mirror of
https://github.com/laurivosandi/certidude
synced 2024-09-27 20:48:11 +00:00
78 lines
2.0 KiB
Nginx Configuration File
78 lines
2.0 KiB
Nginx Configuration File
# To set up SSL certificates using Let's Encrypt run:
|
|
#
|
|
# apt install letsencrypt
|
|
# certbot certonly -d {{common_name}} --webroot /var/www/html/
|
|
#
|
|
# Also uncomment URL rewriting and SSL configuration below
|
|
|
|
server {
|
|
server_name {{ common_name }};
|
|
listen 80 default_server;
|
|
# rewrite ^ https://$server_name$request_uri? permanent;
|
|
#}
|
|
|
|
#server {
|
|
# server_name {{ common_name }};
|
|
# listen 443 ssl http2 default_server;
|
|
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
|
# ssl_certificate /etc/letsencrypt/live/{{common_name}}/fullchain.pem;
|
|
# ssl_certificate_key /etc/letsencrypt/live/{{common_name}}/privkey.pem;
|
|
|
|
error_page 500 502 503 504 /50x.html;
|
|
|
|
root {{static_path}};
|
|
|
|
location /api/ {
|
|
proxy_pass http://127.0.0.1{% if port != 80 %}:{{ port }}{% endif %}/api/;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_connect_timeout 600;
|
|
proxy_send_timeout 600;
|
|
proxy_read_timeout 600;
|
|
send_timeout 600;
|
|
}
|
|
|
|
# This is for Let's Encrypt
|
|
location /.well-known/ {
|
|
alias /var/www/html/.well-known/;
|
|
}
|
|
|
|
|
|
{% if not push_server %}
|
|
# This only works with nchan, for Debian 9 just apt install libnginx-mod-nchan
|
|
# For Ubuntu and older Debian releases install nchan from https://nchan.io/
|
|
|
|
location ~ "^/lp/sub/(.*)" {
|
|
nchan_channel_id $1;
|
|
nchan_subscriber longpoll;
|
|
}
|
|
|
|
location ~ "^/ev/sub/(.*)" {
|
|
nchan_channel_id $1;
|
|
nchan_subscriber eventsource;
|
|
}
|
|
{% endif %}
|
|
|
|
}
|
|
|
|
{% if not push_server %}
|
|
server {
|
|
# Allow publishing only from localhost to prevent abuse
|
|
server_name localhost;
|
|
listen 127.0.0.1:80;
|
|
|
|
location ~ "^/lp/pub/(.*)" {
|
|
nchan_publisher;
|
|
nchan_channel_id $1;
|
|
nchan_message_buffer_length 0;
|
|
}
|
|
|
|
location ~ "^/ev/pub/(.*)" {
|
|
nchan_publisher;
|
|
nchan_channel_id $1;
|
|
nchan_message_buffer_length 0;
|
|
}
|
|
}
|
|
{% endif %}
|
|
|