-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx_https.conf
44 lines (35 loc) · 1.42 KB
/
nginx_https.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# This is an nginx config file that serves Kiwi (as static files)
# and also reverse proxies to Ergo's websocket listener. On the testnet,
# it is installed at /etc/nginx/sites-enabled/default.
# Note that no plaintext HTTP configuration is enabled on this server. You may
# want to add configs that redirect HTTP to HTTPS. See the relevant guides
# for nginx and Certbot.
server {
# TLS configuration
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
# use Let's Encrypt certificates at their default location:
ssl_certificate /etc/letsencrypt/live/testnet.oragono.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/testnet.oragono.io/privkey.pem;
# root for serving static files:
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name testnet.ergo.chat;
# reverse proxy block for Ergo's websocket listener.
# all HTTP paths other than /webirc will be served as static files,
# but /webirc will be passed through to Ergo:
location /webirc {
proxy_pass http://unix:/tmp/ergo_websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 10m;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}