server { server_name {{ impress_hostname }}; listen 80; listen [::]:80; if ($host = {{ impress_hostname }}) { return 301 https://$host$request_uri; } } server { server_name {{ impress_hostname }}; listen 443 ssl; listen [::]:443 ssl; ssl_certificate /etc/letsencrypt/live/{{ impress_hostname }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ impress_hostname }}/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; ssl_session_cache shared:SSL:10m; # https://superuser.com/q/1484466/14127 root /srv/impress/current/public; # Serve assets using their precompressed *.gz versions. # The filenames contain content hashes, so they should be safe to # cache forever. # https://stackoverflow.com/a/6952804/107415 location ~ ^/assets/ { gzip_static on; expires max; add_header Cache-Control public; add_header Last-Modified ""; add_header ETag ""; } # Try serving static files first. If not found, fall back to the app. try_files $uri/index.html $uri @app; location @app { proxy_pass http://127.0.0.1:3000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Server $host; proxy_set_header Host $http_host; proxy_redirect off; } }