mirror of
synced 2025-03-14 07:22:44 +00:00
I thought this didn't need to be commented out but it does (if it isn't, it tried to load the cert, which doesn't yet exist)
134 lines
3.4 KiB
134 lines
3.4 KiB
include /etc/nginx/conf.d/server_config;
upstream web {
server web:8000;
server {
listen [::]:80;
listen 80;
server_name your-domain.com www.your-domain.com;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/certbot;
# # redirect http to https
# return 301 https://your-domain.com$request_uri;
# server {
# access_log /var/log/nginx/access.log cache_log;
# listen [::]:443 ssl http2;
# listen 443 ssl http2;
# server_name your-domain.com;
# client_max_body_size 3M;
# if ($host != "your-domain.com") {
# return 301 $scheme://your-domain.com$request_uri;
# }
# # SSL code
# ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem;
# ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem;
# location ~ /.well-known/acme-challenge {
# allow all;
# root /var/www/certbot;
# }
# sendfile on;
# tcp_nopush on;
# tcp_nodelay on;
# keepalive_timeout 65;
# types_hash_max_size 2048;
# #include /etc/nginx/mime.types;
# #default_type application/octet-stream;
# gzip on;
# gzip_disable "msie6";
# proxy_read_timeout 1800s;
# chunked_transfer_encoding on;
# # store responses to anonymous users for up to 1 minute
# proxy_cache bookwyrm_cache;
# proxy_cache_valid any 1m;
# add_header X-Cache-Status $upstream_cache_status;
# # ignore the set cookie header when deciding to
# # store a response in the cache
# proxy_ignore_headers Cache-Control Set-Cookie Expires;
# # PUT requests always bypass the cache
# # logged in sessions also do not populate the cache
# # to avoid serving personal data to anonymous users
# proxy_cache_methods GET HEAD;
# proxy_no_cache $cookie_sessionid;
# proxy_cache_bypass $cookie_sessionid;
# # tell the web container the address of the outside client
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $host;
# proxy_redirect off;
# location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) {
# limit_req zone=loginlimit;
# proxy_pass http://web;
# }
# # do not log periodic polling requests from logged in users
# location /api/updates/ {
# access_log off;
# proxy_pass http://web;
# }
# location / {
# proxy_pass http://web;
# }
# # directly serve images and static files from the
# # bookwyrm filesystem using sendfile.
# # make the logs quieter by not reporting these requests
# location ~ ^/(images|static)/ {
# root /app;
# try_files $uri =404;
# add_header X-Cache-Status STATIC;
# access_log off;
# }
# # monitor the celery queues with flower, no caching enabled
# location /flower/ {
# proxy_pass http://flower:8888;
# proxy_cache_bypass 1;
# }
# }
# Reverse-Proxy server
# server {
# listen [::]:8001;
# listen 8001;
# server_name your-domain.com www.your-domain.com;
# location / {
# proxy_pass http://web;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $host;
# proxy_redirect off;
# }
# location /images/ {
# alias /app/images/;
# }
# location /static/ {
# alias /app/static/;
# }
# }