85216305e7
Please generate certificates with Let's encrypt and remplace certs paths in the nginx configuration file.
53 lines
1.4 KiB
Nginx Configuration File
53 lines
1.4 KiB
Nginx Configuration File
upstream funkwhale-api {
|
|
# depending on your setup, you may want to udpate this
|
|
server localhost:5000;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name demo.funkwhale.audio;
|
|
# useful for Let's Encrypt
|
|
location /.well-known/acme-challenge/ { allow all; }
|
|
location / { return 301 https://$host$request_uri; }
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
server_name demo.funkwhale.audio;
|
|
|
|
# TLS
|
|
ssl_protocols TLSv1.2;
|
|
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
|
|
# HSTS
|
|
add_header Strict-Transport-Security "max-age=31536000";
|
|
|
|
root /srv/funkwhale/front/dist;
|
|
|
|
location / {
|
|
try_files $uri $uri/ @rewrites;
|
|
}
|
|
|
|
location @rewrites {
|
|
rewrite ^(.+)$ /index.html last;
|
|
}
|
|
location /api/ {
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
proxy_redirect off;
|
|
proxy_pass http://funkwhale-api/api/;
|
|
}
|
|
location /media/ {
|
|
alias /srv/funkwhale/data/media/;
|
|
}
|
|
location /staticfiles/ {
|
|
alias /srv/funkwhale/data/staticfiles/;
|
|
}
|
|
}
|