server-debian/nginx/gts.conf

57 lines
1.5 KiB
Plaintext
Raw Permalink Normal View History

2024-04-23 14:37:32 +02:00
server {
server_name dym.sh;
listen 80;
listen [::]:80;
location ~ /\.well-known/acme-challenge {
root /var/lib/letsencrypt/;
}
location / {
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
return 301 https://$server_name$request_uri;
}
}
server {
server_name dym.sh;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_trusted_certificate /etc/letsencrypt/live/dym.sh/chain.pem;
ssl_certificate /etc/letsencrypt/live/dym.sh/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dym.sh/privkey.pem;
location ~* ^\/(rss\/|feed\.xml|feed\.rss)$ {
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
return 301 https://$server_name/rss;
}
location ~* \/\.?rss$ {
types { } default_type "application/rss+xml; charset=utf-8";
root /var/www/dym.sh/;
}
location / {
root /var/www/dym.sh/;
try_files
$uri
$uri/
@gts;
}
client_max_body_size 2000M;
proxy_pass_request_headers on;
location @gts {
# set to 127.0.0.1 instead of localhost to work around https://stackoverflow.com/a/52550758
proxy_pass http://127.0.0.1:10099;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}