi
if ! [ -x "$(command -v docker compose)" ]; then
echo 'Error: docker compose is not installed.' >&2
exit 1
fi
domains=(demo.hexabot.io)
rsa_key_size=4096
data_path="./nginx/certbot"
email="contact@hexastack.com" # Adding a valid address is strongly recommended
staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
if [ -d "$data_path" ]; then
read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
exit
fi
fi
if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
echo "### Downloading recommended TLS parameters ..."
mkdir -p "$data_path/conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf >"$data_path/conf/options-ssl-nginx.conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem >"$data_path/conf/ssl-dhparams.pem"
echo
fi
echo "### Creating dummy certificate for $domains ..."
path="/etc/letsencrypt/live/$domains"
mkdir -p "$data_path/conf/live/$domains"
docker compose -f "docker-compose.yml" -f "docker-compose.nginx.yml" -f "docker-compose.nginx.prod.yml" run --rm --entrypoint "\
openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 1\
-keyout '$path/privkey.pem' \
-out '$path/fullchain.pem' \
-subj '/CN=localhost'" certbot
echo
echo "### Starting nginx ..."
docker compose -f "docker-compose.yml" -f "docker-compose.nginx.yml" -f "docker-compose.nginx.prod.yml" up --force-recreate -d nginx
echo
echo "### Deleting dummy certificate for $domains ..."
docker compose -f "docker-compose.yml" -f "docker-compose.nginx.yml" -f "docker-compose.nginx.prod.yml" run --rm --entrypoint "\
rm -Rf /etc/letsencrypt/live/$domains && \
rm -Rf /etc/letsencrypt/archive/$domains && \
rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
echo
echo "### Requesting Let's Encrypt certificate for $domains ..."
#Join $domains to -d args
domain_args=""
for domain in "${domains[@]}"; do
domain_args="$domain_args -d $domain"
done
# Select appropriate email arg
case "$email" in
"") email_arg="--register-unsafely-without-email" ;;
*) email_arg="--email $email" ;;
esac
# Enable staging mode if needed
if [ $staging != "0" ]; then staging_arg="--staging"; fi
docker compose -f "docker-compose.yml" -f "docker-compose.nginx.yml" -f "docker-compose.nginx.prod.yml" run --rm --entrypoint "\
certbot certonly --webroot -w /var/www/certbot \
$staging_arg \
$email_arg \
$domain_args \
--rsa-key-size $rsa_key_size \
--agree-tos \
--force-renewal" certbot
echo
#echo "### Reloading nginx ..."
docker compose -f "docker-compose.yml" -f "docker-compose.nginx.yml" -f "docker-compose.nginx.prod.yml" exec nginx nginx -s reload

74
docker/nginx/secure/default.conf Normal file
View File

@@ -0,0 +1,74 @@
server {
listen 80;
server_name demo.hexabot.io;
location / {
return 301 https://$host$request_uri;
}
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
server {
listen 443 ssl;
server_name demo.hexabot.io;
server_tokens off;
client_max_body_size 20M;
ssl_certificate /etc/letsencrypt/live/demo.hexabot.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/demo.hexabot.io/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://frontend:8080;
}
location /api/ {
rewrite ^/api/?(.*)$ /$1 break;
proxy_pass http://api:3000;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-NginX-Proxy false;
proxy_pass_request_headers on;
}
location /widget/ {
rewrite ^/widget/?(.*)$ /$1 break;
proxy_pass http://widget:5173;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
}
location ~* \.io {
rewrite ^/api/?(.*)$ /$1 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy false;
proxy_pass http://api:3000;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

20
docker/nginx/secure/fastcgi.conf Normal file
View File

@@ -0,0 +1,20 @@
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_index index.php;

