-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathnginx.prod.conf
111 lines (91 loc) · 3.33 KB
/
nginx.prod.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# For Ubuntu 18.04 (LTS)
# Put to /etc/nginx/sites-available/dumber-gist.conf
# App is at /home/huocp/dumber-gist
# redirect http request to https
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name cache.dumber.app;
# add_header Strict-Transport-Security max-age=31536000 always;
add_header Access-Control-Allow-Origin "https://gist.dumber.app" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Credentials "false" always;
add_header Access-Control-Max-Age 86400 always; # 24 hours
add_header Access-Control-Allow-Headers "*" always;
location @nocache {
# kill cache for missed cache
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0' always;
if_modified_since off;
expires off;
etag off;
add_header Access-Control-Allow-Origin "https://gist.dumber.app" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Credentials "false" always;
add_header Access-Control-Max-Age 86400 always; # 24 hours
add_header Access-Control-Allow-Headers "*" always;
return 204;
}
location ~ ^/\w {
try_files $uri @nocache;
root /home/huocp/dumber-gist/server/dumber-cache/public;
default_type "application/json; charset=utf-8";
expires 365d;
}
location ~ ^/$ {
client_max_body_size 20m;
passenger_enabled on;
root /home/huocp/dumber-gist/server/dumber-cache/nowhere;
passenger_app_env production;
}
}
server {
listen 443 ssl http2;
server_name github-oauth.gist.dumber.app;
# add_header Strict-Transport-Security max-age=31536000 always;
add_header Access-Control-Allow-Origin "https://gist.dumber.app" always;
add_header Access-Control-Allow-Methods "POST, OPTIONS" always;
add_header Access-Control-Allow-Credentials "false" always;
add_header Access-Control-Max-Age 86400 always; # 24 hours
add_header Access-Control-Allow-Headers "*" always;
passenger_enabled on;
root /home/huocp/dumber-gist/server/github-oauth/public;
# Local dev github oauth client id/secret
# for https://gist.dumber.app
passenger_env_var DR_CLIENT_ID 366fabacbad89519ff19;
passenger_env_var DR_CLIENT_SECRET __add_to_server__;
passenger_app_env production;
}
server {
listen 443 ssl http2;
server_name gist.dumber.app;
location / {
root /home/huocp/dumber-gist/client;
index index.html;
if ($request_uri ~ "\.js$") {
expires 365d;
}
}
}
server {
listen 443 ssl http2;
server_name "~^[0-9a-f]{32,32}\.gist\.dumber\.app$";
location / {
root /home/huocp/dumber-gist/client-service-worker;
index index.html;
# kill cache for this random host name
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
}
server {
listen 443 ssl http2 default_server;
server_name dumber.app;
return 301 https://gist.dumber.app$request_uri;
}