# nginx-mal for Pulse Chat # Bytt ut __DOMAIN__ og __PORT__, f.eks.: # sed -e 's/__DOMAIN__/chat.kunde.no/g' -e 's/__PORT__/3000/g' \ # deploy/nginx.conf.template > /etc/nginx/sites-available/__DOMAIN__ # ln -s /etc/nginx/sites-available/__DOMAIN__ /etc/nginx/sites-enabled/ # certbot --nginx -d __DOMAIN__ # nginx -t && systemctl reload nginx server { listen 80; server_name __DOMAIN__; return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name __DOMAIN__; # --- SSL (fylles inn av certbot) --- ssl_certificate /etc/letsencrypt/live/__DOMAIN__/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/__DOMAIN__/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # --- Sikkerhetsheadere --- add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "strict-origin" always; # --- Proxy til Node.js-appen --- location / { proxy_pass http://127.0.0.1:__PORT__; proxy_http_version 1.1; # PÄkrevd for Socket.io (WebSocket-oppgradering) proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 3600s; proxy_send_timeout 3600s; proxy_connect_timeout 60s; } # --- Server opplastede avatarer/logo direkte fra nginx --- location /avatars/ { alias __CWD__/public/avatars/; expires 7d; add_header Cache-Control "public"; } location /uploads/ { alias __CWD__/public/uploads/; expires 7d; add_header Cache-Control "public"; } }