events {}
http {
# Log warnings
# TODO: Better path
error_log /var/log/nginx.log warn;
# No idea, but nginx refuses to start without it
server_names_hash_bucket_size 64;
# The redirection server
server {
listen 80 default_server;
add_header Strict-Transport-Security "max-age=31536000" always;
return 301 https://$host$request_uri;
}
# The actual webserver duties
# server_name lateinicus;
listen 443 ssl http2;
# SSL configuration
ssl_certificate /etc/ssl/lateinicus.pem;
ssl_certificate_key /etc/ssl/lateinicus.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
keepalive_timeout 70;
# Enable gzip compression
gzip on;
gzip_min_length 256K;
# Reverse Proxy
location /api/ {
# Seems weird, but it is (Prevent /api/api/)
rewrite /api/(.*) /api/$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://128.1.0.3:8080;
# The web app
location /app/ {
# CSS might not get the correct Content-Type header
include /etc/nginx/mime.types;
root /srv/www;
# For react-router
try_files $uri /app/index.html;
index index.html;