NoLog.cz/gancio-upstream
6
0
Fork 0
mirror of https://framagit.org/les/gancio.git synced 2025-02-01 00:52:01 +01:00
Code Issues Projects Releases Packages Wiki Activity

Update nginx.md

Browse source
This commit is contained in:
Aeron R 2021-07-08 16:04:05 +00:00
parent f68e4952c9
commit 5bef73fbda
1 changed files with 3 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
docs/install/nginx.md
View file

@ -8,10 +8,7 @@ parent: Install
## Nginx proxy configuration ## Nginx proxy configuration
This is the default nginx configuration for gancio, please modify at least the **server_name** and **ssl_certificate**'s path. This is the default nginx configuration for gancio, please modify at least «YOUR_DOMAIN». Note that it does not include HTTPS setup but you can easily use [certbot](https://certbot.eff.org/) for that.
Note that this does not include a cache configuration and that gancio does
not use a cache control at all, if you can help with this task you're
welcome.
- __You should be in the correct directory__ - __You should be in the correct directory__
`/etc/nginx/sites-available` `/etc/nginx/sites-available`
@ -20,62 +17,23 @@ welcome.
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name gancio.cisti.org; server_name <<YOUR_DOMAIN>>;
root /var/www/letsencrypt;
location /.well-known/acme-challenge/ { allow all; }
location / { return 301 https://$host$request_uri; }
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name gancio.cisti.org;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
# Uncomment these lines once you acquire a certificate:
# ssl_certificate /etc/letsencrypt/live/gancio.cisti.org/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/gancio.cisti.org/privkey.pem;
keepalive_timeout 70; keepalive_timeout 70;
sendfile on; sendfile on;
client_max_body_size 80m; client_max_body_size 80m;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
add_header Strict-Transport-Security "max-age=31536000";
location / { location / {
try_files $uri @proxy; try_files $uri @proxy;
} }
location @proxy { location @proxy {
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://127.0.0.1:13120; proxy_pass http://127.0.0.1:13120;
proxy_buffering on;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
tcp_nodelay on;
} }
} }
``` ```
- __Following this, you should create a link to the file in sites-enabled:__ - __Following this, you should create a link to the file in sites-enabled:__