54 lines
1.7 KiB
Text
54 lines
1.7 KiB
Text
|
server {
|
||
|
|
listen *:443 ssl;
|
||
|
|
listen [::]:443 ssl;
|
||
|
|
|
||
|
|
ssl_certificate /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem;
|
||
|
|
ssl_certificate_key /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/privkey.pem;
|
||
|
|
|
||
|
|
server_name {{ tpl .Values.fqdn . }};
|
||
|
|
|
||
|
|
root /usr/share/nginx/html;
|
||
|
|
|
||
|
|
client_max_body_size 0;
|
||
|
|
|
||
|
|
try_files $uri/index.html $uri.html $uri @sunstone;
|
||
|
|
|
||
|
|
location ~* \.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)?$ {
|
||
|
|
expires 1y;
|
||
|
|
|
||
|
|
# Need to enable proxying in this location as well
|
||
|
|
try_files $uri @sunstone;
|
||
|
|
}
|
||
|
|
|
||
|
|
# Rails error pages
|
||
|
|
error_page 500 502 503 504 /500.html;
|
||
|
|
|
||
|
|
location @sunstone {
|
||
|
|
proxy_pass http://localhost:9869;
|
||
|
|
|
||
|
|
# Forward original host name to be seen in unicorn
|
||
|
|
proxy_set_header Host $host;
|
||
|
|
|
||
|
|
# Server name and address like being available in PHP
|
||
|
|
proxy_set_header SERVER_NAME $server_name;
|
||
|
|
proxy_set_header SERVER_ADDR $server_addr;
|
||
|
|
|
||
|
|
# Forward client ip address to rack/rails so logging
|
||
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||
|
|
|
||
|
|
# Tell rack if it is http or https
|
||
|
|
# https://github.com/intridea/omniauth/blob/master/lib/omniauth/strategy.rb#L483
|
||
|
|
# http://nginx.org/en/docs/http/ngx_http_core_module.html#variables
|
||
|
|
# $https was introduced in 1.1.11 - we are using 0.7.67-3+squeeze3
|
||
|
|
# so we cannot use
|
||
|
|
# proxy_set_header HTTPS $https;
|
||
|
|
# but have to forward the scheme like this
|
||
|
|
proxy_set_header X_FORWARDED_SCHEME $scheme;
|
||
|
|
|
||
|
|
# Some applications seem to use X_FORWARDED_SCHEME while others need
|
||
|
|
# X_FORWARDED_PROTO, so we set X_FORWARDED_PROTO too
|
||
|
|
proxy_set_header X_FORWARDED_PROTO $scheme;
|
||
|
|
|
||
|
|
}
|
||
|
|
}
|