ncole458/default

## default
# full nginx conf for Django w/web-sockets

upstream app_server {
    server 127.0.0.1:9000 fail_timeout=0;
}

upstream websocket {
    server 127.0.0.1:8002 fail_timeout=0;
}

server {
    listen 80;
    server_name api.domain.com.au;
    rewrite ^/(.*) https://api.domain.com.au/$1 permanent;
}

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    listen 443 ssl spdy;

    client_max_body_size 4G;
    server_name api.domain.com.au;

    ssl_certificate /home/api.domain.com.au.crt;
    ssl_certificate_key /home/api.domain.com.au.key;

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;

    ssl_session_cache shared:TLS:2m;

    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8;

    # Set HSTS to 365 days
    add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';

    # you need to create dhparam.pem locally
    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    keepalive_timeout 5;
    proxy_connect_timeout 7d;
    proxy_send_timeout 7d;
    proxy_read_timeout 7d;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_redirect off;
        proxy_pass http://app_server;
    }

    location /websockets {
       proxy_pass http://websocket;
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
    }

}
	# full nginx conf for Django w/web-sockets

	upstream app_server {
	server 127.0.0.1:9000 fail_timeout=0;
	}

	upstream websocket {
	server 127.0.0.1:8002 fail_timeout=0;
	}

	server {
	listen 80;
	server_name api.domain.com.au;
	rewrite ^/(.*) https://api.domain.com.au/$1 permanent;
	}

	server {
	listen 80 default_server;
	listen [::]:80 default_server ipv6only=on;

	listen 443 ssl spdy;

	client_max_body_size 4G;
	server_name api.domain.com.au;

	ssl_certificate /home/api.domain.com.au.crt;
	ssl_certificate_key /home/api.domain.com.au.key;

	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
	ssl_prefer_server_ciphers on;
	ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;

	ssl_session_cache shared:TLS:2m;

	# OCSP stapling
	ssl_stapling on;
	ssl_stapling_verify on;
	resolver 8.8.8.8;

	# Set HSTS to 365 days
	add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';

	# you need to create dhparam.pem locally
	ssl_dhparam /etc/ssl/certs/dhparam.pem;

	keepalive_timeout 5;
	proxy_connect_timeout 7d;
	proxy_send_timeout 7d;
	proxy_read_timeout 7d;

	location / {
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_set_header X-Forwarded-Protocol $scheme;
	proxy_redirect off;
	proxy_pass http://app_server;
	}

	location /websockets {
	proxy_pass http://websocket;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	}

	}