nginx.conf

user nginx;
worker_processes auto;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    sendfile on;
    keepalive_timeout 65;

    # Logging
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    # Upstream configurations with health checks
    upstream minio {
        server minio:9000;
        health_check interval=10s fails=3 passes=2;
    }

    upstream minio_console {
        server minio:9001;
        health_check interval=10s fails=3 passes=2;
    }

    # Server block for bucket access
    server {
        listen 80;
        server_name ~^(?<bucket>.+)\.cdaprod\.dev$;

        # Redirect to HTTPS
        location / {
            return 301 https://$host$request_uri;
        }
    }

    server {
        listen 443 ssl;
        server_name ~^(?<bucket>.+)\.cdaprod\.dev$;

        ssl_certificate /etc/ssl/certs/$SSL_CERTIFICATE;
        ssl_certificate_key /etc/ssl/private/$SSL_CERTIFICATE_KEY;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers HIGH:!aNULL:!MD5;

        location / {
            proxy_set_header Host $host;
            proxy_pass http://minio;
        }
    }

    # Server block for MinIO console access
    server {
        listen 80;
        server_name cda-minio.cdaprod.dev;

        # Redirect to HTTPS
        location / {
            return 301 https://$host$request_uri;
        }
    }

    server {
        listen 443 ssl;
        server_name cda-minio.cdaprod.dev;

        ssl_certificate /etc/ssl/certs/$SSL_CERTIFICATE;
        ssl_certificate_key /etc/ssl/private/$SSL_CERTIFICATE_KEY;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers HIGH:!aNULL:!MD5;

        location / {
            proxy_set_header Host $host;
            proxy_pass http://minio_console;
        }
    }
}