mirror of
https://github.com/ohwgiles/laminar.git
synced 2024-10-27 20:34:20 +00:00
53 lines
1.9 KiB
Plaintext
53 lines
1.9 KiB
Plaintext
server {
|
|
listen [::]:80;
|
|
listen 80;
|
|
server_name laminar.example.com;
|
|
|
|
# rule for letsencrypt ACME challenge requests
|
|
location ^~ /.well-known/acme-challenge/ {
|
|
default_type "text/plain";
|
|
alias /srv/www/acme-challenge/;
|
|
}
|
|
|
|
# redirect all other http to https
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
|
|
server {
|
|
# http2 is recommended because browsers will only open a small number of concurrent SSE streams over http1
|
|
listen [::]:443 ssl http2;
|
|
listen 443 ssl http2;
|
|
server_name laminar.example.com;
|
|
|
|
# modern tls only, see https://syslink.pl/cipherlist/ for a more complete example
|
|
ssl_protocols TLSv1.3;
|
|
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
|
|
|
|
# set according to ACME/letsencrypt client
|
|
ssl_certificate /path/to/certificate.crt;
|
|
ssl_certificate_key /path/to/private.key;
|
|
|
|
# use "location /" if laminar is to be accessible at the (sub)domain root.
|
|
# alteratively, use a subdirectory such as "location /my-laminar/" and ensure that
|
|
# LAMINAR_BASE_URL=/my-laminar/ accordingly.
|
|
location / {
|
|
# set proxy_pass according to LAMINAR_BIND_HTTP.
|
|
# note that the laminar default for LAMINAR_BIND_HTTP is *:8080, which binds on all interfaces
|
|
# instead of just the loopback device and is almost certainly not what you want if you are using
|
|
# a reverse proxy. It should be set to 127.0.0.1:8080 at a minimum, or use unix sockets for more
|
|
# fine-grained control of permissions.
|
|
# see http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
|
|
# and https://laminar.ohwg.net/docs.html#Running-on-a-different-HTTP-port-or-Unix-socket
|
|
proxy_pass http://127.0.0.1:8080;
|
|
|
|
# required to allow laminar's SSE stream to pass correctly
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
}
|
|
|
|
# have nginx serve artefacts directly rather than having laminard do it
|
|
location /archive/ {
|
|
alias /var/lib/laminar/archive/;
|
|
}
|
|
}
|