mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-04-27 06:09:06 +00:00
Re-comment nginx config
I thought this didn't need to be commented out but it does (if it isn't, it tried to load the cert, which doesn't yet exist)
This commit is contained in:
Mouse Reeve
parent
b89060d5fc
commit
8fa8d433aa
178
nginx/production
178
nginx/production
|
|
@ -20,95 +20,95 @@ server {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
server {
|
# server {
|
||||||
access_log /var/log/nginx/access.log cache_log;
|
# access_log /var/log/nginx/access.log cache_log;
|
||||||
|
#
|
||||||
listen [::]:443 ssl http2;
|
# listen [::]:443 ssl http2;
|
||||||
listen 443 ssl http2;
|
# listen 443 ssl http2;
|
||||||
|
#
|
||||||
server_name your-domain.com;
|
# server_name your-domain.com;
|
||||||
|
#
|
||||||
client_max_body_size 3M;
|
# client_max_body_size 3M;
|
||||||
|
#
|
||||||
if ($host != "your-domain.com") {
|
# if ($host != "your-domain.com") {
|
||||||
return 301 $scheme://your-domain.com$request_uri;
|
# return 301 $scheme://your-domain.com$request_uri;
|
||||||
}
|
# }
|
||||||
|
#
|
||||||
# SSL code
|
# # SSL code
|
||||||
ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem;
|
# ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem;
|
||||||
ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem;
|
# ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem;
|
||||||
|
#
|
||||||
location ~ /.well-known/acme-challenge {
|
# location ~ /.well-known/acme-challenge {
|
||||||
allow all;
|
# allow all;
|
||||||
root /var/www/certbot;
|
# root /var/www/certbot;
|
||||||
}
|
# }
|
||||||
|
#
|
||||||
sendfile on;
|
# sendfile on;
|
||||||
tcp_nopush on;
|
# tcp_nopush on;
|
||||||
tcp_nodelay on;
|
# tcp_nodelay on;
|
||||||
keepalive_timeout 65;
|
# keepalive_timeout 65;
|
||||||
types_hash_max_size 2048;
|
# types_hash_max_size 2048;
|
||||||
#include /etc/nginx/mime.types;
|
# #include /etc/nginx/mime.types;
|
||||||
#default_type application/octet-stream;
|
# #default_type application/octet-stream;
|
||||||
|
#
|
||||||
gzip on;
|
# gzip on;
|
||||||
gzip_disable "msie6";
|
# gzip_disable "msie6";
|
||||||
|
#
|
||||||
proxy_read_timeout 1800s;
|
# proxy_read_timeout 1800s;
|
||||||
chunked_transfer_encoding on;
|
# chunked_transfer_encoding on;
|
||||||
|
#
|
||||||
# store responses to anonymous users for up to 1 minute
|
# # store responses to anonymous users for up to 1 minute
|
||||||
proxy_cache bookwyrm_cache;
|
# proxy_cache bookwyrm_cache;
|
||||||
proxy_cache_valid any 1m;
|
# proxy_cache_valid any 1m;
|
||||||
add_header X-Cache-Status $upstream_cache_status;
|
# add_header X-Cache-Status $upstream_cache_status;
|
||||||
|
#
|
||||||
# ignore the set cookie header when deciding to
|
# # ignore the set cookie header when deciding to
|
||||||
# store a response in the cache
|
# # store a response in the cache
|
||||||
proxy_ignore_headers Cache-Control Set-Cookie Expires;
|
# proxy_ignore_headers Cache-Control Set-Cookie Expires;
|
||||||
|
#
|
||||||
# PUT requests always bypass the cache
|
# # PUT requests always bypass the cache
|
||||||
# logged in sessions also do not populate the cache
|
# # logged in sessions also do not populate the cache
|
||||||
# to avoid serving personal data to anonymous users
|
# # to avoid serving personal data to anonymous users
|
||||||
proxy_cache_methods GET HEAD;
|
# proxy_cache_methods GET HEAD;
|
||||||
proxy_no_cache $cookie_sessionid;
|
# proxy_no_cache $cookie_sessionid;
|
||||||
proxy_cache_bypass $cookie_sessionid;
|
# proxy_cache_bypass $cookie_sessionid;
|
||||||
|
#
|
||||||
# tell the web container the address of the outside client
|
# # tell the web container the address of the outside client
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Host $host;
|
# proxy_set_header Host $host;
|
||||||
proxy_redirect off;
|
# proxy_redirect off;
|
||||||
|
#
|
||||||
location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) {
|
# location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) {
|
||||||
limit_req zone=loginlimit;
|
# limit_req zone=loginlimit;
|
||||||
proxy_pass http://web;
|
# proxy_pass http://web;
|
||||||
}
|
# }
|
||||||
|
#
|
||||||
# do not log periodic polling requests from logged in users
|
# # do not log periodic polling requests from logged in users
|
||||||
location /api/updates/ {
|
# location /api/updates/ {
|
||||||
access_log off;
|
# access_log off;
|
||||||
proxy_pass http://web;
|
# proxy_pass http://web;
|
||||||
}
|
# }
|
||||||
|
#
|
||||||
location / {
|
# location / {
|
||||||
proxy_pass http://web;
|
# proxy_pass http://web;
|
||||||
}
|
# }
|
||||||
|
#
|
||||||
# directly serve images and static files from the
|
# # directly serve images and static files from the
|
||||||
# bookwyrm filesystem using sendfile.
|
# # bookwyrm filesystem using sendfile.
|
||||||
# make the logs quieter by not reporting these requests
|
# # make the logs quieter by not reporting these requests
|
||||||
location ~ ^/(images|static)/ {
|
# location ~ ^/(images|static)/ {
|
||||||
root /app;
|
# root /app;
|
||||||
try_files $uri =404;
|
# try_files $uri =404;
|
||||||
add_header X-Cache-Status STATIC;
|
# add_header X-Cache-Status STATIC;
|
||||||
access_log off;
|
# access_log off;
|
||||||
}
|
# }
|
||||||
|
#
|
||||||
# monitor the celery queues with flower, no caching enabled
|
# # monitor the celery queues with flower, no caching enabled
|
||||||
location /flower/ {
|
# location /flower/ {
|
||||||
proxy_pass http://flower:8888;
|
# proxy_pass http://flower:8888;
|
||||||
proxy_cache_bypass 1;
|
# proxy_cache_bypass 1;
|
||||||
}
|
# }
|
||||||
}
|
# }
|
||||||
|
|
||||||
# Reverse-Proxy server
|
# Reverse-Proxy server
|
||||||
# server {
|
# server {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue