mirror of
https://github.com/ohwgiles/laminar.git
synced 2024-10-27 20:34:20 +00:00
add example config for nginx reverse proxy
This commit is contained in:
parent
2941a5abdd
commit
399f07cf3a
@ -98,6 +98,8 @@ Laminar uses Server Sent Events to provide a responsive, auto-updating display w
|
|||||||
|
|
||||||
If you use a reverse proxy to host Laminar at a subfolder instead of a subdomain root, the `<base href>` needs to be updated to ensure all links point to their proper targets. This can be done by setting `LAMINAR_BASE_URL` in `/etc/laminar.conf`.
|
If you use a reverse proxy to host Laminar at a subfolder instead of a subdomain root, the `<base href>` needs to be updated to ensure all links point to their proper targets. This can be done by setting `LAMINAR_BASE_URL` in `/etc/laminar.conf`.
|
||||||
|
|
||||||
|
See [this example configuration file for nginx](https://github.com/ohwgiles/laminar/blob/master/examples/nginx-ssl-reverse-proxy.conf).
|
||||||
|
|
||||||
## More configuration options
|
## More configuration options
|
||||||
|
|
||||||
See the [reference section](#Service-configuration-file)
|
See the [reference section](#Service-configuration-file)
|
||||||
|
52
examples/nginx-ssl-reverse-proxy.conf
Normal file
52
examples/nginx-ssl-reverse-proxy.conf
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
server {
|
||||||
|
listen [::]:80;
|
||||||
|
listen 80;
|
||||||
|
server_name laminar.example.com;
|
||||||
|
|
||||||
|
# rule for letsencrypt ACME challenge requests
|
||||||
|
location ^~ /.well-known/acme-challenge/ {
|
||||||
|
default_type "text/plain";
|
||||||
|
alias /srv/www/acme-challenge/;
|
||||||
|
}
|
||||||
|
|
||||||
|
# redirect all other http to https
|
||||||
|
return 301 https://$server_name$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
# http2 is recommended because browsers will only open a small number of concurrent SSE streams over http1
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
listen 443 ssl http2;
|
||||||
|
server_name laminar.example.com;
|
||||||
|
|
||||||
|
# modern tls only, see https://syslink.pl/cipherlist/ for a more complete example
|
||||||
|
ssl_protocols TLSv1.3;
|
||||||
|
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
|
||||||
|
|
||||||
|
# set according to ACME/letsencrypt client
|
||||||
|
ssl_certificate /path/to/certificate.crt;
|
||||||
|
ssl_certificate_key /path/to/private.key;
|
||||||
|
|
||||||
|
# use "location /" if laminar is to be accessible at the (sub)domain root.
|
||||||
|
# alteratively, use a subdirectory such as "location /my-laminar/" and ensure that
|
||||||
|
# LAMINAR_BASE_URL=/my-laminar/ accordingly.
|
||||||
|
location / {
|
||||||
|
# set proxy_pass according to LAMINAR_BIND_HTTP.
|
||||||
|
# note that the laminar default for LAMINAR_BIND_HTTP is *:8080, which binds on all interfaces
|
||||||
|
# instead of just the loopback device and is almost certainly not what you want if you are using
|
||||||
|
# a reverse proxy. It should be set to 127.0.0.1:8080 at a minimum, or use unix sockets for more
|
||||||
|
# fine-grained control of permissions.
|
||||||
|
# see http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
|
||||||
|
# and https://laminar.ohwg.net/docs.html#Running-on-a-different-HTTP-port-or-Unix-socket
|
||||||
|
proxy_pass http://127.0.0.1:8080;
|
||||||
|
|
||||||
|
# required to allow laminar's SSE stream to pass correctly
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Connection "";
|
||||||
|
}
|
||||||
|
|
||||||
|
# have nginx serve artefacts directly rather than having laminard do it
|
||||||
|
location /archive/ {
|
||||||
|
alias /var/lib/laminar/archive/;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user