mirror of
https://github.com/ggogel/seafile-containerized.git
synced 2024-11-16 17:05:32 +00:00
95 lines
2.9 KiB
Nginx Configuration File
95 lines
2.9 KiB
Nginx Configuration File
# -*- mode: nginx -*-
|
|
# Auto generated at {{ current_timestr }}
|
|
{% if https -%}
|
|
server {
|
|
listen 80;
|
|
server_name _ default_server;
|
|
|
|
# allow certbot to connect to challenge location via HTTP Port 80
|
|
# otherwise renewal request will fail
|
|
location /.well-known/acme-challenge/ {
|
|
alias /var/www/challenges/;
|
|
try_files $uri =404;
|
|
}
|
|
|
|
location / {
|
|
rewrite ^ https://{{ domain }}$request_uri? permanent;
|
|
}
|
|
}
|
|
{% endif -%}
|
|
|
|
server {
|
|
{% if https -%}
|
|
listen 443;
|
|
ssl on;
|
|
ssl_certificate /shared/ssl/{{ domain }}.crt;
|
|
ssl_certificate_key /shared/ssl/{{ domain }}.key;
|
|
|
|
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
|
|
|
|
# TODO: More SSL security hardening: ssl_session_tickets & ssl_dhparam
|
|
# ssl_session_tickets on;
|
|
# ssl_session_ticket_key /etc/nginx/sessionticket.key;
|
|
# ssl_session_cache shared:SSL:10m;
|
|
# ssl_session_timeout 10m;
|
|
{% else -%}
|
|
listen 80;
|
|
{% endif -%}
|
|
|
|
server_name {{ domain }};
|
|
|
|
client_max_body_size 10m;
|
|
|
|
location / {
|
|
proxy_pass http://127.0.0.1:8000/;
|
|
proxy_read_timeout 310s;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header Connection "";
|
|
proxy_http_version 1.1;
|
|
|
|
client_max_body_size 0;
|
|
access_log /var/log/nginx/seahub.access.log seafileformat;
|
|
error_log /var/log/nginx/seahub.error.log;
|
|
}
|
|
|
|
location /seafhttp {
|
|
rewrite ^/seafhttp(.*)$ $1 break;
|
|
proxy_pass http://127.0.0.1:8082;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
client_max_body_size 0;
|
|
proxy_connect_timeout 36000s;
|
|
proxy_read_timeout 36000s;
|
|
proxy_request_buffering off;
|
|
access_log /var/log/nginx/seafhttp.access.log seafileformat;
|
|
error_log /var/log/nginx/seafhttp.error.log;
|
|
}
|
|
|
|
location /seafdav {
|
|
proxy_pass http://127.0.0.1:8080;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Host $server_name;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_read_timeout 1200s;
|
|
client_max_body_size 0;
|
|
|
|
access_log /var/log/nginx/seafdav.access.log seafileformat;
|
|
error_log /var/log/nginx/seafdav.error.log;
|
|
}
|
|
|
|
location /media {
|
|
root /opt/seafile/seafile-server-latest/seahub;
|
|
}
|
|
|
|
# For letsencrypt
|
|
location /.well-known/acme-challenge/ {
|
|
alias /var/www/challenges/;
|
|
try_files $uri =404;
|
|
}
|
|
}
|