Página inicial Explorar Ajuda
Entrar
jgf
/
bookwyrm
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Branch: main
Branches Tags
bookwyrm
/
nginx
/
production

production 3.4 KB
Link permanente Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134 
  1. include /etc/nginx/conf.d/server_config;
    2. 

  2. 

  3. upstream web {
    4. 

  4.     server web:8000;
    5. 

  5. }
    6. 

  6. 

  7. server {
    8. 

  8.     listen [::]:80;
    9. 

  9.     listen 80;
    10. 

  10. 

  11.     server_name your-domain.com www.your-domain.com;
    12. 

  12. 

  13.     location ~ /.well-known/acme-challenge {
    14. 

  14.         allow all;
    15. 

  15.         root /var/www/certbot;
    16. 

  16.     }
    17. 

  17. 

  18. #     # redirect http to https
    19. 

  19. #     return 301 https://your-domain.com$request_uri;
    20. 

  20. }
    21. 

  21. 

  22. 

  23. # server {
    24. 

  24. #     access_log /var/log/nginx/access.log cache_log;
    25. 

  25. #
    26. 

  26. #     listen [::]:443 ssl http2;
    27. 

  27. #     listen 443 ssl http2;
    28. 

  28. #
    29. 

  29. #     server_name your-domain.com;
    30. 

  30. #
    31. 

  31. #     client_max_body_size 3M;
    32. 

  32. #
    33. 

  33. #     if ($host != "your-domain.com") {
    34. 

  34. #         return 301 $scheme://your-domain.com$request_uri;
    35. 

  35. #     }
    36. 

  36. #
    37. 

  37. #     # SSL code
    38. 

  38. #     ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem;
    39. 

  39. #     ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem;
    40. 

  40. #
    41. 

  41. #     location ~ /.well-known/acme-challenge {
    42. 

  42. #         allow all;
    43. 

  43. #         root /var/www/certbot;
    44. 

  44. #     }
    45. 

  45. #
    46. 

  46. #     sendfile on;
    47. 

  47. #     tcp_nopush on;
    48. 

  48. #     tcp_nodelay on;
    49. 

  49. #     keepalive_timeout 65;
    50. 

  50. #     types_hash_max_size 2048;
    51. 

  51. #     #include /etc/nginx/mime.types;
    52. 

  52. #     #default_type application/octet-stream;
    53. 

  53. #
    54. 

  54. #     gzip on;
    55. 

  55. #     gzip_disable "msie6";
    56. 

  56. #
    57. 

  57. #     proxy_read_timeout 1800s;
    58. 

  58. #     chunked_transfer_encoding on;
    59. 

  59. #
    60. 

  60. #     # store responses to anonymous users for up to 1 minute
    61. 

  61. #     proxy_cache bookwyrm_cache;
    62. 

  62. #     proxy_cache_valid any 1m;
    63. 

  63. #     add_header X-Cache-Status $upstream_cache_status;
    64. 

  64. #
    65. 

  65. #     # ignore the set cookie header when deciding to
    66. 

  66. #     # store a response in the cache
    67. 

  67. #     proxy_ignore_headers Cache-Control Set-Cookie Expires;
    68. 

  68. #
    69. 

  69. #     # PUT requests always bypass the cache
    70. 

  70. #     # logged in sessions also do not populate the cache
    71. 

  71. #     # to avoid serving personal data to anonymous users
    72. 

  72. #     proxy_cache_methods GET HEAD;
    73. 

  73. #     proxy_no_cache      $cookie_sessionid;
    74. 

  74. #     proxy_cache_bypass  $cookie_sessionid;
    75. 

  75. #
    76. 

  76. #     # tell the web container the address of the outside client
    77. 

  77. #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    78. 

  78. #     proxy_set_header Host $host;
    79. 

  79. #     proxy_redirect off;
    80. 

  80. #
    81. 

  81. #     location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) {
    82. 

  82. #         limit_req zone=loginlimit;
    83. 

  83. #         proxy_pass http://web;
    84. 

  84. #     }
    85. 

  85. #
    86. 

  86. #     # do not log periodic polling requests from logged in users
    87. 

  87. #     location /api/updates/ {
    88. 

  88. #         access_log off;
    89. 

  89. #         proxy_pass http://web;
    90. 

  90. #     }
    91. 

  91. #
    92. 

  92. #     location / {
    93. 

  93. #         proxy_pass http://web;
    94. 

  94. #     }
    95. 

  95. #
    96. 

  96. #     # directly serve images and static files from the
    97. 

  97. #     # bookwyrm filesystem using sendfile.
    98. 

  98. #     # make the logs quieter by not reporting these requests
    99. 

  99. #     location ~ ^/(images|static)/ {
    100. 

  100. #         root /app;
    101. 

  101. #         try_files $uri =404;
    102. 

  102. #         add_header X-Cache-Status STATIC;
    103. 

  103. #         access_log off;
    104. 

  104. #     }
    105. 

  105. #
    106. 

  106. #     # monitor the celery queues with flower, no caching enabled
    107. 

  107. #     location /flower/ {
    108. 

  108. #        proxy_pass http://flower:8888;
    109. 

  109. #        proxy_cache_bypass 1;
    110. 

  110. #     }
    111. 

  111. # }
    112. 

  112. 

  113. # Reverse-Proxy server
    114. 

  114. # server {
    115. 

  115. #     listen [::]:8001;
    116. 

  116. #     listen 8001;
    117. 

  117. 

  118. #     server_name your-domain.com www.your-domain.com;
    119. 

  119. 

  120. #     location / {
    121. 

  121. #         proxy_pass http://web;
    122. 

  122. #         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    123. 

  123. #         proxy_set_header Host $host;
    124. 

  124. #         proxy_redirect off;
    125. 

  125. #     }
    126. 

  126. 

  127. #     location /images/ {
    128. 

  128. #         alias /app/images/;
    129. 

  129. #     }
    130. 

  130. 

  131. #     location /static/ {
    132. 

  132. #         alias /app/static/;
    133. 

  133. #     }
    134. 

  134. # }
    135.