Re-comment nginx config

I thought this didn't need to be commented out but it does (if it isn't,
it tried to load the cert, which doesn't yet exist)
This commit is contained in:
Mouse Reeve 2023-01-11 16:56:31 -08:00
parent b89060d5fc
commit 8fa8d433aa

View file

@ -20,95 +20,95 @@ server {
} }
server { # server {
access_log /var/log/nginx/access.log cache_log; # access_log /var/log/nginx/access.log cache_log;
#
listen [::]:443 ssl http2; # listen [::]:443 ssl http2;
listen 443 ssl http2; # listen 443 ssl http2;
#
server_name your-domain.com; # server_name your-domain.com;
#
client_max_body_size 3M; # client_max_body_size 3M;
#
if ($host != "your-domain.com") { # if ($host != "your-domain.com") {
return 301 $scheme://your-domain.com$request_uri; # return 301 $scheme://your-domain.com$request_uri;
} # }
#
# SSL code # # SSL code
ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem; # ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem; # ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem;
#
location ~ /.well-known/acme-challenge { # location ~ /.well-known/acme-challenge {
allow all; # allow all;
root /var/www/certbot; # root /var/www/certbot;
} # }
#
sendfile on; # sendfile on;
tcp_nopush on; # tcp_nopush on;
tcp_nodelay on; # tcp_nodelay on;
keepalive_timeout 65; # keepalive_timeout 65;
types_hash_max_size 2048; # types_hash_max_size 2048;
#include /etc/nginx/mime.types; # #include /etc/nginx/mime.types;
#default_type application/octet-stream; # #default_type application/octet-stream;
#
gzip on; # gzip on;
gzip_disable "msie6"; # gzip_disable "msie6";
#
proxy_read_timeout 1800s; # proxy_read_timeout 1800s;
chunked_transfer_encoding on; # chunked_transfer_encoding on;
#
# store responses to anonymous users for up to 1 minute # # store responses to anonymous users for up to 1 minute
proxy_cache bookwyrm_cache; # proxy_cache bookwyrm_cache;
proxy_cache_valid any 1m; # proxy_cache_valid any 1m;
add_header X-Cache-Status $upstream_cache_status; # add_header X-Cache-Status $upstream_cache_status;
#
# ignore the set cookie header when deciding to # # ignore the set cookie header when deciding to
# store a response in the cache # # store a response in the cache
proxy_ignore_headers Cache-Control Set-Cookie Expires; # proxy_ignore_headers Cache-Control Set-Cookie Expires;
#
# PUT requests always bypass the cache # # PUT requests always bypass the cache
# logged in sessions also do not populate the cache # # logged in sessions also do not populate the cache
# to avoid serving personal data to anonymous users # # to avoid serving personal data to anonymous users
proxy_cache_methods GET HEAD; # proxy_cache_methods GET HEAD;
proxy_no_cache $cookie_sessionid; # proxy_no_cache $cookie_sessionid;
proxy_cache_bypass $cookie_sessionid; # proxy_cache_bypass $cookie_sessionid;
#
# tell the web container the address of the outside client # # tell the web container the address of the outside client
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host; # proxy_set_header Host $host;
proxy_redirect off; # proxy_redirect off;
#
location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) { # location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) {
limit_req zone=loginlimit; # limit_req zone=loginlimit;
proxy_pass http://web; # proxy_pass http://web;
} # }
#
# do not log periodic polling requests from logged in users # # do not log periodic polling requests from logged in users
location /api/updates/ { # location /api/updates/ {
access_log off; # access_log off;
proxy_pass http://web; # proxy_pass http://web;
} # }
#
location / { # location / {
proxy_pass http://web; # proxy_pass http://web;
} # }
#
# directly serve images and static files from the # # directly serve images and static files from the
# bookwyrm filesystem using sendfile. # # bookwyrm filesystem using sendfile.
# make the logs quieter by not reporting these requests # # make the logs quieter by not reporting these requests
location ~ ^/(images|static)/ { # location ~ ^/(images|static)/ {
root /app; # root /app;
try_files $uri =404; # try_files $uri =404;
add_header X-Cache-Status STATIC; # add_header X-Cache-Status STATIC;
access_log off; # access_log off;
} # }
#
# monitor the celery queues with flower, no caching enabled # # monitor the celery queues with flower, no caching enabled
location /flower/ { # location /flower/ {
proxy_pass http://flower:8888; # proxy_pass http://flower:8888;
proxy_cache_bypass 1; # proxy_cache_bypass 1;
} # }
} # }
# Reverse-Proxy server # Reverse-Proxy server
# server { # server {