bookwyrm/nginx/production
Hugh Rundle ddc35a7a52
fix multiple issues from user exports config changes
- improve nginx config
- fix DATA_UPLOAD_MAX_MEMORY_SIZE default not being an int
- translate fallback value in id_to_username template tag
- make location of setting to turn on user exports easier to locate for admins

fixes #3227
fixes #3231
fixes #3232
fixes #3236
2024-01-20 13:19:13 +11:00

147 lines
3.7 KiB
Text

include /etc/nginx/conf.d/server_config;
upstream web {
server web:8000;
}
server {
listen [::]:80;
listen 80;
server_name your-domain.com www.your-domain.com;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/certbot;
}
# # redirect http to https
# return 301 https://your-domain.com$request_uri;
}
# server {
# access_log /var/log/nginx/access.log cache_log;
#
# listen [::]:443 ssl http2;
# listen 443 ssl http2;
#
# server_name your-domain.com;
#
# client_max_body_size 3M;
#
# if ($host != "your-domain.com") {
# return 301 $scheme://your-domain.com$request_uri;
# }
#
# # SSL code
# ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem;
# ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem;
#
# location ~ /.well-known/acme-challenge {
# allow all;
# root /var/www/certbot;
# }
#
# sendfile on;
# tcp_nopush on;
# tcp_nodelay on;
# keepalive_timeout 65;
# types_hash_max_size 2048;
# #include /etc/nginx/mime.types;
# #default_type application/octet-stream;
#
# gzip on;
# gzip_disable "msie6";
#
# proxy_read_timeout 1800s;
# chunked_transfer_encoding on;
#
# # store responses to anonymous users for up to 1 minute
# proxy_cache bookwyrm_cache;
# proxy_cache_valid any 1m;
# add_header X-Cache-Status $upstream_cache_status;
#
# # ignore the set cookie header when deciding to
# # store a response in the cache
# proxy_ignore_headers Cache-Control Set-Cookie Expires;
#
# # PUT requests always bypass the cache
# # logged in sessions also do not populate the cache
# # to avoid serving personal data to anonymous users
# proxy_cache_methods GET HEAD;
# proxy_no_cache $cookie_sessionid;
# proxy_cache_bypass $cookie_sessionid;
#
# # tell the web container the address of the outside client
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $host;
# proxy_redirect off;
#
# location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) {
# limit_req zone=loginlimit;
# proxy_pass http://web;
# }
#
# # do not log periodic polling requests from logged in users
# location /api/updates/ {
# access_log off;
# proxy_pass http://web;
# }
#
# location / {
# proxy_pass http://web;
# }
#
# # directly serve static files from the
# # bookwyrm filesystem using sendfile.
# # make the logs quieter by not reporting these requests
# location ~ ^/static/ {
# root /app;
# try_files $uri =404;
# add_header X-Cache-Status STATIC;
# access_log off;
# }
# # same with image files not in static folder
# location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|webp)$ {
# root /app;
# try_files $uri =404;
# add_header X-Cache-Status STATIC;
# access_log off;
# }
# # block access to any non-image files from images
# location ~ ^/images/ {
# return 403;
# }
#
# # monitor the celery queues with flower, no caching enabled
# location /flower/ {
# proxy_pass http://flower:8888;
# proxy_cache_bypass 1;
# }
# }
# Reverse-Proxy server
# server {
# listen [::]:8001;
# listen 8001;
# server_name your-domain.com www.your-domain.com;
# location / {
# proxy_pass http://web;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $host;
# proxy_redirect off;
# }
# location /images/ {
# alias /app/images/;
# }
# location /static/ {
# alias /app/static/;
# }
# }