nginx.conf
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
upstream aftok-server {
server aftok-server:8000;
}
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
server_name aftok.com;
ssl_certificate /etc/letsencrypt/live/aftok.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/aftok.com/privkey.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
location / {
include /etc/nginx/mime.types;
alias /opt/static/site/;
index index.html;
}
location /.well-known/ {
allow all;
alias /opt/static/well-known/;
}
location /.well-known/acme-challenge/ {
allow all;
alias /opt/letsencrypt/;
}
location /app/ {
include /etc/nginx/mime.types;
alias /opt/static/app/;
index index.html;
}
location /api/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://aftok-server/;
proxy_read_timeout 90;
proxy_redirect http://aftok-server https://$host:$server_port/;
}
}
}