include /etc/nginx/conf.d/server_config; upstream web { server web:8000; } server { listen [::]:80; listen 80; server_name your-domain.com www.your-domain.com; location ~ /.well-known/acme-challenge { allow all; root /var/www/certbot; } # # redirect http to https # return 301 https://your-domain.com$request_uri; } # server { # access_log /var/log/nginx/access.log cache_log; # # listen [::]:443 ssl http2; # listen 443 ssl http2; # # server_name your-domain.com; # # client_max_body_size 3M; # # if ($host != "your-domain.com") { # return 301 $scheme://your-domain.com$request_uri; # } # # # SSL code # ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem; # ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem; # # location ~ /.well-known/acme-challenge { # allow all; # root /var/www/certbot; # } # # sendfile on; # tcp_nopush on; # tcp_nodelay on; # keepalive_timeout 65; # types_hash_max_size 2048; # #include /etc/nginx/mime.types; # #default_type application/octet-stream; # # gzip on; # gzip_disable "msie6"; # # proxy_read_timeout 1800s; # chunked_transfer_encoding on; # # # store responses to anonymous users for up to 1 minute # proxy_cache bookwyrm_cache; # proxy_cache_valid any 1m; # add_header X-Cache-Status $upstream_cache_status; # # # ignore the set cookie header when deciding to # # store a response in the cache # proxy_ignore_headers Cache-Control Set-Cookie Expires; # # # PUT requests always bypass the cache # # logged in sessions also do not populate the cache # # to avoid serving personal data to anonymous users # proxy_cache_methods GET HEAD; # proxy_no_cache $cookie_sessionid; # proxy_cache_bypass $cookie_sessionid; # # # tell the web container the address of the outside client # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header Host $host; # proxy_redirect off; # # location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) { # limit_req zone=loginlimit; # proxy_pass http://web; # } # # # do not log periodic polling requests from logged in users # location /api/updates/ { # access_log off; # proxy_pass http://web; # } # # location / { # proxy_pass http://web; # } # # # directly serve images and static files from the # # bookwyrm filesystem using sendfile. # # make the logs quieter by not reporting these requests # location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|ttf|webp|css|js)$ { # root /app; # try_files $uri =404; # add_header X-Cache-Status STATIC; # access_log off; # } # # block access to any non-image files from images or static # location ~ ^/images/ { # return 403; # } # # # monitor the celery queues with flower, no caching enabled # location /flower/ { # proxy_pass http://flower:8888; # proxy_cache_bypass 1; # } # } # Reverse-Proxy server # server { # listen [::]:8001; # listen 8001; # server_name your-domain.com www.your-domain.com; # location / { # proxy_pass http://web; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header Host $host; # proxy_redirect off; # } # location /images/ { # alias /app/images/; # } # location /static/ { # alias /app/static/; # } # }