mirror of
https://github.com/xuthus83/pigallery2.git
synced 2025-01-14 14:43:17 +08:00
be408e43b1
TLS 1.3 has been supported in nginx since 2018. This change brings nginx.conf to parity with what nginx recommends by default.
110 lines
2.4 KiB
Nginx Configuration File
110 lines
2.4 KiB
Nginx Configuration File
events {
|
|
|
|
}
|
|
|
|
http {
|
|
|
|
##
|
|
# Basic Settings
|
|
##
|
|
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 65;
|
|
types_hash_max_size 2048;
|
|
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
##
|
|
# SSL Settings
|
|
##
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
##
|
|
# Logging Settings
|
|
##
|
|
|
|
access_log /var/log/nginx/access.log;
|
|
error_log /var/log/nginx/error.log;
|
|
|
|
##
|
|
# Gzip Settings
|
|
##
|
|
|
|
gzip on;
|
|
gzip_proxied any;
|
|
gzip_comp_level 6;
|
|
gzip_types
|
|
text/css
|
|
text/plain
|
|
text/javascript
|
|
text/markdown
|
|
application/javascript
|
|
application/json
|
|
application/gpx+xml
|
|
application/x-javascript
|
|
application/xml
|
|
application/xml+rss
|
|
application/xhtml+xml
|
|
application/x-font-ttf
|
|
application/x-font-opentype
|
|
application/vnd.ms-fontobject
|
|
image/svg+xml
|
|
image/x-icon
|
|
application/rss+xml
|
|
application/atom_xml;
|
|
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
|
|
|
|
|
|
##
|
|
# Virtual Host Configs
|
|
##
|
|
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
|
|
server_name yourdomain.com www.yourdomain.com; # CHANGE ME
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
|
|
server {
|
|
server_name yourdomain.com; # CHANGE ME
|
|
|
|
|
|
# Only allow all methods (GET,POST,PUT,etc..) for root (/pgapi).
|
|
# see https://github.com/bpatrik/pigallery2/issues/214
|
|
location /pgapi { # NOTE: no ending '/' as it would forward /pgapi to /
|
|
proxy_pass http://pigallery2:80; # forwarding to the other container, named 'pigallery2'
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection 'upgrade';
|
|
proxy_set_header Host $host;
|
|
proxy_cache_bypass $http_upgrade;
|
|
}
|
|
|
|
location / {
|
|
limit_except GET {
|
|
deny all;
|
|
}
|
|
proxy_pass http://pigallery2:80; # forwarding to the other container, named 'pigallery2'
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection 'upgrade';
|
|
proxy_set_header Host $host;
|
|
proxy_cache_bypass $http_upgrade;
|
|
}
|
|
|
|
listen 443 ssl default_server;
|
|
listen [::]:443 ssl default_server;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; # CHANGE ME
|
|
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; # CHANGE ME
|
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
}
|
|
}
|