diff options
Diffstat (limited to 'ansible/nginx.conf')
-rw-r--r-- | ansible/nginx.conf | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/ansible/nginx.conf b/ansible/nginx.conf new file mode 100644 index 00000000..e0aaec91 --- /dev/null +++ b/ansible/nginx.conf @@ -0,0 +1,33 @@ +server { + listen 80; + server_name {{ domain }}; + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl http2; + server_name {{ domain }}; + + ssl_certificate /certs/live/{{ domain }}/fullchain.pem; + ssl_certificate_key /certs/live/{{ domain }}/privkey.pem; + + # TODO: add security params + + location / { + rewrite (\/(user|u|inbox|post|community|c|login|search|sponsors|communities|modlog|home)+) /static/index.html break; + proxy_pass http://0.0.0.0:8536; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # WebSocket support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +} |