From diaspora* project wiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Nginx is a lightweight webserver that is a easy front end for Diaspora. This is a basic configuration for a standard pod install, you will need to scale it up if you grow. If you are running Diaspora* in production mode, you may want to comment out the "daemon off" line.
 Note: | This gist provides a cleaner version sticking to best practices. |
| Note: | If you're using a StartSSL Cert and got Problems with your chain cert, check out this |
worker_processes 1;
daemon off;
events {
worker_connections 1024;
}
#
# FIXME: You may wish to modify the value of the `log_format` directive
# below if you are not using Splunk
#
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_proxied any;
gzip_buffers 16 8k;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
#
# FIXME: If using thin app server, specify correct number of thin servers
# below, otherwise comment out and replace with your own solution
#
upstream thin_cluster {
server localhost:3000;
}
#
# FIXME: specify correct value(s) for `server_name` directive and
# correct domain name in the `rewrite` directive below
#
server {
listen 80;
server_name example.com www.example.com;
rewrite ^(.*) https://example.com$1 permanent;
}
#
# FIXME: specify correct value(s) for `server_name` directive and
# `ssl_certificate` + `ssl_certificate_key` directives below
#
server {
listen 443;
server_name example.com www.example.com;
## make sure you change location if you did clone into /usr/local/app
root /usr/local/app/diaspora/public;
ssl on;
ssl_certificate /path/to/cert_location;
ssl_certificate_key /path/to/key_location;
# enable better ssl security if you like to mitigate BEAST and other exploits
#ssl_session_cache shared:SSL:10m;
#ssl_session_timeout 5m;
#ssl_protocols TLSv1;
#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
#ssl_prefer_server_ciphers on;
#add_header Strict-Transport-Security max-age=500;
#ssl_ecdh_curve secp521r1;
location /uploads/images {
expires 1d;
add_header Cache-Control public;
}
location /assets {
expires 1d;
add_header Cache-Control public;
}
#
# FIXME: modify the `rewrite` directive below to point to proper S3 bucket
# and path or comment out if you will store images on local file system
#
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
client_max_body_size 4M;
client_body_buffer_size 128K;
if (-f $request_filename/index.html) {
rewrite (.*) $1/index.html break;
}
if (-f $request_filename.html) {
rewrite (.*) $1.html break;
}
if (!-f $request_filename) {
proxy_pass http://thin_cluster;
break;
}
#if you switch to a s3 bucket you can redirect old links to the s3
#rewrite ^/uploads/images/(.*)$ https://example.com/s3bucket/s3path/$1 permanent;
}
# you may create the file public/50x.html to render custom pages as you like
# otherwise leave these next four lines commented out
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# root html;
# }
}
}