Setting up a Reverse Proxy for Divio vanity media domains

There is some official documentation available at https://docs.divio.com/en/latest/how-to/configure-media-custom-domain/ – follow those steps. Then you can change the template project as follows:

Create a default.conf file in the root of the media proxy project and copy and paste the below, replace the divio project name:


#
# Test this config like this: nginx -t -c /etc/nginx/nginx.conf
#


# Production
server {
    # divio sends all traffic to port 80 as HTTPS is terminated already at the load balancer
    listen 80;

    server_name media.yourdomain.com

    client_max_body_size 20M;

    if ($http_x_forwarded_proto != 'https') {
        return 301 https://$host$request_uri;
    }

    location / {
      # for use with ssh port forwarding on the web proxy

      proxy_pass https://your-divio-project-name-live-e351eea52c934521360-55514a4.divio-media.com;
      # for use with ssh port forwarding
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_connect_timeout 5s;
    }

}

# Testing
# this runs on media-files-reverse-proxy-stage.eu.aldryn.io

# locally, test this with curl -H "X-Forwarded-Proto: https" http://0.0.0.0:8090/file...

server {
    # divio sends all traffic to port 80 as HTTPS is terminated already at the load balancer
    listen 80 default_server;

    # catch all including local test and dev env
    server_name _ ~^(.+)$ 0.0.0.0 127.0.0.1;

    client_max_body_size 20M;

    if ($http_x_forwarded_proto != 'https') {
        return 301 https://$host$request_uri;
    }

    location / {

      proxy_ssl_protocols TLSv1.2;
      proxy_ssl_server_name on;  # prevent SSL_do_handshake() failed
      proxy_ssl_name your-divio-project-name-test-0a3745d722ae42f1a12-07e2f6f.divio-media.com;

      proxy_pass https://your-divio-project-name-test-0a3745d722ae42f1a12-07e2f6f.divio-media.com;

      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host your-divio-project-name-test-0a3745d722ae42f1a12-07e2f6f.divio-media.com;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

      proxy_connect_timeout 5s;
    }

    # Character set
    charset utf-8;

    # Logging
    access_log /var/log/nginx/access-default-site.log;
    error_log /var/log/nginx/error-default-site.log error;

}

Add the following to your Dockerfile:

COPY default.conf /etc/nginx/conf.d/default.conf

Deploy this and check if it works. You can get the DSN by logging into your main project via SSH and then execute echo $DEFAULT_STORAGE_DSN , then take that value, update the domain value and add the new DSN to the divio env vars.