2023-10-25 15:40:43 -07:00
|
|
|
server {
|
|
|
|
server_name {{ impress_hostname }};
|
|
|
|
listen 80;
|
|
|
|
if ($host = {{ impress_hostname }}) {
|
|
|
|
return 301 https://$host$request_uri;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
server_name {{ impress_hostname }};
|
|
|
|
listen 443 ssl;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/{{ impress_hostname }}/fullchain.pem;
|
|
|
|
ssl_certificate_key /etc/letsencrypt/live/{{ impress_hostname }}/privkey.pem;
|
|
|
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
|
|
ssl_session_cache shared:SSL:10m; # https://superuser.com/q/1484466/14127
|
|
|
|
|
|
|
|
root /srv/impress/current/public;
|
|
|
|
|
2023-10-25 15:44:01 -07:00
|
|
|
# Serve assets using their precompressed *.gz versions.
|
|
|
|
# The filenames contain content hashes, so they should be safe to
|
|
|
|
# cache forever.
|
|
|
|
# https://stackoverflow.com/a/6952804/107415
|
|
|
|
location ~ ^/assets/ {
|
|
|
|
gzip_static on;
|
|
|
|
expires max;
|
|
|
|
add_header Cache-Control public;
|
|
|
|
add_header Last-Modified "";
|
|
|
|
add_header ETag "";
|
|
|
|
}
|
|
|
|
|
2023-10-25 15:40:43 -07:00
|
|
|
# Try serving static files first. If not found, fall back to the app.
|
|
|
|
try_files $uri/index.html $uri @app;
|
|
|
|
|
|
|
|
location @app {
|
|
|
|
proxy_pass http://127.0.0.1:3000;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
|
|
proxy_set_header X-Forwarded-Server $host;
|
|
|
|
proxy_set_header Host $http_host;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
}
|