forked from OpenNeo/impress
Emi Matchu
e9b0fa0779
Today I learned that nginx requires a special invocation to listen to IPv6 addresses as well as IPv4. On some of my other projects, this was causing Let's Encrypt certificate renewal to fail, because Let's Encrypt prefers to connect over IPv6 when an AAAA record is present, so its challenges were always returning 404, because nginx wasn't listening on IPv6. This shouldn't be affecting impress in production, because we don't have an AAAA record right now. But I'm just making this change in all my projects, to make sure this doesn't bite me in the future!
46 lines
No EOL
1.4 KiB
Text
46 lines
No EOL
1.4 KiB
Text
server {
|
|
server_name {{ impress_hostname }};
|
|
listen 80;
|
|
listen [::]:80;
|
|
if ($host = {{ impress_hostname }}) {
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
}
|
|
|
|
server {
|
|
server_name {{ impress_hostname }};
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
ssl_certificate /etc/letsencrypt/live/{{ impress_hostname }}/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/{{ impress_hostname }}/privkey.pem;
|
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
ssl_session_cache shared:SSL:10m; # https://superuser.com/q/1484466/14127
|
|
|
|
root /srv/impress/current/public;
|
|
|
|
# Serve assets using their precompressed *.gz versions.
|
|
# The filenames contain content hashes, so they should be safe to
|
|
# cache forever.
|
|
# https://stackoverflow.com/a/6952804/107415
|
|
location ~ ^/assets/ {
|
|
gzip_static on;
|
|
expires max;
|
|
add_header Cache-Control public;
|
|
add_header Last-Modified "";
|
|
add_header ETag "";
|
|
}
|
|
|
|
# Try serving static files first. If not found, fall back to the app.
|
|
try_files $uri/index.html $uri @app;
|
|
|
|
location @app {
|
|
proxy_pass http://127.0.0.1:3000;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
proxy_set_header X-Forwarded-Server $host;
|
|
proxy_set_header Host $http_host;
|
|
proxy_redirect off;
|
|
}
|
|
} |