diff options
| author | crupest <crupest@outlook.com> | 2022-11-19 13:00:13 +0800 |
|---|---|---|
| committer | crupest <crupest@outlook.com> | 2022-11-19 13:00:13 +0800 |
| commit | 5fe53ec36e9298fd40a36877a9a5ceb791814f50 (patch) | |
| tree | 9fe248e5379c66cbaa740243bebc04bb7df7cd29 /template/nginx/reverse-proxy.conf.template | |
| parent | 02cb10f9dcf5cd228f563f28e607ad7403a5aa9c (diff) | |
| download | crupest-5fe53ec36e9298fd40a36877a9a5ceb791814f50.tar.gz crupest-5fe53ec36e9298fd40a36877a9a5ceb791814f50.tar.bz2 crupest-5fe53ec36e9298fd40a36877a9a5ceb791814f50.zip | |
No caddy, only nginx and certbot.
Diffstat (limited to 'template/nginx/reverse-proxy.conf.template')
| -rw-r--r-- | template/nginx/reverse-proxy.conf.template | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/template/nginx/reverse-proxy.conf.template b/template/nginx/reverse-proxy.conf.template new file mode 100644 index 0000000..e98c066 --- /dev/null +++ b/template/nginx/reverse-proxy.conf.template @@ -0,0 +1,23 @@ +upstream ${CRUPEST_NGINX_UPSTREAM_NAME} { + server ${CRUPEST_NGINX_UPSTREAM_SERVER}; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN}; + + ssl_certificate /etc/letsencrypt/live/${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN}/privkey.pem; + + location / { + proxy_pass http://${CRUPEST_NGINX_UPSTREAM_NAME}; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + } +} |