44 lines
1.1 KiB
Django/Jinja
44 lines
1.1 KiB
Django/Jinja
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
listen 443 ssl http2;
|
|
server_name {{item.server_name}};
|
|
|
|
keepalive_timeout 200;
|
|
{{item.custom_config | default('') | indent(2)}}
|
|
|
|
{% if with_distributed_certificates %}
|
|
|
|
ssl_session_timeout 5m;
|
|
ssl_session_cache shared:SSL:50m;
|
|
ssl_session_tickets off;
|
|
ssl_certificate /etc/nginx/certs/ada/ada.crt;
|
|
ssl_certificate_key /etc/nginx/certs/ada/ada.key;
|
|
{% endif %}
|
|
|
|
location / {
|
|
proxy_pass {{item.proxy_pass}};
|
|
|
|
# set host
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For 42.42.42.42;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header X-Forwarded-Port $server_port;
|
|
|
|
# websocket proxy
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
# compression
|
|
gzip on;
|
|
gzip_types text/plain application/xml application/json;
|
|
gzip_proxied no-cache no-store private expired auth;
|
|
gzip_min_length 1000;
|
|
|
|
# cache
|
|
proxy_cache STATIC;
|
|
}
|
|
}
|