Last active
November 29, 2018 23:30
-
-
Save Capriatto/fa5b59ceaaed667cb2a8f08a2c67fd41 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #proxying requests to other server. | |
| upstream webserver { | |
| server 127.0.0.1:8069 weight=1 fail_timeout=600s; | |
| } | |
| #server listening 80 port | |
| server { | |
| listen 80; | |
| server_name example.com; | |
| # Strict Transport Security | |
| add_header Strict-Transport-Security max-age=2592000; | |
| #redirect to htts | |
| rewrite ^/.*$ https://$host$request_uri? permanent; | |
| location / { | |
| proxy_pass http://127.0.0.1:8069; | |
| proxy_read_timeout 300000; | |
| } | |
| } | |
| #server listening 443 port for domain 1 | |
| server { | |
| listen 443; | |
| server_name example.com; | |
| keepalive_timeout 60; | |
| # Specifies the maximum accepted body size of a client request, | |
| # as indicated by the request header Content-Length. | |
| client_max_body_size 200m; | |
| ssl on; #ssl certs | |
| ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot | |
| ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot | |
| include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | |
| ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | |
| # increase proxy buffer to handle some OpenERP web requests | |
| proxy_buffers 16 64k; | |
| proxy_buffer_size 128k; | |
| # Redirect non-https traffic to https | |
| if ($scheme != "https") { | |
| return 301 https://$host$request_uri; | |
| } | |
| location / { | |
| proxy_pass http://webserver; | |
| # force timeouts if the backend dies | |
| proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; | |
| # set headers | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; | |
| # Let the OpenERP web service know that we're using HTTPS, otherwise | |
| # it will generate URL using http:// and not https:// | |
| proxy_set_header X-Forwarded-Proto https; | |
| # by default, do not forward anything | |
| proxy_redirect off; | |
| proxy_read_timeout 300000; | |
| } | |
| # cache some static data in memory for 60mins. | |
| # under heavy load this should relieve stress on the OpenERP web interface a bit. | |
| location ~* /web/static/ { | |
| proxy_cache_valid 200 60m; | |
| proxy_buffering on; | |
| expires 864000; | |
| proxy_pass http://webserver; | |
| proxy_read_timeout 300000; | |
| } | |
| } | |
| #server listening 443 port for domain 2 | |
| server { | |
| listen 443; | |
| server_name example1.com; | |
| keepalive_timeout 60; | |
| # Specifies the maximum accepted body size of a client request, | |
| # as indicated by the request header Content-Length. | |
| client_max_body_size 200m; | |
| ssl on; #ssl certs | |
| ssl_certificate /etc/letsencrypt/live/example1.com/fullchain.pem; # managed by Certbot | |
| ssl_certificate_key /etc/letsencrypt/live/example1.com/privkey.pem; # managed by Certbot | |
| include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | |
| ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | |
| # increase proxy buffer to handle some OpenERP web requests | |
| proxy_buffers 16 64k; | |
| proxy_buffer_size 128k; | |
| # Redirect non-https traffic to https | |
| if ($scheme != "https") { | |
| return 301 https://$host$request_uri; | |
| } # managed by Certbot | |
| location / { | |
| proxy_pass http://webserver; | |
| # force timeouts if the backend dies | |
| proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; | |
| # set headers | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; | |
| # Let the OpenERP web service know that we're using HTTPS, otherwise | |
| # it will generate URL using http:// and not https:// | |
| proxy_set_header X-Forwarded-Proto https; | |
| # by default, do not forward anything | |
| proxy_redirect off; | |
| proxy_read_timeout 300000; | |
| } | |
| # cache some static data in memory for 60mins. | |
| # under heavy load this should relieve stress on the OpenERP web interface a bit. | |
| location ~* /web/static/ { | |
| proxy_cache_valid 200 60m; | |
| proxy_buffering on; | |
| expires 864000; | |
| proxy_pass http://webserver; | |
| proxy_read_timeout 300000; | |
| } | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment