baidakovru/nginx-ssl.conf at main · baidakovil/baidakovru · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
  server {
    listen 443 ssl;
    server_name baidakov.ru www.baidakov.ru;

    ssl_certificate /etc/letsencrypt/live/baidakov.ru/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/baidakov.ru/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384";

    client_max_body_size 4G;
    keepalive_timeout 5;
    set $app_dir /var/www/baidakovru;

    # path for static files
    root $app_dir;

    location / {
      # checks for static file, if not found proxy to app
      try_files $uri @proxy_to_app;
    }

    location @proxy_to_app {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Host $http_host;
      # we don't want nginx trying to do something clever with
      # redirects, we set the Host: header above already.
      proxy_redirect off;
      proxy_pass http://app_server;
    }

    error_page 404 500 502 503 504 /500.html;
    location = /errorpages/error.html {
      root $app_dir;
    }
  }