1 files changed, 54 insertions, 0 deletions

diff --git a/writefreely/templates/nginx.conf.j2 b/writefreely/templates/nginx.conf.j2
new file mode 100644
index 0000000..4f1cf4d
--- /dev/null
+++ b/writefreely/templates/nginx.conf.j2
@@ -0,0 +1,54 @@
+server {
+    listen 80;
+    server_name {{nginx_server_name}};
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name {{nginx_server_name}};
+
+    ssl_certificate {{nginx_ssl_cert}};
+    ssl_certificate_key {{nginx_ssl_privkey}};
+    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
+
+    gzip on;
+    gzip_types
+      application/javascript
+      application/x-javascript
+      application/json
+      application/rss+xml
+      application/xml
+      image/svg+xml
+      image/x-icon
+      application/vnd.ms-fontobject
+      application/font-sfnt
+      text/css
+      text/plain;
+    gzip_min_length 256;
+    gzip_comp_level 5;
+    gzip_http_version 1.1;
+    gzip_vary on;
+
+    location ~ ^/.well-known/(webfinger|nodeinfo|host-meta) {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_pass http://127.0.0.1:{{nginx_proxy_port}};
+        proxy_redirect off;
+    }
+
+    location ~ ^/(css|img|js|fonts)/ {
+        root {{nginx_static_content}};
+        # Optionally cache these files in the browser:
+        # expires 12M;
+    }
+
+    location / {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_pass http://127.0.0.1:{{nginx_proxy_port}};
+        proxy_redirect off;
+    }
+}