Created
March 20, 2017 22:05
-
-
Save deflume1/937523e5edfe59e8727bfbe117e8b439 to your computer and use it in GitHub Desktop.
Sample Ghost NGINX config file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# map of content type -> expires header | |
map $sent_http_content_type $expires { | |
default off; | |
text/html epoch; | |
text/css max; | |
application/javascript max; | |
~image/ max; | |
} | |
# listen for BS traffic on 80 that lacks a hostname, and just serve | |
# the "welcome to NGINX" page | |
server { | |
listen 80 default_server; | |
listen [::]:80 default_server; | |
server_name _; | |
root /user/share/nginx/html; | |
} | |
# listen on 80, and 301 all traffic to https | |
# allow .well-known on 80 though, for Let's Encrypt checks | |
server { | |
listen [::]:80; | |
listen 80; | |
server_name deflumeri.com www.deflumeri.com; | |
root /var/www/ghost/; | |
location ~ /.well-known { | |
allow all; | |
break; | |
} | |
location / { | |
return 301 https://deflumeri.com$request_uri; | |
} | |
} | |
# listen on 443, and forward all www traffic to non-www | |
server { | |
listen [::]:443 ssl http2; | |
listen 443 ssl http2; | |
server_name www.deflumeri.com; | |
location / { | |
return 301 https://deflumeri.com$request_uri; | |
} | |
} | |
# what we're actually listening on | |
server { | |
# allow ssl and http2 traffic | |
listen [::]:443 ssl http2 default_server; | |
listen 443 ssl http2 default_server; | |
# our server name is our hostname | |
server_name deflumeri.com; | |
# point at our SSL certificates | |
ssl_certificate /etc/letsencrypt/live/deflumeri.com/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/deflumeri.com/privkey.pem; | |
# setup our access and error logs | |
access_log /var/log/nginx/deflumeri.com.access.log; | |
error_log /var/log/nginx/deflumeri.com.error.log; | |
# add expires headers for static content | |
expires $expires; | |
# proxy all of our traffic to Ghost | |
location / { | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header HOST $http_host; | |
proxy_set_header X-NginX-Proxy true; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_pass http://127.0.0.1:2368; | |
proxy_redirect off; | |
} | |
# allow Let's Encrypt checks on .well-known without proxying | |
location ~ /.well-known { | |
allow all; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
thank youuu. it worked :)