Skip to content

Instantly share code, notes, and snippets.

@brettdewoody brettdewoody/ghost
Created Jul 10, 2017

Embed
What would you like to do?
Nginx configuration for Ghost with l
upstream ghost_upstream {
server 127.0.0.1:2368;
keepalive 64;
}
proxy_cache_path /var/run/cache levels=1:2 keys_zone=STATIC:75m inactive=24h max_size=512m;
server {
listen 80;
server_name www.brettdewoody.com brettdewoody.com;
return 301 https://brettdewoody.com$request_uri;
}
server {
listen 443 ssl;
server_name www.brettdewoody.com brettdewoody.com;
ssl_certificate /etc/letsencrypt/live/brettdewoody.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/brettdewoody.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
add_header X-Cache $upstream_cache_status;
location / {
proxy_cache STATIC;
proxy_cache_valid 200 30m;
proxy_cache_valid 404 1m;
proxy_pass http://ghost_upstream;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
proxy_ignore_headers Set-Cookie;
proxy_hide_header Set-Cookie;
proxy_hide_header X-powered-by;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
expires 10m;
}
location /content/images {
alias /var/www/ghost/content/images;
access_log off;
expires max;
}
location /assets {
alias /var/www/ghost/content/themes/ghost-wharton/assets;
access_log off;
expires max;
add_header Pragma public;
add_header Cache-Control "public";
proxy_pass http://localhost:2368/assets/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_buffering off;
}
location /public {
#alias /path/to/ghost/core/built/public;
#access_log off;
#expires max;
expires 365d;
add_header Pragma public;
add_header Cache-Control "public";
proxy_pass http://localhost:2368/public/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_buffering off;
}
location /ghost/scripts {
alias /path/to/ghost/core/built/scripts;
access_log off;
expires max;
proxy_set_header X-Forwarded-Proto https;
}
location ~ ^/(?:ghost|signout) {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://ghost_upstream;
proxy_set_header X-Forwarded-Proto https;
add_header Cache-Control "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0";
}
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.