139
docker/nginx/secure/mime.types Normal file
View File

@@ -0,0 +1,139 @@
types {
# Data interchange
application/atom+xml atom;
application/json json map topojson;
application/ld+json jsonld;
application/rss+xml rss;
# Normalize to standard type.
# https://tools.ietf.org/html/rfc7946#section-12
application/geo+json geojson;
application/xml xml;
# Normalize to standard type.
# https://tools.ietf.org/html/rfc3870#section-2
application/rdf+xml rdf;
# JavaScript
# Servers should use text/javascript for JavaScript resources.
# https://html.spec.whatwg.org/multipage/scripting.html#scriptingLanguages
text/javascript js mjs;
application/wasm wasm;
# Manifest files
application/manifest+json webmanifest;
application/x-web-app-manifest+json webapp;
text/cache-manifest appcache;
# Media files
audio/midi mid midi kar;
audio/mp4 aac f4a f4b m4a;
audio/mpeg mp3;
audio/ogg oga ogg opus;
audio/x-realaudio ra;
audio/x-wav wav;
image/apng apng;
image/avif avif avifs;
image/bmp bmp;
image/gif gif;
image/jpeg jpeg jpg;
image/jxl jxl;
image/jxr jxr hdp wdp;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-jng jng;
video/3gpp 3gp 3gpp;
video/mp4 f4p f4v m4v mp4;
video/mpeg mpeg mpg;
video/ogg ogv;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-mng mng;
video/x-ms-asf asf asx;
video/x-msvideo avi;
# Serving `.ico` image files with a different media type
# prevents Internet Explorer from displaying then as images:
# https://github.com/h5bp/html5-boilerplate/commit/37b5fec090d00f38de64b591bcddcb205aadf8ee
image/x-icon cur ico;
# Microsoft Office
application/msword doc;
application/vnd.ms-excel xls;
application/vnd.ms-powerpoint ppt;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
# Web fonts
font/woff woff;
font/woff2 woff2;
application/vnd.ms-fontobject eot;
font/ttf ttf;
font/collection ttc;
font/otf otf;
# Other
application/java-archive ear jar war;
application/mac-binhex40 hqx;
application/octet-stream bin deb dll dmg exe img iso msi msm msp safariextz;
application/pdf pdf;
application/postscript ai eps ps;
application/rtf rtf;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-bb-appworld bbaw;
application/x-bittorrent torrent;
application/x-chrome-extension crx;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-opera-extension oex;
application/x-perl pl pm;
application/x-pilot pdb prc;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert crt der pem;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xslt+xml xsl;
application/zip zip;
text/calendar ics;
text/css css;
text/csv csv;
text/html htm html shtml;
text/markdown md markdown;
text/mathml mml;
text/plain txt;
text/vcard vcard vcf;
text/vnd.rim.location.xloc xloc;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/vtt vtt;
text/x-component htc;
}

39
docker/nginx/secure/nginx.conf Normal file
View File

@@ -0,0 +1,39 @@
worker_processes 1;
user root;
error_log /dev/stdout info;
events {
worker_connections 1024;
}
http {
############# NGINX conf
include /etc/nginx/mime.types;
include /etc/nginx/fastcgi.conf;
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=7d use_temp_path=off;
error_log /dev/stdout info;
sendfile on;
tcp_nopush on;
server_names_hash_bucket_size 128;
############## Let NGINX see client real IPs
real_ip_header X-Forwarded-For;
############## NGINX security
client_body_buffer_size 10K;
client_body_timeout 12;
client_header_buffer_size 1k;
client_header_timeout 12;
client_max_body_size 8M;
keepalive_timeout 15;
large_client_header_buffers 4 8k;
proxy_hide_header X-Powered-By;
send_timeout 10;
server_tokens off;
############# Custom conf
include /etc/nginx/default.conf;
}

58
docker/nginx/unsecure/default.conf Normal file
View File

@@ -0,0 +1,58 @@
server {
listen 80;
server_name localhost;
server_tokens off;
client_max_body_size 20M;
location / {
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://frontend:8080;
}
location /api/ {
rewrite ^/api/?(.*)$ /$1 break;
proxy_pass http://api:3000;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-NginX-Proxy false;
proxy_pass_request_headers on;
}
location /widget/ {
rewrite ^/widget/?(.*)$ /$1 break;
proxy_pass http://widget:5173;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
}
location ~* \.io {
rewrite ^/api/?(.*)$ /$1 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy false;
proxy_pass http://api:3000;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

