diff options
Diffstat (limited to 'plausible/plausible.nginx')
-rw-r--r-- | plausible/plausible.nginx | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/plausible/plausible.nginx b/plausible/plausible.nginx new file mode 100644 index 0000000..96baede --- /dev/null +++ b/plausible/plausible.nginx @@ -0,0 +1,36 @@ +server { + listen 80; + listen [::]:80; + server_name plausible.yourdomain.com; + + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name plausible.yourdomain.com; + + access_log /var/log/nginx/plausible.access.log; + error_log /var/log/nginx/plausible.error.log; + + ssl_certificate /etc/nginx/cert/plausible.yourdomain.com.pem; + ssl_certificate_key /etc/nginx/cert/plausible.yourdomain.com.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 5m; + ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+AESGCM:EDH+AESGCM:EECDH+CHACHA20:EDH+CHACHA20:EECDH+AES128:EDH+AES128:EECDH+AES256:EDH+AES256:EECDH+3DES:EDH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS'; + + location / { + proxy_pass http://localhost:8000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_redirect off; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + } +}
\ No newline at end of file |