layerindex-web/docker/nginx-ssl.conf

#daemon off; ##Included in CMD
error_log /dev/stdout info;
worker_processes 1;

# user nobody nogroup;
pid /tmp/nginx.pid;

events {
    worker_connections 1024;
    accept_mutex off;
}

http {
    include mime.types;
    default_type application/octet-stream;
    access_log /dev/stdout combined;
    sendfile on;

    upstream app_server {
        # For a TCP configuration:
        server layersapp:5000 fail_timeout=0;
    }

    server {
        listen 80 default;
        client_max_body_size 4G;
        server_name _;

        keepalive_timeout 5;

        # path for static files
        root /usr/share/nginx/html;

	return 301 https://layers.openembedded.org$request_uri;
    }

    server {
        listen 80;
        client_max_body_size 4G;
        server_name layers.openembedded.org;

        keepalive_timeout 5;

        # path for static files
        root /usr/share/nginx/html;

	location /favicon.ico {
	    return 301 http://layers.openembedded.org/static/img/favicon.ico;
	}

	location /admin {
	    return 301 https://layers.openembedded.org$request_uri;
	}

        location /accounts/login {
	    return 301 https://layers.openembedded.org$request_uri;
        }

        location / {
	   try_files $uri @proxy_to_app;
        }

        location @proxy_to_app {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_redirect off;

            proxy_pass   http://app_server;
        }

    }

    server {
        listen              443 ssl default;
        server_name _;
        ssl_certificate     /etc/letsencrypt/live/layers.openembedded.org/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/layers.openembedded.org/privkey.pem;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;

        keepalive_timeout 5;

        # path for static files
        root /usr/share/nginx/html;

	return 301 https://layers.openembedded.org$request_uri;
    }

    server {
        listen              443 ssl;
        server_name         layers.openembedded.org;
        ssl_certificate     /etc/letsencrypt/live/layers.openembedded.org/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/layers.openembedded.org/privkey.pem;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;

        # path for static files
        root /usr/share/nginx/html;

	location /favicon.ico {
	    return 301 https://layers.openembedded.org/static/img/favicon.ico;
	}

        location / {
           try_files $uri @proxy_to_app;
        }

        location @proxy_to_app {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_redirect off;

            proxy_pass   http://app_server;
        }
    }
}