robotsandcake · March 23, 2014 14:58
diff --git a/nginx.conf b/nginx.conf
 # This is not a complete Nginx configuration! It only shows the relevant parts for integrating Diaspora.
 # [...]

 http {

 # Your standard server configuration goes here

 # [...]

 # This vhost just redirects to HTTPS

 server {
   # If your host is not IPv6 ready use listen 80; here.
   # Add ipv6only=off to your listen directive that has default_server.
   # Or this one if this is your only vhost. Do not add it to both!
   listen [::]:80;

   server_name diaspora.example.org;
   rewrite ^/(.*) https://diaspora.example.org/$1 permanent;
  }

  # Actual proxy

  server {
    listen [::]:443 ssl spdy; # Same rules as for listen [::]:80 apply.
    server_name diaspora.example.org;
    root /path/to/diaspora/public;

    # Configure maximum picture size
    # Note that Diaspora has a client side check set at 4M
    client_max_body_size 5M;

    # SSL setup

    # For Nginx < 0.7.14
    #ssl on;

    # This file should also include any necessary intermediate certificates
    # For example for StartSSL that would be http://www.startssl.com/certs/sub.class1.server.ca.pem
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private_key.key;

    # Taken from https://wiki.mozilla.org/Security/Server_Side_TLS
    # You might want to make these global

    # generate with openssl dhparam 2048 > /path/to/dhparam.pem
    ssl_dhparam /path/to/dhparam.pem;

    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
    ssl_session_timeout 5m;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:50m;

    # Proxy if requested file not found
    try_files $uri @diaspora;

    location @diaspora {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header Host $http_host;
      proxy_redirect off;

      proxy_pass http://diaspora_server;
    }
  }

  # Proxy destination
  # Add as many server directives as you want
  # Also takes a socket, like unix:/path/to/some/socket.sock
  upstream diaspora_server {
    server 127.0.0.1:3000;
  }
 }

 # [...]
	# This is not a complete Nginx configuration! It only shows the relevant parts for integrating Diaspora.
	# [...]

	http {

	# Your standard server configuration goes here

	# [...]

	# This vhost just redirects to HTTPS

	server {
	# If your host is not IPv6 ready use listen 80; here.
	# Add ipv6only=off to your listen directive that has default_server.
	# Or this one if this is your only vhost. Do not add it to both!
	listen [::]:80;

	server_name diaspora.example.org;
	rewrite ^/(.*) https://diaspora.example.org/$1 permanent;
	}

	# Actual proxy

	server {
	listen [::]:443 ssl spdy; # Same rules as for listen [::]:80 apply.
	server_name diaspora.example.org;
	root /path/to/diaspora/public;

	# Configure maximum picture size
	# Note that Diaspora has a client side check set at 4M
	client_max_body_size 5M;

	# SSL setup

	# For Nginx < 0.7.14
	#ssl on;

	# This file should also include any necessary intermediate certificates
	# For example for StartSSL that would be http://www.startssl.com/certs/sub.class1.server.ca.pem
	ssl_certificate /path/to/certificate.crt;
	ssl_certificate_key /path/to/private_key.key;

	# Taken from https://wiki.mozilla.org/Security/Server_Side_TLS
	# You might want to make these global

	# generate with openssl dhparam 2048 > /path/to/dhparam.pem
	ssl_dhparam /path/to/dhparam.pem;

	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
	ssl_session_timeout 5m;
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:50m;

	# Proxy if requested file not found
	try_files $uri @diaspora;

	location @diaspora {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto https;
	proxy_set_header Host $http_host;
	proxy_redirect off;

	proxy_pass http://diaspora_server;
	}
	}

	# Proxy destination
	# Add as many server directives as you want
	# Also takes a socket, like unix:/path/to/some/socket.sock
	upstream diaspora_server {
	server 127.0.0.1:3000;
	}
	}

	# [...]
No results found