tomaskrejcicom_web_ghost/ghost_nginx_config
2023-07-19 22:10:07 +02:00

86 lines
2.2 KiB
Plaintext

# map of content type -> expires header
map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript max;
~image/ max;
}
# listen for BS traffic on 80 that lacks a hostname, and just serve
# the "welcome to NGINX" page
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /user/share/nginx/html;
}
# listen on 80, and 301 all traffic to https
# allow .well-known on 80 though, for Let's Encrypt checks
server {
listen [::]:80;
listen 80;
server_name tomaskrejci.com www.tomaskrejci.com;
root /var/www/ghost/;
location ~ /.well-known {
allow all;
break;
}
location / {
return 301 https://tomaskrejci.com$request_uri;
}
}
# listen on 443, and forward all www traffic to non-www
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name www.tomaskrejci.com;
location / {
return 301 https://tomaskrejci.com$request_uri;
}
}
# what we're actually listening on
server {
# allow ssl and http2 traffic
listen [::]:443 ssl http2 default_server;
listen 443 ssl http2 default_server;
# our server name is our hostname
server_name tomaskrejci.com;
# point at our SSL certificates
ssl_certificate /etc/letsencrypt/live/tomaskrejci.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tomaskrejci.com/privkey.pem;
# setup our access and error logs
access_log /var/log/nginx/tomaskrejci.com.access.log;
error_log /var/log/nginx/tomaskrejci.com.error.log;
# add expires headers for static content
expires $expires;
# proxy all of our traffic to Ghost
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:2368;
proxy_redirect off;
}
# allow Let's Encrypt checks on .well-known without proxying
location ~ /.well-known {
allow all;
}
}