diff -r 1b7ccb729164 -r 05d0cf32e077 writefreely/server/templates/nginx.conf.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/writefreely/server/templates/nginx.conf.j2 Sun Jul 04 12:05:24 2021 -0500 @@ -0,0 +1,54 @@ +server { + listen 80; + server_name {{nginx_server_name}}; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + server_name {{nginx_server_name}}; + + ssl_certificate {{nginx_ssl_cert}}; + ssl_certificate_key {{nginx_ssl_privkey}}; + ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1; + + gzip on; + gzip_types + application/javascript + application/x-javascript + application/json + application/rss+xml + application/xml + image/svg+xml + image/x-icon + application/vnd.ms-fontobject + application/font-sfnt + text/css + text/plain; + gzip_min_length 256; + gzip_comp_level 5; + gzip_http_version 1.1; + gzip_vary on; + + location ~ ^/.well-known/(webfinger|nodeinfo|host-meta) { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://127.0.0.1:{{nginx_proxy_port}}; + proxy_redirect off; + } + + location ~ ^/(css|img|js|fonts)/ { + root {{nginx_static_content}}; + # Optionally cache these files in the browser: + # expires 12M; + } + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://127.0.0.1:{{nginx_proxy_port}}; + proxy_redirect off; + } +}