generated from bisco/codex-bootstrap
feat: add optional letsencrypt tls
This commit is contained in:
+21
-20
@@ -3,6 +3,11 @@ map $http_upgrade $connection_upgrade {
|
||||
"" close;
|
||||
}
|
||||
|
||||
map $http_x_forwarded_proto $effective_forwarded_proto {
|
||||
default $scheme;
|
||||
https https;
|
||||
}
|
||||
|
||||
server_tokens off;
|
||||
|
||||
upstream wagtail_backend {
|
||||
@@ -19,31 +24,27 @@ server {
|
||||
listen 80 default_server;
|
||||
server_name _;
|
||||
|
||||
return 404;
|
||||
location = /nginx-health {
|
||||
access_log off;
|
||||
return 200 "ok\n";
|
||||
}
|
||||
|
||||
location / {
|
||||
return 404;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name azionelab.org;
|
||||
server_name __DOMAIN__;
|
||||
|
||||
client_max_body_size 10m;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||
|
||||
location ~ ^/(admin|api|documents|health|media|static)(/|$) {
|
||||
proxy_pass http://wagtail_backend;
|
||||
location ^~ /.well-known/acme-challenge/ {
|
||||
root /var/www/certbot;
|
||||
default_type text/plain;
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://astro_frontend;
|
||||
}
|
||||
include /etc/nginx/http-enabled/site.conf;
|
||||
}
|
||||
|
||||
include /etc/nginx/tls-enabled/*.conf;
|
||||
|
||||
Reference in New Issue
Block a user