add nginx config
This commit is contained in:
parent
ff70c41470
commit
89694f2047
85
ghost_nginx_config
Normal file
85
ghost_nginx_config
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
# map of content type -> expires header
|
||||||
|
map $sent_http_content_type $expires {
|
||||||
|
default off;
|
||||||
|
text/html epoch;
|
||||||
|
text/css max;
|
||||||
|
application/javascript max;
|
||||||
|
~image/ max;
|
||||||
|
}
|
||||||
|
|
||||||
|
# listen for BS traffic on 80 that lacks a hostname, and just serve
|
||||||
|
# the "welcome to NGINX" page
|
||||||
|
server {
|
||||||
|
listen 80 default_server;
|
||||||
|
listen [::]:80 default_server;
|
||||||
|
server_name _;
|
||||||
|
|
||||||
|
root /user/share/nginx/html;
|
||||||
|
}
|
||||||
|
|
||||||
|
# listen on 80, and 301 all traffic to https
|
||||||
|
# allow .well-known on 80 though, for Let's Encrypt checks
|
||||||
|
server {
|
||||||
|
listen [::]:80;
|
||||||
|
listen 80;
|
||||||
|
server_name tomaskrejci.com www.tomaskrejci.com;
|
||||||
|
|
||||||
|
root /var/www/ghost/;
|
||||||
|
location ~ /.well-known {
|
||||||
|
allow all;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 301 https://tomaskrejci.com$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# listen on 443, and forward all www traffic to non-www
|
||||||
|
server {
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
listen 443 ssl http2;
|
||||||
|
server_name www.tomaskrejci.com;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 301 https://tomaskrejci.com$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# what we're actually listening on
|
||||||
|
server {
|
||||||
|
|
||||||
|
# allow ssl and http2 traffic
|
||||||
|
listen [::]:443 ssl http2 default_server;
|
||||||
|
listen 443 ssl http2 default_server;
|
||||||
|
|
||||||
|
# our server name is our hostname
|
||||||
|
server_name tomaskrejci.com;
|
||||||
|
|
||||||
|
# point at our SSL certificates
|
||||||
|
ssl_certificate /etc/letsencrypt/live/tomaskrejci.com/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/tomaskrejci.com/privkey.pem;
|
||||||
|
|
||||||
|
# setup our access and error logs
|
||||||
|
access_log /var/log/nginx/tomaskrejci.com.access.log;
|
||||||
|
error_log /var/log/nginx/tomaskrejci.com.error.log;
|
||||||
|
|
||||||
|
# add expires headers for static content
|
||||||
|
expires $expires;
|
||||||
|
|
||||||
|
# proxy all of our traffic to Ghost
|
||||||
|
location / {
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header HOST $http_host;
|
||||||
|
proxy_set_header X-NginX-Proxy true;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
proxy_pass http://127.0.0.1:2368;
|
||||||
|
proxy_redirect off;
|
||||||
|
}
|
||||||
|
|
||||||
|
# allow Let's Encrypt checks on .well-known without proxying
|
||||||
|
location ~ /.well-known {
|
||||||
|
allow all;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user