Instantly share code, notes, and snippets.

@kohenkatz /chat.conf Secret
Last active May 16, 2018

Embed
What would you like to do?
### This file is for cloud.example.com.
###
### It listens on port 443 and proxies requests to Mattermost
upstream backend {
server 127.0.0.1:8065;
}
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name chat.example.com;
access_log /var/log/nginx/chat.example.com_access.log;
error_log /var/log/nginx/chat.example.com_error.log;
ssl on;
ssl_certificate /etc/letsencrypt/live/chat.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chat.example.com/privkey.pem;
ssl_session_cache shared:SSL:5m;
server_tokens off;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location ~/api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_pass http://backend;
}
location / {
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_pass http://backend;
}
# Redirect all LetsEncrypt checks for ALL domains on this
# server to all go to the same location.
# This way we can much more easily validate new domains added to this server.
location ~ /\.well-known {
# NOTE: This is the nginx default path for Ubuntu.
# If needed, change it to your nginx default path or any other location of your choice.
root /usr/share/nginx/html;
}
}
### This file is for cloud.example.com.
###
### It listens on port 443 and proxies requests to Seafile
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cloud.example.com;
access_log /var/log/nginx/cloud.example.com_access.log;
error_log /var/log/nginx/cloud.example.com_error.log;
ssl on;
ssl_certificate /etc/letsencrypt/live/cloud.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloud.example.com/privkey.pem;
ssl_session_cache shared:SSL:5m;
server_tokens off;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 1200s;
# used for view/edit office file via Office Online Server
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
proxy_request_buffering off;
}
location /media {
root /home/user/seafile.cloud/seafile-server-latest/seahub;
}
location /webdav {
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
# This option is only available for Nginx >= 1.8.0. See more details below.
proxy_request_buffering off;
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
# Redirect all LetsEncrypt checks for ALL domains on this
# server to all go to the same location.
# This way we can much more easily validate new domains added to this server.
location ~ /\.well-known {
# NOTE: This is the nginx default path for Ubuntu.
# If needed, change it to your nginx default path or any other location of your choice.
root /usr/share/nginx/html;
}
}
### This file makes nginx listen on port 80 and redirect
### all requests to the same domain on HTTPS.
###
### If you only want it to work for certain domains on the host,
### change `server_name` to be a space-separated list of those domains.
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name localhost;
location / {
return 301 https://$host$request_uri;
}
# Redirect all LetsEncrypt checks for ALL domains on this
# server to all go to the same location.
# This way we can much more easily validate new domains added to this server.
location ~ /\.well-known {
# NOTE: This is the nginx default path for Ubuntu.
# If needed, change it to your nginx default path or any other location of your choice.
root /usr/share/nginx/html;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment