MIRRORS/layerindex-web
1
0
Fork 0
mirror of git://git.yoctoproject.org/layerindex-web.git synced 2025-07-19 12:09:04 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
efe74a451f
layerindex-web/docker/nginx-ssl.conf
Paul Eggleton efe74a451f dockersetup: add letsencrypt support 
The application is most likely to be used in an internal setting,
however should someone want to make it accessible externally, add
support for Let's Encrypt certificates for serving via HTTPS.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
2019-07-17 11:30:56 +12:00

121 lines
3.0 KiB
Plaintext
Raw Blame History

#daemon off; ##Included in CMD
error_log /dev/stdout info;
worker_processes 1;
# user nobody nogroup;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
accept_mutex off;
}
http {
include mime.types;
default_type application/octet-stream;
access_log /dev/stdout combined;
sendfile on;
upstream app_server {
# For a TCP configuration:
server layersapp:5000 fail_timeout=0;
}
server {
listen 80 default;
client_max_body_size 4G;
server_name _;
keepalive_timeout 5;
# path for static files
root /usr/share/nginx/html;
return 301 https://layers.openembedded.org$request_uri;
}
server {
listen 80;
client_max_body_size 4G;
server_name layers.openembedded.org;
keepalive_timeout 5;
# path for static files
root /usr/share/nginx/html;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location /favicon.ico {
return 301 http://layers.openembedded.org/static/img/favicon.ico;
}
location /admin {
return 301 https://layers.openembedded.org$request_uri;
}
location /accounts/login {
return 301 https://layers.openembedded.org$request_uri;
}
location / {
try_files $uri @proxy_to_app;
}
location @proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
server {
listen 443 ssl default;
server_name _;
ssl_certificate /etc/letsencrypt/live/layers.openembedded.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/layers.openembedded.org/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
keepalive_timeout 5;
# path for static files
root /usr/share/nginx/html;
return 301 https://layers.openembedded.org$request_uri;
}
server {
listen 443 ssl;
server_name layers.openembedded.org;
ssl_certificate /etc/letsencrypt/live/layers.openembedded.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/layers.openembedded.org/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
# path for static files
root /usr/share/nginx/html;
location /favicon.ico {
return 301 https://layers.openembedded.org/static/img/favicon.ico;
}
location / {
try_files $uri @proxy_to_app;
}
location @proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
}
Reference in New Issue View Git Blame Copy Permalink