72 lines
2.3 KiB
Nginx Configuration File
72 lines
2.3 KiB
Nginx Configuration File
# justask nginx config
|
|
|
|
# Redirect www.retrospring.net to retrospring.net, because it looks nicer.
|
|
server {
|
|
listen *:80;
|
|
listen *:443;
|
|
server_name www.retrospring.net;
|
|
return 301 $scheme://retrospring.net$request_uri;
|
|
}
|
|
|
|
|
|
# This is a normal HTTP host which redirects all traffic to the HTTPS host.
|
|
server {
|
|
listen *:80;
|
|
# Replace retrospring.net with your FQDN.
|
|
server_name retrospring.net;
|
|
server_tokens off;
|
|
# root doesn't have to be a valid path since we are redirecting
|
|
root /nowhere;
|
|
rewrite ^ https://$server_name$request_uri permanent;
|
|
}
|
|
|
|
|
|
# The actual configuration.
|
|
server {
|
|
# SSL settings
|
|
listen 443 ssl;
|
|
|
|
ssl on;
|
|
ssl_certificate /usr/local/etc/nginx/ssl/certs/retrospring.net/retrospring.net.pem;
|
|
ssl_certificate_key /usr/local/etc/nginx/ssl/certs/retrospring.net/retrospring.net.key;
|
|
|
|
# use this header only if all subdomains support HTTPS!
|
|
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
|
|
|
|
ssl_session_cache builtin:1000 shared:SSL:10m;
|
|
|
|
# forward secrecy settings
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
|
|
|
|
# Replace retrospring.net with your FQDN
|
|
server_name retrospring.net;
|
|
server_tokens off;
|
|
|
|
# Replace /usr/home/justask/justask with the path to your justask installation
|
|
root /usr/home/justask/justask/public;
|
|
access_log /var/log/nginx/justask.log;
|
|
|
|
client_max_body_size 5M;
|
|
|
|
error_page 404 = /404.html;
|
|
error_page 422 = /422.html;
|
|
error_page 500 = /500.html;
|
|
error_page 502 = /502.html;
|
|
|
|
try_files $uri @justask;
|
|
|
|
location @justask {
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header Host $http_host;
|
|
proxy_max_temp_file_size 0;
|
|
|
|
# Replace /usr/home/justask/justask with the path to your justask installation
|
|
proxy_pass http://unix:/usr/home/justask/justask/tmp/sockets/justask.sock;
|
|
break;
|
|
}
|
|
}
|
|
|