retrospring/docs/nginx.conf

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

72 lines
2.3 KiB
Nginx Configuration File
Raw Permalink Normal View History

# justask nginx config
# Redirect www.retrospring.net to retrospring.net, because it looks nicer.
server {
listen *:80;
listen *:443;
server_name www.retrospring.net;
return 301 $scheme://retrospring.net$request_uri;
}
# This is a normal HTTP host which redirects all traffic to the HTTPS host.
server {
listen *:80;
# Replace retrospring.net with your FQDN.
server_name retrospring.net;
server_tokens off;
# root doesn't have to be a valid path since we are redirecting
root /nowhere;
rewrite ^ https://$server_name$request_uri permanent;
}
# The actual configuration.
server {
# SSL settings
listen 443 ssl;
ssl on;
ssl_certificate /usr/local/etc/nginx/ssl/certs/retrospring.net/retrospring.net.pem;
ssl_certificate_key /usr/local/etc/nginx/ssl/certs/retrospring.net/retrospring.net.key;
# use this header only if all subdomains support HTTPS!
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
ssl_session_cache builtin:1000 shared:SSL:10m;
# forward secrecy settings
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
# Replace retrospring.net with your FQDN
server_name retrospring.net;
server_tokens off;
# Replace /usr/home/justask/justask with the path to your justask installation
root /usr/home/justask/justask/public;
access_log /var/log/nginx/justask.log;
client_max_body_size 5M;
error_page 404 = /404.html;
error_page 422 = /422.html;
error_page 500 = /500.html;
error_page 502 = /502.html;
try_files $uri @justask;
location @justask {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_max_temp_file_size 0;
# Replace /usr/home/justask/justask with the path to your justask installation
proxy_pass http://unix:/usr/home/justask/justask/tmp/sockets/justask.sock;
break;
}
}