nginx.prod.conf at 3c47a8f000a2cea903e49966f8920ac66a1a9d88 · lewis.moe/bspds-sandbox

lewis.moe / bspds-sandbox
this repo has no description
bspds-sandbox / nginx.prod.conf
at 3c47a8f000a2cea903e49966f8920ac66a1a9d88 3.2 kB view raw
 1worker_processes auto;
 2error_log /var/log/nginx/error.log warn;
 3pid /var/run/nginx.pid;
 4events {
 5    worker_connections 4096;
 6    use epoll;
 7    multi_accept on;
 8}
 9http {
10    include /etc/nginx/mime.types;
11    default_type application/octet-stream;
12    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
13                    '$status $body_bytes_sent "$http_referer" '
14                    '"$http_user_agent" "$http_x_forwarded_for" '
15                    'rt=$request_time uct="$upstream_connect_time" '
16                    'uht="$upstream_header_time" urt="$upstream_response_time"';
17    access_log /var/log/nginx/access.log main;
18    sendfile on;
19    tcp_nopush on;
20    tcp_nodelay on;
21    keepalive_timeout 65;
22    types_hash_max_size 2048;
23    gzip on;
24    gzip_vary on;
25    gzip_proxied any;
26    gzip_comp_level 6;
27    gzip_types text/plain text/css text/xml application/json application/javascript
28               application/xml application/xml+rss text/javascript application/activity+json;
29    ssl_protocols TLSv1.2 TLSv1.3;
30    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
31    ssl_prefer_server_ciphers off;
32    ssl_session_cache shared:SSL:10m;
33    ssl_session_timeout 1d;
34    ssl_session_tickets off;
35    ssl_stapling on;
36    ssl_stapling_verify on;
37    upstream tranquil-pds {
38        server tranquil-pds:3000;
39        keepalive 32;
40    }
41    server {
42        listen 80;
43        listen [::]:80;
44        server_name _;
45        location /.well-known/acme-challenge/ {
46            root /var/www/acme;
47        }
48        location / {
49            return 301 https://$host$request_uri;
50        }
51    }
52    server {
53        listen 443 ssl http2;
54        listen [::]:443 ssl http2;
55        server_name _;
56        ssl_certificate /etc/nginx/certs/live/${PDS_HOSTNAME}/fullchain.pem;
57        ssl_certificate_key /etc/nginx/certs/live/${PDS_HOSTNAME}/privkey.pem;
58        client_max_body_size 10G;
59        location / {
60            proxy_pass http://tranquil-pds;
61            proxy_http_version 1.1;
62            proxy_set_header Upgrade $http_upgrade;
63            proxy_set_header Connection "upgrade";
64            proxy_set_header Host $host;
65            proxy_set_header X-Real-IP $remote_addr;
66            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
67            proxy_set_header X-Forwarded-Proto $scheme;
68            proxy_read_timeout 86400;
69            proxy_send_timeout 86400;
70            proxy_buffering off;
71            proxy_request_buffering off;
72        }
73        location /xrpc/com.atproto.sync.subscribeRepos {
74            proxy_pass http://tranquil-pds;
75            proxy_http_version 1.1;
76            proxy_set_header Upgrade $http_upgrade;
77            proxy_set_header Connection "upgrade";
78            proxy_set_header Host $host;
79            proxy_set_header X-Real-IP $remote_addr;
80            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
81            proxy_set_header X-Forwarded-Proto $scheme;
82            proxy_read_timeout 86400;
83            proxy_send_timeout 86400;
84            proxy_buffering off;
85        }
86    }
87}