diff -r e7c7e6e0a8bc -r 62bffc051e1c deploy/templates/nginx.static.ssl.conf.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/templates/nginx.static.ssl.conf.j2 Wed Nov 28 15:45:37 2018 +0100 @@ -0,0 +1,68 @@ +upstream {{backend_upstream_name}} { + server {{backend_host}}:{{backend_port}}; + server 127.0.0.1 backup; +} + +server { + listen 80; + listen [::]:80; + + server_name {{static_server_name}}; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name {{static_server_name}}; + + access_log /var/log/nginx/{{static_server_name}}-access.log; + error_log /var/log/nginx/{{static_server_name}}-error.log; + + ssl_certificate /etc/letsencrypt/live/{{static_server_name}}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{static_server_name}}/privkey.pem; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + root {{remote_static_path}}/; + index index.html index.htm; + + location /.well-known/acme-challenge { + alias /var/lib/letsencrypt/.well-known/acme-challenge; + default_type "text/plain"; + try_files $uri =404; + } + + location {{backend_url}}/api { + uwsgi_pass {{backend_upstream_name}}; + include /etc/nginx/uwsgi_params; + } + + location {{backend_url}}/admin { + uwsgi_pass {{backend_upstream_name}}; + include /etc/nginx/uwsgi_params; + } + + location {{backend_url}}/auth { + uwsgi_pass {{backend_upstream_name}}; + include /etc/nginx/uwsgi_params; + } + + location /backend/static { + alias {{backend_nginx_static_root}}; # backend static files + } + + location /backend/media { + alias {{backend_nginx_media_root}}; # backend media files + } + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ /index.html; + } + +}