-
-
Save kohenkatz/08a74d757e0695f4ec3dc34c44ea4369 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### This file is for cloud.example.com. | |
### | |
### It listens on port 443 and proxies requests to Mattermost | |
upstream backend { | |
server 127.0.0.1:8065; | |
} | |
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off; | |
server { | |
listen 443 ssl http2; | |
listen [::]:443 ssl http2; | |
server_name chat.example.com; | |
access_log /var/log/nginx/chat.example.com_access.log; | |
error_log /var/log/nginx/chat.example.com_error.log; | |
ssl on; | |
ssl_certificate /etc/letsencrypt/live/chat.example.com/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/chat.example.com/privkey.pem; | |
ssl_session_cache shared:SSL:5m; | |
server_tokens off; | |
include /etc/letsencrypt/options-ssl-nginx.conf; | |
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; | |
proxy_set_header X-Forwarded-For $remote_addr; | |
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; | |
location ~/api/v[0-9]+/(users/)?websocket$ { | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "upgrade"; | |
client_max_body_size 50M; | |
proxy_set_header Host $http_host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header X-Frame-Options SAMEORIGIN; | |
proxy_buffers 256 16k; | |
proxy_buffer_size 16k; | |
proxy_read_timeout 600s; | |
proxy_pass http://backend; | |
} | |
location / { | |
client_max_body_size 50M; | |
proxy_set_header Connection ""; | |
proxy_set_header Host $http_host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header X-Frame-Options SAMEORIGIN; | |
proxy_buffers 256 16k; | |
proxy_buffer_size 16k; | |
proxy_read_timeout 600s; | |
proxy_cache mattermost_cache; | |
proxy_cache_revalidate on; | |
proxy_cache_min_uses 2; | |
proxy_cache_use_stale timeout; | |
proxy_cache_lock on; | |
proxy_pass http://backend; | |
} | |
# Redirect all LetsEncrypt checks for ALL domains on this | |
# server to all go to the same location. | |
# This way we can much more easily validate new domains added to this server. | |
location ~ /\.well-known { | |
# NOTE: This is the nginx default path for Ubuntu. | |
# If needed, change it to your nginx default path or any other location of your choice. | |
root /usr/share/nginx/html; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### This file is for cloud.example.com. | |
### | |
### It listens on port 443 and proxies requests to Seafile | |
server { | |
listen 443 ssl http2; | |
listen [::]:443 ssl http2; | |
server_name cloud.example.com; | |
access_log /var/log/nginx/cloud.example.com_access.log; | |
error_log /var/log/nginx/cloud.example.com_error.log; | |
ssl on; | |
ssl_certificate /etc/letsencrypt/live/cloud.example.com/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/cloud.example.com/privkey.pem; | |
ssl_session_cache shared:SSL:5m; | |
server_tokens off; | |
include /etc/letsencrypt/options-ssl-nginx.conf; | |
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; | |
proxy_set_header X-Forwarded-For $remote_addr; | |
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; | |
location / { | |
proxy_pass http://127.0.0.1:8000; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Host $server_name; | |
proxy_set_header X-Forwarded-Proto https; | |
proxy_read_timeout 1200s; | |
# used for view/edit office file via Office Online Server | |
client_max_body_size 0; | |
access_log /var/log/nginx/seahub.access.log; | |
error_log /var/log/nginx/seahub.error.log; | |
} | |
location /seafhttp { | |
rewrite ^/seafhttp(.*)$ $1 break; | |
proxy_pass http://127.0.0.1:8082; | |
client_max_body_size 0; | |
proxy_connect_timeout 36000s; | |
proxy_read_timeout 36000s; | |
proxy_send_timeout 36000s; | |
send_timeout 36000s; | |
proxy_request_buffering off; | |
} | |
location /media { | |
root /home/user/seafile.cloud/seafile-server-latest/seahub; | |
} | |
location /webdav { | |
fastcgi_pass 127.0.0.1:8080; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
fastcgi_param PATH_INFO $fastcgi_script_name; | |
fastcgi_param SERVER_PROTOCOL $server_protocol; | |
fastcgi_param QUERY_STRING $query_string; | |
fastcgi_param REQUEST_METHOD $request_method; | |
fastcgi_param CONTENT_TYPE $content_type; | |
fastcgi_param CONTENT_LENGTH $content_length; | |
fastcgi_param SERVER_ADDR $server_addr; | |
fastcgi_param SERVER_PORT $server_port; | |
fastcgi_param SERVER_NAME $server_name; | |
fastcgi_param HTTPS on; | |
fastcgi_param HTTP_SCHEME https; | |
client_max_body_size 0; | |
proxy_connect_timeout 36000s; | |
proxy_read_timeout 36000s; | |
proxy_send_timeout 36000s; | |
send_timeout 36000s; | |
# This option is only available for Nginx >= 1.8.0. See more details below. | |
proxy_request_buffering off; | |
access_log /var/log/nginx/seafdav.access.log; | |
error_log /var/log/nginx/seafdav.error.log; | |
} | |
# Redirect all LetsEncrypt checks for ALL domains on this | |
# server to all go to the same location. | |
# This way we can much more easily validate new domains added to this server. | |
location ~ /\.well-known { | |
# NOTE: This is the nginx default path for Ubuntu. | |
# If needed, change it to your nginx default path or any other location of your choice. | |
root /usr/share/nginx/html; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### This file makes nginx listen on port 80 and redirect | |
### all requests to the same domain on HTTPS. | |
### | |
### If you only want it to work for certain domains on the host, | |
### change `server_name` to be a space-separated list of those domains. | |
server { | |
listen 80 default_server; | |
listen [::]:80 default_server; | |
server_name localhost; | |
location / { | |
return 301 https://$host$request_uri; | |
} | |
# Redirect all LetsEncrypt checks for ALL domains on this | |
# server to all go to the same location. | |
# This way we can much more easily validate new domains added to this server. | |
location ~ /\.well-known { | |
# NOTE: This is the nginx default path for Ubuntu. | |
# If needed, change it to your nginx default path or any other location of your choice. | |
root /usr/share/nginx/html; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment