41 lines
1.4 KiB
Text
41 lines
1.4 KiB
Text
server {
|
|
listen *:2634 ssl;
|
|
listen [::]:2634 ssl;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/privkey.pem;
|
|
|
|
server_name {{ tpl .Values.fqdn . }};
|
|
|
|
root /usr/share/nginx/html;
|
|
|
|
client_max_body_size 0;
|
|
|
|
location / {
|
|
proxy_pass http://localhost:2633;
|
|
|
|
# Forward original host name to be seen in unicorn
|
|
proxy_set_header Host $host;
|
|
|
|
# Server name and address like being available in PHP
|
|
proxy_set_header SERVER_NAME $server_name;
|
|
proxy_set_header SERVER_ADDR $server_addr;
|
|
|
|
# Forward client ip address to rack/rails so logging
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
# Tell rack if it is http or https
|
|
# https://github.com/intridea/omniauth/blob/master/lib/omniauth/strategy.rb#L483
|
|
# http://nginx.org/en/docs/http/ngx_http_core_module.html#variables
|
|
# $https was introduced in 1.1.11 - we are using 0.7.67-3+squeeze3
|
|
# so we cannot use
|
|
# proxy_set_header HTTPS $https;
|
|
# but have to forward the scheme like this
|
|
proxy_set_header X_FORWARDED_SCHEME $scheme;
|
|
|
|
# Some applications seem to use X_FORWARDED_SCHEME while others need
|
|
# X_FORWARDED_PROTO, so we set X_FORWARDED_PROTO too
|
|
proxy_set_header X_FORWARDED_PROTO $scheme;
|
|
|
|
}
|
|
}
|