47 lines
1.3 KiB
Django/Jinja
47 lines
1.3 KiB
Django/Jinja
upstream ara_api {
|
|
# fail_timeout=0 means we always retry an upstream even if it failed
|
|
# to return a good HTTP response
|
|
server {{ ara_api_wsgi_bind }} fail_timeout=0;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
server_name {{ ara_api_fqdn }};
|
|
return 301 https://{{ ara_api_fqdn }}$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 443;
|
|
server_name {{ ara_api_fqdn }};
|
|
access_log /var/log/nginx/{{ ara_api_fqdn }}_access.log;
|
|
error_log /var/log/nginx/{{ ara_api_fqdn }}_error.log;
|
|
|
|
ssl on;
|
|
ssl_certificate /etc/letsencrypt/live/{{ ara_api_fqdn }}/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/{{ ara_api_fqdn }}/privkey.pem;
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_timeout 10m;
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
|
|
location /static {
|
|
expires 7d;
|
|
add_header Cache-Control "public";
|
|
}
|
|
|
|
# Everything, including static files, is served by the backend
|
|
location ~ {
|
|
# checks if the file exists, if not found proxy to app
|
|
try_files $uri @proxy_to_app;
|
|
}
|
|
|
|
location @proxy_to_app {
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Host $http_host;
|
|
|
|
proxy_redirect off;
|
|
proxy_pass http://ara_api;
|
|
}
|
|
}
|