Created
September 4, 2023 21:54
-
-
Save cjdelisle/698ad3ccd560344e1e03c4dfe0a44741 to your computer and use it in GitHub Desktop.
Pkteerium nginx conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen [::]:80; | |
| listen 80; | |
| server_name pkteerium.xyz; | |
| error_log /var/log/nginx/pkteerium.error.log info; | |
| location / { | |
| rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https | |
| } | |
| # Enables or disables emitting nginx version on error pages and in the "Server" response header field. | |
| server_tokens off; | |
| location /.well-known/acme-challenge/ { | |
| alias /var/www/le_root/.well-known/acme-challenge/; | |
| } | |
| } | |
| # limit_req_zone $binary_remote_addr zone=ip:10m rate=2r/s; | |
| # limit_req_zone $binary_remote_addr zone=expensive:10m rate=12r/m; | |
| proxy_cache_path /var/cache/nginx_pkteerium2 levels=1:2 keys_zone=pkteerium:10m max_size=10g inactive=120m use_temp_path=off; | |
| server { | |
| listen 443 ssl http2; | |
| listen [::]:443 ssl http2; | |
| ssl_certificate /etc/nginx/certs/pkt.cash/pkt.cash.fullchain; # path to your cacert.pem | |
| ssl_certificate_key /etc/nginx/certs/pkt.cash/pkt.cash.key; # path to your privkey.pem | |
| ssl_dhparam /etc/nginx/dhparam.pem; | |
| ssl_protocols TLSv1.2; | |
| ssl_ciphers EECDH+AESGCM:EDH+AESGCM; | |
| ssl_ecdh_curve secp384r1; | |
| server_name pkteerium.xyz; | |
| server_tokens off; | |
| error_log /var/log/nginx/pkteerium.error.log info; | |
| access_log /var/log/nginx/pkteerium.access.log; | |
| location /.well-known/acme-challenge/ { | |
| alias /var/www/le_root/.well-known/acme-challenge/; | |
| } | |
| # Any route that doesn't have a file extension (e.g. /devices) | |
| location / { | |
| add_header Content-Security-Policy "script-src https://pkteerium.xyz"; | |
| root /home/pkteerium/soapbox_prod; | |
| try_files $uri /index.html; | |
| } | |
| location /login { | |
| rewrite ^/login$ / permanent; | |
| } | |
| location ~ /(media|proxy) { | |
| proxy_pass http://[fcc3:4b28:e666:c318:2d4b:94ef:4d22:cc85]:4001; | |
| proxy_max_temp_file_size 0; | |
| proxy_cache pkteerium; | |
| proxy_cache_valid 200 30d; | |
| proxy_cache_lock on; | |
| } | |
| client_max_body_size 20M; | |
| location ~ ^/(activities|relay|schemas|pleroma|contexts|objects|internal|users|inbox|api|.well-known|nodeinfo|proxy|media|emoji|oauth|manifest.json) { | |
| proxy_pass http://[fcc3:4b28:e666:c318:2d4b:94ef:4d22:cc85]:4001; | |
| proxy_max_temp_file_size 0; | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "Upgrade"; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment