|
|
| Line 1: |
Line 1: |
| Nginx is a lightweight webserver that is a easy front end for Diaspora. This is a basic configuration for a standard pod install, you will need to scale it up if you grow. If you are running Diaspora* in production mode, you may want to comment out the "daemon off" line. | | Nginx is a lightweight webserver that is a easy front end for Diaspora. This is a basic configuration for a standard pod install, you will need to scale it up if you grow. If you are running Diaspora* in production mode, you may want to comment out the "daemon off" line. |
|
| |
|
| {{Note|[https://gist.github.com/jhass/1355430 This gist] provides a cleaner version sticking to best practices.}}
| |
| {{Note|If you're using a StartSSL Cert and got Problems with your chain cert, [https://gist.github.com/1825744 check out this]}} | | {{Note|If you're using a StartSSL Cert and got Problems with your chain cert, [https://gist.github.com/1825744 check out this]}} |
| {{Serious|Make sure to read on why [http://wiki.nginx.org/IfIsEvil if is evil] if you intend to use this configuration!}}
| |
|
| |
| <pre>worker_processes 1;
| |
| daemon off;
| |
| events {
| |
| worker_connections 1024;
| |
| }
| |
|
| |
| #
| |
| # FIXME: You may wish to modify the value of the `log_format` directive
| |
| # below if you are not using Splunk
| |
| #
| |
| http {
| |
|
| |
| include mime.types;
| |
| default_type application/octet-stream;
| |
| sendfile on;
| |
| keepalive_timeout 65;
| |
| gzip on;
| |
| gzip_http_version 1.0;
| |
| gzip_comp_level 2;
| |
| gzip_proxied any;
| |
| gzip_buffers 16 8k;
| |
| gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
| |
| gzip_disable "MSIE [1-6]\.(?!.*SV1)";
| |
|
| |
| #
| |
| # FIXME: If using thin app server, specify correct number of thin servers
| |
| # below, otherwise comment out and replace with your own solution
| |
| #
| |
| upstream thin_cluster {
| |
| server localhost:3000;
| |
| }
| |
|
| |
|
| |
| #
| |
| # FIXME: specify correct value(s) for `server_name` directive and
| |
| # correct domain name in the `rewrite` directive below
| |
| #
| |
| server {
| |
| listen 80;
| |
| server_name example.com www.example.com;
| |
| rewrite ^(.*) https://example.com$1 permanent;
| |
| }
| |
|
| |
| #
| |
| # FIXME: specify correct value(s) for `server_name` directive and
| |
| # `ssl_certificate` + `ssl_certificate_key` directives below
| |
| #
| |
| server {
| |
| listen 443;
| |
| server_name example.com www.example.com;
| |
| ## make sure you change location if you did clone into /usr/local/app
| |
| root /usr/local/app/diaspora/public;
| |
|
| |
| ssl on;
| |
| ssl_certificate /path/to/cert_location;
| |
| ssl_certificate_key /path/to/key_location;
| |
| # enable better ssl security if you like to mitigate BEAST and other exploits
| |
| #ssl_session_cache shared:SSL:10m;
| |
| #ssl_session_timeout 5m;
| |
| #ssl_protocols TLSv1;
| |
| #ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
| |
| #ssl_prefer_server_ciphers on;
| |
| #add_header Strict-Transport-Security max-age=500;
| |
| #ssl_ecdh_curve secp521r1;
| |
|
| |
| location /uploads/images {
| |
| expires 1d;
| |
| add_header Cache-Control public;
| |
| }
| |
| location /assets {
| |
| expires 1d;
| |
| add_header Cache-Control public;
| |
| }
| |
|
| |
| #
| |
| # FIXME: modify the `rewrite` directive below to point to proper S3 bucket
| |
| # and path or comment out if you will store images on local file system
| |
| #
| |
| location / {
| |
| proxy_set_header X-Real-IP $remote_addr;
| |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
| |
| proxy_set_header Host $http_host;
| |
| proxy_set_header X-Forwarded-Proto https;
| |
| proxy_redirect off;
| |
| client_max_body_size 4M;
| |
| client_body_buffer_size 128K;
| |
|
| |
| if (-f $request_filename/index.html) {
| |
| rewrite (.*) $1/index.html break;
| |
| }
| |
| if (-f $request_filename.html) {
| |
| rewrite (.*) $1.html break;
| |
| }
| |
| if (!-f $request_filename) {
| |
| proxy_pass http://thin_cluster;
| |
| break;
| |
| }
| |
| #if you switch to a s3 bucket you can redirect old links to the s3
| |
| #rewrite ^/uploads/images/(.*)$ https://example.com/s3bucket/s3path/$1 permanent;
| |
| }
| |
|
| |
| # you may create the file public/50x.html to render custom pages as you like
| |
| # otherwise leave these next four lines commented out
| |
|
| |
| # error_page 500 502 503 504 /50x.html;
| |
| # location = /50x.html {
| |
| # root html;
| |
| # }
| |
|
| |
| }
| |
|
| |
| }</pre>
| |
|
| |
|
| |
|
| | <gist>1355430</gist> |
|
| |
|
| [[Category:Podmin]] | | [[Category:Podmin]] |
| [[Category:Github transfer done]] | | [[Category:Github transfer done]] |
Note: