|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
server_name www.shop.bcbc.bike;
|
|
|
|
# $scheme will get the http protocol
|
|
|
|
# and 301 is best practice for tablet, phone, desktop and seo
|
|
|
|
return 301 https://shop.bcbc.bike$request_uri;
|
|
|
|
}
|
|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
server_name shop.bcbc.bike;
|
|
|
|
# $scheme will get the http protocol
|
|
|
|
# and 301 is best practice for tablet, phone, desktop and seo
|
|
|
|
return 301 https://shop.bcbc.bike$request_uri;
|
|
|
|
}
|
|
|
|
server {
|
|
|
|
# resolver 127.0.0.11 ipv6=off;
|
|
|
|
listen 443 ssl;
|
|
|
|
# listen 80;
|
|
|
|
server_name shop.bcbc.bike;
|
|
|
|
|
|
|
|
ssl_certificate /etc/letsencrypt/live/shop.bcbc.bike/fullchain.pem;
|
|
|
|
ssl_certificate_key /etc/letsencrypt/live/shop.bcbc.bike/privkey.pem;
|
|
|
|
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
|
|
|
|
|
|
|
|
location = /favicon.ico { access_log off; log_not_found off; }
|
|
|
|
keepalive_timeout 5;
|
|
|
|
root /code;
|
|
|
|
|
|
|
|
location / {
|
|
|
|
# checks for static file, if not found proxy to app
|
|
|
|
try_files $uri @proxy_to_app;
|
|
|
|
}
|
|
|
|
|
|
|
|
location /static {
|
|
|
|
root /code;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Let's encrypt certonly
|
|
|
|
location '/.well-known/acme-challenge' {
|
|
|
|
default_type "text/plain";
|
|
|
|
root /tmp/letsencrypt-auto;
|
|
|
|
}
|
|
|
|
|
|
|
|
location @proxy_to_app {
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
# enable this if and only if you use HTTPS
|
|
|
|
# proxy_set_header X-Forwarded-Proto https;
|
|
|
|
proxy_set_header Host $http_host;
|
|
|
|
# we don't want nginx trying to do something clever with
|
|
|
|
# redirects, we set the Host: header above already.
|
|
|
|
proxy_redirect off;
|
|
|
|
proxy_pass http://workstand:8000;
|
|
|
|
}
|
|
|
|
}
|