lauri
/
certidude
mirror of https://github.com/laurivosandi/certidude
1
0
Fork 0
Code Issues Activity
certidude/certidude/templates/server/nginx.conf

78 lines
2.0 KiB
Nginx Configuration File
Raw Blame History

# To set up SSL certificates using Let's Encrypt run:
#
# apt install letsencrypt
# certbot certonly -d {{common_name}} --webroot /var/www/html/
#
# Also uncomment URL rewriting and SSL configuration below
server {
server_name {{ common_name }};
listen 80 default_server;
# rewrite ^ https://$server_name$request_uri? permanent;
#}
#server {
# server_name {{ common_name }};
# listen 443 ssl http2 default_server;
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
# ssl_certificate /etc/letsencrypt/live/{{common_name}}/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/{{common_name}}/privkey.pem;
error_page 500 502 503 504 /50x.html;
root {{static_path}};
location /api/ {
proxy_pass http://127.0.1.1{% if port != 80 %}:{{ port }}{% endif %}/api/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
}
# This is for Let's Encrypt
location /.well-known/ {
alias /var/www/html/.well-known/;
}
{% if not push_server %}
# This only works with nchan, for Debian 9 just apt install libnginx-mod-nchan
# For Ubuntu and older Debian releases install nchan from https://nchan.io/
location ~ "^/lp/sub/(.*)" {
nchan_channel_id $1;
nchan_subscriber longpoll;
}
location ~ "^/ev/sub/(.*)" {
nchan_channel_id $1;
nchan_subscriber eventsource;
}
{% endif %}
}
{% if not push_server %}
server {
# Allow publishing only from localhost to prevent abuse
server_name localhost;
listen 127.0.0.1:80;
location ~ "^/lp/pub/(.*)" {
nchan_publisher;
nchan_channel_id $1;
nchan_message_buffer_length 0;
}
location ~ "^/ev/pub/(.*)" {
nchan_publisher;
nchan_channel_id $1;
nchan_message_buffer_length 0;
}
}
{% endif %}
Reference in New Issue View Git Blame Copy Permalink