Created
May 10, 2022 13:36
-
-
Save cjdelisle/fed33dbe1ad7f147e21a4f45060f0904 to your computer and use it in GitHub Desktop.
Nginx file for The Pkteerium - A Pleroma server which serves the frontend separately from the backend.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen [::]:80; | |
| listen 80; | |
| server_name pkteerium.xyz; | |
| error_log /var/log/nginx/pkteerium.error.log info; | |
| location / { | |
| rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https | |
| } | |
| # Enables or disables emitting nginx version on error pages and in the "Server" response header field. | |
| server_tokens off; | |
| location /.well-known/acme-challenge/ { | |
| alias /var/www/le_root/.well-known/acme-challenge/; | |
| } | |
| } | |
| # limit_req_zone $binary_remote_addr zone=ip:10m rate=2r/s; | |
| # limit_req_zone $binary_remote_addr zone=expensive:10m rate=12r/m; | |
| proxy_cache_path /var/cache/nginx_pkteerium2 levels=1:2 keys_zone=pkteerium:10m max_size=10g inactive=120m use_temp_path=off; | |
| server { | |
| listen 443 ssl http2; | |
| listen [::]:443 ssl http2; | |
| ssl_certificate /etc/nginx/certs/__TODO__.fullchain; # path to your cacert.pem | |
| ssl_certificate_key /etc/nginx/certs/__TODO__.key; # path to your privkey.pem | |
| ssl_dhparam /etc/nginx/dhparam.pem; | |
| ssl_protocols TLSv1.2; | |
| ssl_ciphers EECDH+AESGCM:EDH+AESGCM; | |
| ssl_ecdh_curve secp384r1; | |
| server_name pkteerium.xyz; | |
| server_tokens off; | |
| error_log /var/log/nginx/pkteerium.error.log info; | |
| access_log /var/log/nginx/pkteerium.access.log; | |
| location /.well-known/acme-challenge/ { | |
| alias /var/www/le_root/.well-known/acme-challenge/; | |
| } | |
| # Any route that doesn't have a file extension (e.g. /devices) | |
| location / { | |
| root /home/pkteerium/soapbox_prod; | |
| try_files $uri /index.html; | |
| } | |
| location /login { | |
| rewrite ^/login$ / permanent; | |
| } | |
| location ~ /(media|proxy) { | |
| proxy_pass http://[fcc3:4b28:e666:c318:2d4b:94ef:4d22:cc85]:4001; | |
| proxy_max_temp_file_size 0; | |
| proxy_cache pkteerium; | |
| proxy_cache_valid 200 30d; | |
| proxy_cache_lock on; | |
| } | |
| client_max_body_size 20M; | |
| location ~ ^/(activities|relay|schemas|pleroma|contexts|objects|internal|users|inbox|api|.well-known|nodeinfo|proxy|media|emoji|oauth|manifest.json) { | |
| proxy_pass http://[fcc3:4b28:e666:c318:2d4b:94ef:4d22:cc85]:4001; | |
| proxy_max_temp_file_size 0; | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "Upgrade"; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment