# Example nginx config for ActivityRelay # how to use this config. # 1. Create web roots if needed. # 2. change paths and everywhere it says . # 3. get a SSL cert, this config can be used for letsencrypt's webroot mode # 4. reload nginx server { listen 80; listen [::]:80; server_name relay.; root /srv/www/relay./htdocs; # don't redirect for letsencrypt. location /.well-known/acme-challenge/ { } location / { return 301 https://relay.$request_uri; } } # if you don't have a ssl cert yet, comment out the next block and use certbot to fetch one. server { listen 443 ssl; server_name relay.; root /srv/www/relay./htdocs; # logging, mostly for debug purposes. Disable if you wish. access_log /srv/www/relay./logs/access.log; error_log /srv/www/relay./logs/error.log; ssl_protocols TLSv1.2; ssl_ciphers EECDH+AESGCM:EECDH+AES; ssl_ecdh_curve secp384r1; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; # ssl certs. ssl_certificate /usr/local/etc/letsencrypt/live/relay./fullchain.pem; ssl_certificate_key /usr/local/etc/letsencrypt/live/relay./privkey.pem; keepalive_timeout 70; sendfile on; client_max_body_size 0; gzip off; server_name relay.; # sts, change if you care. # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; # uncomment this to use a static page in your webroot for your root page. #location = / { # index index.html; #} location / { try_files $uri @proxy; } location @proxy { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_pass_header Server; # change as needed. proxy_pass http://127.0.0.1:8080; proxy_buffering off; proxy_redirect off; proxy_http_version 1.1; } }