-
Notifications
You must be signed in to change notification settings - Fork 48
/
Copy pathexample-nginx.conf
113 lines (88 loc) · 3.46 KB
/
example-nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
# HTTPS server for api.colivara.com
server {
server_name api.colivara.com;
client_max_body_size 50M;
location / {
proxy_pass http://localhost:8001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
send_timeout 300s;
proxy_max_temp_file_size 4096m;
proxy_buffer_size 512k;
proxy_buffers 16 512k;
proxy_busy_buffers_size 512k;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/api.colivara.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.colivara.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
# HTTP redirect for api.colivara.com
server {
server_name api.colivara.com;
listen 80;
return 301 https://$host$request_uri;
}
# HTTP server for colivara.com and www.colivara.com
server {
server_name colivara.com www.colivara.com;
client_max_body_size 50M;
location / {
proxy_pass http://localhost:8001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
send_timeout 300s;
proxy_max_temp_file_size 4096m;
proxy_buffer_size 512k;
proxy_buffers 16 512k;
proxy_busy_buffers_size 512k;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/colivara.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/colivara.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.colivara.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = colivara.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name colivara.com www.colivara.com;
listen 80;
return 404; # managed by Certbot
}}
# sudo certbot --nginx -d api.colivara.com -d colivara.com -d www.colivara.com to get ssl certificate (It will modify the nginx configuration file automatically)