Skip to content

Instantly share code, notes, and snippets.

Forked from bkawk/default
Created October 11, 2022 23:08
Show Gist options
  • Save bsormagec/abe4a0fec8c852072905c1d284b63fce to your computer and use it in GitHub Desktop.
Save bsormagec/abe4a0fec8c852072905c1d284b63fce to your computer and use it in GitHub Desktop.
nginx reverse proxy with caching and SSL for IPFS
map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript max;
~image/ max;
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
expires $expires;
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache STATIC;
proxy_cache_valid 200 1d;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
server {
listen 80;
listen [::]:80;
return 301 https://$server_name$request_uri;
user www-data;
worker_processes auto;
pid /run/;
events {
worker_connections 768;
# multi_accept on;
http {
proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
gzip_vary on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
ssl_session_cache shared:SSL:5m;
ssl_session_timeout 1h;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment