diff --git a/volumes/conf.d/etherpad.zinomedia.de.conf b/volumes/conf.d/etherpad.zinomedia.de.conf index 729c194..54e4605 100644 --- a/volumes/conf.d/etherpad.zinomedia.de.conf +++ b/volumes/conf.d/etherpad.zinomedia.de.conf @@ -8,78 +8,60 @@ server { listen [::]:443 ssl http2; server_name etherpad.zinomedia.de; - # TLS (yours) ssl_certificate /etc/letsencrypt/live/etherpad.zinomedia.de/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/etherpad.zinomedia.de/privkey.pem; - # Optional basic auth + # optional basic auth auth_basic "Protected"; auth_basic_user_file /usr/share/nginx/html/etherpad.zinomedia.de/.htpasswd; - # Docker DNS for container name resolution - resolver 127.0.0.11 valid=30s ipv6=off; - - # 1) Pass-through for static, admin, socket.io, etc. (no friendly rewrite) + # ---- Allow normal files to pass through (exactly like wiki) ---- location ~ ^/(locales/|locales\.json|admin/|static/|pluginfw/|javascripts/|socket\.io/|ep/|minified/|api/|ro/|error/|jserror/|favicon\.ico|robots\.txt|.*\.js)$ { - set $upstream "http://etherpad:9001"; - proxy_pass $upstream; + proxy_pass http://etherpad:9001; proxy_buffering off; - proxy_http_version 1.1; proxy_set_header Host $host; + proxy_pass_header Server; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Upgrade $http_upgrade; # websockets - proxy_set_header Connection $connection_upgrade; - proxy_pass_header Server; } - # 2) /p/... -> internally rewrite to /..., then proxy (NO redirect!) + # ---- Redirect /p/* to the friendly version / (client-side 301; per wiki) ---- location /p/ { - rewrite ^/p/(.*)$ /$1 break; - set $upstream "http://etherpad:9001"; - proxy_pass $upstream; + rewrite ^/p/(.*) /$1 redirect; + } + + # ---- Home page ---- + location ~ ^/$ { + proxy_pass http://etherpad:9001; proxy_buffering off; - proxy_http_version 1.1; proxy_set_header Host $host; + proxy_pass_header Server; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_pass_header Server; } - # 3) Home page - location = / { - set $upstream "http://etherpad:9001"; - proxy_pass $upstream; - proxy_buffering off; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_pass_header Server; - } - - # 4) Everything else (pad URLs): keep browser at /, but let upstream redirect to /p/ + # ---- Handle pad URLs (the trick) ---- + # Upstream redirects to /p/; we rewrite that back to / for the browser. location / { - # Important: map upstream Location: /p/... --> client sees / - proxy_redirect /p/ /; - set $upstream "http://etherpad:9001"; - proxy_pass $upstream; + proxy_redirect / /p/; + proxy_pass http://etherpad:9001; proxy_buffering off; - proxy_http_version 1.1; proxy_set_header Host $host; + proxy_pass_header Server; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_pass_header Server; } }