mirror of
https://framagit.org/les/gancio.git
synced 2025-02-01 00:52:01 +01:00
Update nginx.md
This commit is contained in:
Aeron R
parent
f68e4952c9
commit
5bef73fbda
1 changed files with 3 additions and 45 deletions
|
|
@ -8,10 +8,7 @@ parent: Install
|
|||
|
||||
|
||||
## Nginx proxy configuration
|
||||
This is the default nginx configuration for gancio, please modify at least the **server_name** and **ssl_certificate**'s path.
|
||||
Note that this does not include a cache configuration and that gancio does
|
||||
not use a cache control at all, if you can help with this task you're
|
||||
welcome.
|
||||
This is the default nginx configuration for gancio, please modify at least «YOUR_DOMAIN». Note that it does not include HTTPS setup but you can easily use [certbot](https://certbot.eff.org/) for that.
|
||||
|
||||
- __You should be in the correct directory__
|
||||
`/etc/nginx/sites-available`
|
||||
|
|
@ -20,62 +17,23 @@ welcome.
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name gancio.cisti.org;
|
||||
root /var/www/letsencrypt;
|
||||
location /.well-known/acme-challenge/ { allow all; }
|
||||
location / { return 301 https://$host$request_uri; }
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name gancio.cisti.org;
|
||||
|
||||
ssl_protocols TLSv1.2;
|
||||
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
|
||||
# Uncomment these lines once you acquire a certificate:
|
||||
# ssl_certificate /etc/letsencrypt/live/gancio.cisti.org/fullchain.pem;
|
||||
# ssl_certificate_key /etc/letsencrypt/live/gancio.cisti.org/privkey.pem;
|
||||
server_name <<YOUR_DOMAIN>>;
|
||||
|
||||
keepalive_timeout 70;
|
||||
sendfile on;
|
||||
client_max_body_size 80m;
|
||||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_buffers 16 8k;
|
||||
gzip_http_version 1.1;
|
||||
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000";
|
||||
|
||||
location / {
|
||||
try_files $uri @proxy;
|
||||
}
|
||||
|
||||
location @proxy {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header Proxy "";
|
||||
proxy_pass_header Server;
|
||||
|
||||
proxy_pass http://127.0.0.1:13120;
|
||||
proxy_buffering on;
|
||||
proxy_redirect off;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
tcp_nodelay on;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
```
|
||||
|
||||
- __Following this, you should create a link to the file in sites-enabled:__
|
||||
|
|
|
|||
Loading…
Reference in a new issue