2023-09-11 20:09:20 +00:00
|
|
|
# Nginx configuration for Ditto with IPFS.
|
|
|
|
#
|
|
|
|
# Edit this file to change occurences of "example.com" to your own domain.
|
|
|
|
|
|
|
|
upstream ditto {
|
|
|
|
server 127.0.0.1:8000;
|
|
|
|
}
|
|
|
|
|
|
|
|
upstream ipfs_gateway {
|
|
|
|
server 127.0.0.1:8080;
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
listen [::]:80;
|
|
|
|
location /.well-known/acme-challenge/ { allow all; }
|
|
|
|
location / { return 301 https://$host$request_uri; }
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
# Uncomment these lines once you acquire a certificate:
|
|
|
|
# listen 443 ssl http2;
|
|
|
|
# listen [::]:443 ssl http2;
|
|
|
|
server_name example.com;
|
|
|
|
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
|
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
ssl_session_cache shared:SSL:10m;
|
|
|
|
ssl_session_tickets off;
|
|
|
|
|
|
|
|
# Uncomment these lines once you acquire a certificate:
|
|
|
|
# ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
|
|
|
|
# ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
|
|
|
|
|
|
|
|
keepalive_timeout 70;
|
|
|
|
sendfile on;
|
|
|
|
client_max_body_size 100m;
|
|
|
|
ignore_invalid_headers off;
|
|
|
|
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_set_header Host $http_host;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
|
2023-10-12 02:31:53 +00:00
|
|
|
location /packs {
|
|
|
|
add_header Cache-Control "public, max-age=31536000, immutable";
|
|
|
|
add_header Strict-Transport-Security "max-age=31536000" always;
|
|
|
|
root /opt/ditto/public;
|
|
|
|
}
|
|
|
|
|
|
|
|
location ~ ^/(instance|sw.js$|sw.js.map$) {
|
|
|
|
root /opt/ditto/public;
|
|
|
|
}
|
|
|
|
|
|
|
|
location /images {
|
|
|
|
root /opt/ditto/static;
|
|
|
|
}
|
|
|
|
|
2023-09-11 20:09:20 +00:00
|
|
|
location / {
|
|
|
|
proxy_pass http://ditto;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
# Uncomment these lines once you acquire a certificate:
|
|
|
|
# listen 443 ssl http2;
|
|
|
|
# listen [::]:443 ssl http2;
|
|
|
|
server_name media.example.com;
|
|
|
|
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
|
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
ssl_session_cache shared:SSL:10m;
|
|
|
|
ssl_session_tickets off;
|
|
|
|
|
|
|
|
# Uncomment these lines once you acquire a certificate:
|
|
|
|
# ssl_certificate /etc/letsencrypt/live/media.example.com/fullchain.pem;
|
|
|
|
# ssl_certificate_key /etc/letsencrypt/live/media.example.com/privkey.pem;
|
|
|
|
|
|
|
|
keepalive_timeout 70;
|
|
|
|
sendfile on;
|
|
|
|
client_max_body_size 1m;
|
|
|
|
ignore_invalid_headers off;
|
|
|
|
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_set_header Host $http_host;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
|
|
|
|
location / {
|
|
|
|
proxy_pass http://ipfs_gateway;
|
|
|
|
}
|
|
|
|
}
|