ditto/installation/ditto.conf

97 lines
2.4 KiB
Plaintext
Raw Normal View History

2023-09-11 20:09:20 +00:00
# Nginx configuration for Ditto with IPFS.
#
# Edit this file to change occurences of "example.com" to your own domain.
upstream ditto {
2024-05-16 13:08:36 +00:00
server 127.0.0.1:4036;
2023-09-11 20:09:20 +00:00
}
upstream ipfs_gateway {
server 127.0.0.1:8080;
}
server {
listen 80;
listen [::]:80;
location /.well-known/acme-challenge/ { allow all; }
location / { return 301 https://$host$request_uri; }
}
server {
# Uncomment these lines once you acquire a certificate:
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
server_name example.com;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Uncomment these lines once you acquire a certificate:
# ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
keepalive_timeout 70;
sendfile on;
client_max_body_size 100m;
ignore_invalid_headers off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
2023-10-12 02:31:53 +00:00
location /packs {
add_header Cache-Control "public, max-age=31536000, immutable";
add_header Strict-Transport-Security "max-age=31536000" always;
root /opt/ditto/public;
}
location ~ ^/(instance|sw.js$|sw.js.map$) {
root /opt/ditto/public;
}
location /images {
root /opt/ditto/static;
}
2023-09-11 20:09:20 +00:00
location / {
proxy_pass http://ditto;
}
}
server {
# Uncomment these lines once you acquire a certificate:
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
server_name media.example.com;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Uncomment these lines once you acquire a certificate:
# ssl_certificate /etc/letsencrypt/live/media.example.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/media.example.com/privkey.pem;
keepalive_timeout 70;
sendfile on;
client_max_body_size 1m;
ignore_invalid_headers off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://ipfs_gateway;
}
}