# Nginx configuration for Ditto with IPFS. # # Edit this file to change occurences of "example.com" to your own domain. upstream ditto { server 127.0.0.1:8000; } upstream ipfs_gateway { server 127.0.0.1:8080; } server { listen 80; listen [::]:80; location /.well-known/acme-challenge/ { allow all; } location / { return 301 https://$host$request_uri; } } server { # Uncomment these lines once you acquire a certificate: # listen 443 ssl http2; # listen [::]:443 ssl http2; server_name example.com; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; # Uncomment these lines once you acquire a certificate: # ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; keepalive_timeout 70; sendfile on; client_max_body_size 100m; ignore_invalid_headers off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location / { proxy_pass http://ditto; } } server { # Uncomment these lines once you acquire a certificate: # listen 443 ssl http2; # listen [::]:443 ssl http2; server_name media.example.com; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; # Uncomment these lines once you acquire a certificate: # ssl_certificate /etc/letsencrypt/live/media.example.com/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/media.example.com/privkey.pem; keepalive_timeout 70; sendfile on; client_max_body_size 1m; ignore_invalid_headers off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location / { proxy_pass http://ipfs_gateway; } }