Created
July 10, 2017 21:30
-
-
Save brettdewoody/3464d8b5c91e2f8c9ab26e14dc7f25e6 to your computer and use it in GitHub Desktop.
Nginx configuration for Ghost with l
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
upstream ghost_upstream { | |
server 127.0.0.1:2368; | |
keepalive 64; | |
} | |
proxy_cache_path /var/run/cache levels=1:2 keys_zone=STATIC:75m inactive=24h max_size=512m; | |
server { | |
listen 80; | |
server_name www.brettdewoody.com brettdewoody.com; | |
return 301 https://brettdewoody.com$request_uri; | |
} | |
server { | |
listen 443 ssl; | |
server_name www.brettdewoody.com brettdewoody.com; | |
ssl_certificate /etc/letsencrypt/live/brettdewoody.com/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/brettdewoody.com/privkey.pem; | |
include /etc/letsencrypt/options-ssl-nginx.conf; | |
add_header X-Cache $upstream_cache_status; | |
location / { | |
proxy_cache STATIC; | |
proxy_cache_valid 200 30m; | |
proxy_cache_valid 404 1m; | |
proxy_pass http://ghost_upstream; | |
proxy_ignore_headers X-Accel-Expires Expires Cache-Control; | |
proxy_ignore_headers Set-Cookie; | |
proxy_hide_header Set-Cookie; | |
proxy_hide_header X-powered-by; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_set_header X-Forwarded-Proto https; | |
expires 10m; | |
} | |
location /content/images { | |
alias /var/www/ghost/content/images; | |
access_log off; | |
expires max; | |
} | |
location /assets { | |
alias /var/www/ghost/content/themes/ghost-wharton/assets; | |
access_log off; | |
expires max; | |
add_header Pragma public; | |
add_header Cache-Control "public"; | |
proxy_pass http://localhost:2368/assets/; | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-Proto https; | |
proxy_buffering off; | |
} | |
location /public { | |
#alias /path/to/ghost/core/built/public; | |
#access_log off; | |
#expires max; | |
expires 365d; | |
add_header Pragma public; | |
add_header Cache-Control "public"; | |
proxy_pass http://localhost:2368/public/; | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-Proto https; | |
proxy_buffering off; | |
} | |
location /ghost/scripts { | |
alias /path/to/ghost/core/built/scripts; | |
access_log off; | |
expires max; | |
proxy_set_header X-Forwarded-Proto https; | |
} | |
location ~ ^/(?:ghost|signout) { | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header Host $http_host; | |
proxy_pass http://ghost_upstream; | |
proxy_set_header X-Forwarded-Proto https; | |
add_header Cache-Control "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0"; | |
} | |
if ($scheme != "https") { | |
return 301 https://$host$request_uri; | |
} # managed by Certbot | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment