telegram_bots/nginx.conf

52 lines
1.5 KiB
Nginx Configuration File

server {
server_name ~^bots\.bakatrouble\.(pw|me)$;
access_log /srv/apps/bots/logs/nginx.access;
error_log /srv/apps/bots/logs/nginx.error;
location /static {
alias /srv/apps/bots/public/static;
}
location /uploads {
alias /srv/apps/bots/public/uploads;
}
location / {
proxy_pass unix:///tmp/bots.sock;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
listen [::]:443 http2 ssl ipv6only=on;
listen 443 http2 ssl;
ssl_certificate /etc/letsencrypt/live/bakatrouble.pw/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bakatrouble.pw/privkey.pem;
# include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
}
server {
if ($host ~ ^bots\.bakatrouble\.(pw|me)$) {
return 301 https://$host$request_uri;
}
listen [::]:80 ipv6only=on;
listen 80;
server_name ~^bots\.bakatrouble\.(pw|me)$;
return 404;
}