2017-04-24 12:22:51 +00:00
|
|
|
#{{ ansible_managed }}
|
|
|
|
|
2018-06-02 12:27:25 +00:00
|
|
|
# Main site configuration for public-health.ch
|
|
|
|
|
2017-04-24 12:22:51 +00:00
|
|
|
upstream wagtail-site {
|
|
|
|
server localhost:5000;
|
|
|
|
}
|
|
|
|
server {
|
2018-07-13 09:42:34 +00:00
|
|
|
server_name _;
|
2019-10-17 15:05:01 +00:00
|
|
|
listen 80 default_server;
|
|
|
|
return 301 https://$host$request_uri;
|
2018-06-02 13:01:29 +00:00
|
|
|
}
|
|
|
|
server {
|
2018-07-13 09:42:34 +00:00
|
|
|
server_name _;
|
2019-10-17 15:05:01 +00:00
|
|
|
listen 443 ssl default_server;
|
|
|
|
|
2020-05-16 13:12:07 +00:00
|
|
|
ssl_certificate /etc/ssl/certs/cloudflare.pem;
|
|
|
|
ssl_certificate_key /etc/ssl/certs/cloudflare.key;
|
2018-06-02 13:01:29 +00:00
|
|
|
|
2017-04-24 12:22:51 +00:00
|
|
|
client_max_body_size 16M;
|
|
|
|
|
|
|
|
gzip on;
|
|
|
|
gzip_types text/plain text/css application/x-javascript image/svg+xml;
|
|
|
|
gzip_comp_level 1;
|
|
|
|
gzip_disable msie6;
|
|
|
|
gzip_http_version 1.0;
|
|
|
|
gzip_proxied any;
|
|
|
|
gzip_vary on;
|
|
|
|
|
|
|
|
location /static/ {
|
2017-05-11 07:52:45 +00:00
|
|
|
access_log off; expires 36000;
|
2017-04-24 12:22:51 +00:00
|
|
|
alias {{ release_dir }}/static/;
|
2017-05-10 15:24:21 +00:00
|
|
|
add_header Cache-Control "public";
|
2019-10-17 15:05:01 +00:00
|
|
|
add_header Access-Control-Allow-Origin *; #https://{{ domain }};
|
2017-04-24 12:22:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
# Set a longer expiry for CACHE/, because the filenames are unique.
|
|
|
|
location /static/CACHE/ {
|
2017-05-11 07:52:45 +00:00
|
|
|
access_log off; expires 864000;
|
2017-04-24 12:22:51 +00:00
|
|
|
alias {{ release_dir }}/static/CACHE/;
|
|
|
|
}
|
|
|
|
|
2017-10-23 07:57:16 +00:00
|
|
|
# Serve favorites icon from the root
|
2017-05-11 07:52:45 +00:00
|
|
|
location /favicon.ico {
|
2017-05-11 07:54:30 +00:00
|
|
|
access_log off; expires max;
|
2017-05-11 07:52:45 +00:00
|
|
|
alias {{ release_dir }}/static/images/favicon.ico;
|
|
|
|
}
|
|
|
|
|
2019-10-17 15:05:01 +00:00
|
|
|
# Directly serve media with max caching
|
|
|
|
location /media {
|
|
|
|
root {{ release_dir }};
|
|
|
|
autoindex off;
|
|
|
|
access_log off;
|
|
|
|
expires max;
|
2017-05-11 07:43:10 +00:00
|
|
|
add_header Cache-Control "public";
|
2017-04-24 12:22:51 +00:00
|
|
|
}
|
|
|
|
|
2019-10-17 15:05:01 +00:00
|
|
|
# Only serve media by default, not e.g. original_images/.
|
|
|
|
#location ~* ^/media {
|
|
|
|
# alias {{ release_dir }}/media;
|
|
|
|
#}
|
|
|
|
|
2018-05-28 16:27:14 +00:00
|
|
|
# Disable English home page (for now)
|
2019-10-17 15:05:01 +00:00
|
|
|
if ($host !~* 'sphc.ch') {
|
2018-06-18 13:17:56 +00:00
|
|
|
rewrite ^/en/$ $scheme://$host/de/;
|
|
|
|
}
|
2018-05-28 16:27:14 +00:00
|
|
|
|
2019-10-17 15:05:01 +00:00
|
|
|
# Redirect French home page as appropriate
|
|
|
|
if ($host = 'manifestesante.ch') {
|
|
|
|
rewrite ^/$ $scheme://$host/fr/;
|
|
|
|
}
|
|
|
|
|
2017-04-24 12:22:51 +00:00
|
|
|
location / {
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header Host $http_host;
|
|
|
|
proxy_redirect off;
|
|
|
|
proxy_pass http://wagtail-site;
|
|
|
|
}
|
|
|
|
}
|