Difference between revisions of "Nginx configuration"

From diaspora* project wiki
Jump to: navigation, search
(Replaced static copy with Gist embed)
Line 1: Line 1:
 
Nginx is a lightweight webserver that is a easy front end for Diaspora. This is a basic configuration for a standard pod install, you will need to scale it up if you grow. If you are running Diaspora* in production mode, you may want to comment out the "daemon off" line.
 
Nginx is a lightweight webserver that is a easy front end for Diaspora. This is a basic configuration for a standard pod install, you will need to scale it up if you grow. If you are running Diaspora* in production mode, you may want to comment out the "daemon off" line.
  
{{Note|[https://gist.github.com/jhass/1355430 This gist] provides a cleaner version sticking to best practices.}}
 
 
{{Note|If you're using a StartSSL Cert and got Problems with your chain cert, [https://gist.github.com/1825744 check out this]}}
 
{{Note|If you're using a StartSSL Cert and got Problems with your chain cert, [https://gist.github.com/1825744 check out this]}}
{{Serious|Make sure to read on why [http://wiki.nginx.org/IfIsEvil if is evil] if you intend to use this configuration!}}
 
 
<pre>worker_processes 1;
 
daemon off;
 
events {
 
  worker_connections  1024;
 
}
 
 
#
 
# FIXME: You may wish to modify the value of the `log_format` directive
 
#        below if you are not using Splunk
 
#
 
http {
 
 
  include      mime.types;
 
  default_type  application/octet-stream;
 
  sendfile on;
 
  keepalive_timeout  65;
 
  gzip              on;
 
  gzip_http_version 1.0;
 
  gzip_comp_level  2;
 
  gzip_proxied      any;
 
  gzip_buffers      16 8k;
 
  gzip_types        text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
 
  gzip_disable      &quot;MSIE [1-6]\.(?!.*SV1)&quot;;
 
 
#
 
# FIXME: If using thin app server, specify correct number of thin servers
 
#        below, otherwise comment out and replace with your own solution
 
#
 
upstream thin_cluster {
 
  server          localhost:3000;
 
}
 
 
 
#
 
# FIXME: specify correct value(s) for `server_name` directive and
 
#        correct domain name in the `rewrite` directive below
 
#
 
server {
 
  listen      80;
 
  server_name  example.com  www.example.com;
 
  rewrite      ^(.*) https://example.com$1 permanent;
 
}
 
 
#
 
# FIXME: specify correct value(s) for `server_name` directive and
 
#        `ssl_certificate` + `ssl_certificate_key` directives below
 
#
 
server {
 
  listen      443;
 
  server_name  example.com  www.example.com;
 
  ## make sure you change location if you did clone into /usr/local/app
 
  root        /usr/local/app/diaspora/public;
 
 
  ssl on;
 
  ssl_certificate      /path/to/cert_location;
 
  ssl_certificate_key  /path/to/key_location;
 
  # enable better ssl security if you like to mitigate BEAST and other exploits
 
  #ssl_session_cache      shared:SSL:10m;
 
  #ssl_session_timeout    5m;
 
  #ssl_protocols          TLSv1;
 
  #ssl_ciphers            ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
 
  #ssl_prefer_server_ciphers on;
 
  #add_header              Strict-Transport-Security max-age=500;
 
  #ssl_ecdh_curve          secp521r1;
 
 
  location /uploads/images {
 
  expires 1d;
 
  add_header Cache-Control public;
 
  }
 
  location /assets {
 
  expires 1d;
 
  add_header Cache-Control public;
 
  }
 
 
#
 
# FIXME: modify the `rewrite` directive below to point to proper S3 bucket
 
#        and path or comment out if you will store images on local file system
 
#
 
location / {
 
  proxy_set_header X-Real-IP $remote_addr;
 
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
  proxy_set_header Host $http_host;
 
  proxy_set_header X-Forwarded-Proto https;
 
  proxy_redirect off;
 
  client_max_body_size 4M;
 
  client_body_buffer_size 128K;
 
 
  if (-f $request_filename/index.html) {
 
    rewrite (.*) $1/index.html break;
 
  }
 
  if (-f $request_filename.html) {
 
    rewrite (.*) $1.html break;
 
  }
 
  if (!-f $request_filename) {
 
    proxy_pass http://thin_cluster;
 
    break;
 
  }
 
  #if you switch to a s3 bucket you can redirect old links to the s3
 
  #rewrite ^/uploads/images/(.*)$ https://example.com/s3bucket/s3path/$1 permanent;
 
}
 
 
  # you may create the file public/50x.html to render custom pages as you like
 
  # otherwise leave these next four lines commented out
 
 
  # error_page 500 502 503 504 /50x.html;
 
  # location = /50x.html {
 
  # root html;
 
  # }
 
 
}
 
 
}</pre>
 
 
  
 +
<gist>1355430</gist>
  
 
[[Category:Podmin]]
 
[[Category:Podmin]]
 
[[Category:Github transfer done]]
 
[[Category:Github transfer done]]

Revision as of 02:01, 30 August 2017

Nginx is a lightweight webserver that is a easy front end for Diaspora. This is a basic configuration for a standard pod install, you will need to scale it up if you grow. If you are running Diaspora* in production mode, you may want to comment out the "daemon off" line.

»» Note
If you're using a StartSSL Cert and got Problems with your chain cert, check out this