|
1 upstream annotation-api { |
|
2 server {{annotations_api_host}}:{{annotations_api_port}}; |
|
3 server 127.0.0.1 backup; |
|
4 } |
|
5 |
|
6 upstream discussion-api { |
|
7 server {{discussions_host}}:{{discussions_port}}; |
|
8 server 127.0.0.1 backup; |
|
9 } |
|
10 |
|
11 |
|
12 server { |
|
13 listen 80; |
|
14 listen [::]:80; |
|
15 |
|
16 server_name {{static_server_name}}; |
|
17 return 301 https://$host$request_uri; |
|
18 } |
|
19 |
|
20 server { |
|
21 listen 443 ssl http2; |
|
22 listen [::]:443 ssl http2; |
|
23 |
|
24 server_name {{static_server_name}}; |
|
25 |
|
26 access_log /var/log/nginx/{{static_server_name}}-access.log; |
|
27 error_log /var/log/nginx/{{static_server_name}}-error.log; |
|
28 |
|
29 ssl_certificate /etc/letsencrypt/live/{{static_server_name}}/fullchain.pem; |
|
30 ssl_certificate_key /etc/letsencrypt/live/{{static_server_name}}/privkey.pem; |
|
31 |
|
32 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
|
33 ssl_prefer_server_ciphers on; |
|
34 ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; |
|
35 |
|
36 |
|
37 root {{remote_static_path}}/; |
|
38 index index.html index.htm; |
|
39 |
|
40 location /.well-known/acme-challenge { |
|
41 alias /var/lib/letsencrypt/.well-known/acme-challenge; |
|
42 default_type "text/plain"; |
|
43 try_files $uri =404; |
|
44 } |
|
45 |
|
46 location {{annotations_api_url}}/ { |
|
47 uwsgi_pass annotation-api; |
|
48 include /etc/nginx/uwsgi_params; |
|
49 } |
|
50 |
|
51 location {{discussions_url}}/ { |
|
52 uwsgi_pass discussion-api; |
|
53 include /etc/nginx/uwsgi_params; |
|
54 } |
|
55 |
|
56 location / { |
|
57 # First attempt to serve request as file, then |
|
58 # as directory, then fall back to displaying a 404. |
|
59 try_files $uri $uri/ /index.html; |
|
60 # Uncomment to enable naxsi on this location |
|
61 # include /etc/nginx/naxsi.rules |
|
62 } |
|
63 } |