From 6bcc222c6f0c665ba4d41881d42a915f3cd33c36 Mon Sep 17 00:00:00 2001
From: Rachel Fae Fox <allisonthefox@gmail.com>
Date: Wed, 31 Oct 2018 03:15:59 -0400
Subject: [PATCH] Added an example config for nginx.

Based off of my own config locally.
---
 installation/relay.nginx | 74 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 installation/relay.nginx

diff --git a/installation/relay.nginx b/installation/relay.nginx
new file mode 100644
index 0000000..d98c604
--- /dev/null
+++ b/installation/relay.nginx
@@ -0,0 +1,74 @@
+# Example nginx config for ActivityRelay
+
+# how to use this config.
+# 1. Create web roots if needed.
+# 2. change paths and everywhere it says <yourdomain>.
+# 3. get a SSL cert, this config can be used for letsencrypt's webroot mode 
+# 4. reload nginx
+
+server {
+  listen 80;
+  listen [::]:80;
+  server_name relay.<yourdomain>;
+  root /srv/www/relay.<yourdomain>/htdocs;
+  # don't redirect for letsencrypt.
+  location /.well-known/acme-challenge/ {
+  }
+  location / {
+    return 301 https://relay.<yourdomain>$request_uri;
+  }
+}
+
+# if you don't have a ssl cert yet, comment out the next block and use certbot to fetch one.
+server {
+  listen 443 ssl;
+  server_name relay.<yourdomain>;
+  root /srv/www/relay.<yourdomain>/htdocs;
+
+  # logging, mostly for debug purposes. Disable if you wish.
+  access_log /srv/www/relay.<yourdomain>/logs/access.log;
+  error_log /srv/www/relay.<yourdomain>/logs/error.log;
+  
+  ssl_protocols TLSv1.2;
+  ssl_ciphers EECDH+AESGCM:EECDH+AES;
+  ssl_ecdh_curve secp384r1;
+  ssl_prefer_server_ciphers on;
+  ssl_session_cache shared:SSL:10m;
+  
+  # ssl certs. 
+  ssl_certificate     /usr/local/etc/letsencrypt/live/relay.<yourdomain>/fullchain.pem;
+  ssl_certificate_key /usr/local/etc/letsencrypt/live/relay.<yourdomain>/privkey.pem;
+
+  keepalive_timeout    70;
+  sendfile             on;
+  client_max_body_size 0;
+  gzip off;
+
+  server_name relay.<yourdomain>;
+
+  # sts, change if you care.
+  # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+  
+  # not actually needed, this enables you to use a static page on your domain for your root page.
+  location = / {
+    index index.html;
+  }
+
+  location / {
+    try_files $uri @proxy;
+  }
+
+  location @proxy {
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto https;
+    proxy_pass_header Server;
+    # change as needed.
+    proxy_pass http://127.0.0.1:8080;
+    proxy_buffering off;
+    proxy_redirect off;
+    proxy_http_version 1.1;
+  }
+}
+