forked from lbstoller/scos-sensor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
conf.template
59 lines (49 loc) · 1.75 KB
/
conf.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# -*- conf -*-
upstream wsgi-server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response (in case the gunicorn master nukes a
# single worker for timing out).
server api:8000 fail_timeout=0;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
#return 301 https://$host$request_uri;
# For testing, use 307 so that redirect is not cached in browser
return 307 https://$host$request_uri;
}
server {
# SSL configuration
listen 443 ssl;
listen [::]:443 ssl;
server_name ${DOMAINS};
# reduce "upstream response is buffered to a temporary file" warnings
proxy_buffers 16 16k;
proxy_buffer_size 16k;
proxy_read_timeout 120s;
proxy_max_temp_file_size 0; # disable data being stored on disk
ssl_session_tickets off;
ssl_certificate /etc/ssl/certs/ssl-cert.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert.key;
ssl_protocols TLSv1.2;
ssl_client_certificate /etc/ssl/certs/ca.crt;
# ssl_verify_client on;
# ssl_ocsp on; # Enable OCSP validation
ssl_verify_depth 4;
# path for static files
root /var/www/scos-sensor/;
location = /favicon.ico { access_log off; log_not_found off; }
location / {
# checks for static file, if not found proxy to wsgi server
try_files $uri @proxy_to_wsgi_server;
}
# Pass off requests to Gunicorn
location @proxy_to_wsgi_server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://wsgi-server;
}
}