56 lines
1.4 KiB
Plaintext
56 lines
1.4 KiB
Plaintext
upstream app-gunicorn {
|
|
server unix:/data/sockets/gunicorn-mhackspace.sock fail_timeout=0;
|
|
}
|
|
upstream app-bjoern {
|
|
server unix:/data/sockets/bjoern-mhackspace.sock fail_timeout=0;
|
|
}
|
|
|
|
|
|
server {
|
|
listen 80;
|
|
server_name dev.maidstone-hackspace.org.uk;
|
|
root /var/www/maidstone-hackspace-website;
|
|
|
|
# resolver 8.8.8.8;
|
|
resolver 127.0.0.11;
|
|
|
|
server_tokens off;
|
|
add_header X-Frame-Options "ALLOW-FROM riot.im";
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Strict-Transport-Security max-age=15768000;
|
|
|
|
error_page 404 = /404.htm;
|
|
|
|
# only for dev to test different wsgi servers
|
|
set $upstream "django:8000";
|
|
if ($http_cookie ~ "proxy_override=([\w-]+)") {
|
|
set $upstream $1;
|
|
}
|
|
|
|
location /media {
|
|
alias /var/www/maidstone-hackspace-website/mhackspace/media;
|
|
expires 1d;
|
|
add_header Pragma public;
|
|
add_header Cache-Control "public";
|
|
}
|
|
|
|
|
|
location / {
|
|
access_log on;
|
|
proxy_redirect off;
|
|
proxy_pass_header Server;
|
|
resolver 127.0.0.11;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-SSL-Protocol $ssl_protocol;
|
|
|
|
proxy_pass http://$upstream;
|
|
proxy_ssl_session_reuse off;
|
|
}
|
|
|
|
}
|
|
|