20
docker/nginx/unsecure/fastcgi.conf Normal file
View File

@@ -0,0 +1,20 @@
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_index index.php;

139
docker/nginx/unsecure/mime.types Normal file
View File

@@ -0,0 +1,139 @@
types {
# Data interchange
application/atom+xml atom;
application/json json map topojson;
application/ld+json jsonld;
application/rss+xml rss;
# Normalize to standard type.
# https://tools.ietf.org/html/rfc7946#section-12
application/geo+json geojson;
application/xml xml;
# Normalize to standard type.
# https://tools.ietf.org/html/rfc3870#section-2
application/rdf+xml rdf;
# JavaScript
# Servers should use text/javascript for JavaScript resources.
# https://html.spec.whatwg.org/multipage/scripting.html#scriptingLanguages
text/javascript js mjs;
application/wasm wasm;
# Manifest files
application/manifest+json webmanifest;
application/x-web-app-manifest+json webapp;
text/cache-manifest appcache;
# Media files
audio/midi mid midi kar;
audio/mp4 aac f4a f4b m4a;
audio/mpeg mp3;
audio/ogg oga ogg opus;
audio/x-realaudio ra;
audio/x-wav wav;
image/apng apng;
image/avif avif avifs;
image/bmp bmp;
image/gif gif;
image/jpeg jpeg jpg;
image/jxl jxl;
image/jxr jxr hdp wdp;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-jng jng;
video/3gpp 3gp 3gpp;
video/mp4 f4p f4v m4v mp4;
video/mpeg mpeg mpg;
video/ogg ogv;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-mng mng;
video/x-ms-asf asf asx;
video/x-msvideo avi;
# Serving `.ico` image files with a different media type
# prevents Internet Explorer from displaying then as images:
# https://github.com/h5bp/html5-boilerplate/commit/37b5fec090d00f38de64b591bcddcb205aadf8ee
image/x-icon cur ico;
# Microsoft Office
application/msword doc;
application/vnd.ms-excel xls;
application/vnd.ms-powerpoint ppt;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
# Web fonts
font/woff woff;
font/woff2 woff2;
application/vnd.ms-fontobject eot;
font/ttf ttf;
font/collection ttc;
font/otf otf;
# Other
application/java-archive ear jar war;
application/mac-binhex40 hqx;
application/octet-stream bin deb dll dmg exe img iso msi msm msp safariextz;
application/pdf pdf;
application/postscript ai eps ps;
application/rtf rtf;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-bb-appworld bbaw;
application/x-bittorrent torrent;
application/x-chrome-extension crx;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-opera-extension oex;
application/x-perl pl pm;
application/x-pilot pdb prc;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert crt der pem;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xslt+xml xsl;
application/zip zip;
text/calendar ics;
text/css css;
text/csv csv;
text/html htm html shtml;
text/markdown md markdown;
text/mathml mml;
text/plain txt;
text/vcard vcard vcf;
text/vnd.rim.location.xloc xloc;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/vtt vtt;
text/x-component htc;
}

39
docker/nginx/unsecure/nginx.conf Normal file
View File

@@ -0,0 +1,39 @@
worker_processes 1;
user root;
error_log /dev/stdout info;
events {
worker_connections 1024;
}
http {
############# NGINX conf
include /etc/nginx/mime.types;
include /etc/nginx/fastcgi.conf;
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=7d use_temp_path=off;
error_log /dev/stdout info;
sendfile on;
tcp_nopush on;
server_names_hash_bucket_size 128;
############## Let NGINX see client real IPs
real_ip_header X-Forwarded-For;
############## NGINX security
client_body_buffer_size 10K;
client_body_timeout 12;
client_header_buffer_size 1k;
client_header_timeout 12;
client_max_body_size 8M;
keepalive_timeout 15;
large_client_header_buffers 4 8k;
proxy_hide_header X-Powered-By;
send_timeout 10;
server_tokens off;
############# Custom conf
include /etc/nginx/default.conf;
}