From 8558b518f8f2dcd08c4bc4f6afdb62a54a6d9ffc Mon Sep 17 00:00:00 2001
From: Michiel Scholten <michiel@diginaut.net>
Date: Wed, 11 Feb 2026 15:59:47 +0100
Subject: [PATCH] Example nginx configuration

---
 example_config/nginx_digimarks.conf | 68 +++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 example_config/nginx_digimarks.conf

diff --git a/example_config/nginx_digimarks.conf b/example_config/nginx_digimarks.conf
new file mode 100644
index 0000000..4ae8c1a
--- /dev/null
+++ b/example_config/nginx_digimarks.conf
@@ -0,0 +1,68 @@
+server {
+    server_name marks.example.org;
+    listen [::]:443 ssl; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+
+    real_ip_header      X-Forwarded-For;
+
+    access_log  /var/log/nginx/access_marks.example.org.log;
+    error_log  /var/log/nginx/error_marks.example.org.log  warn;
+
+    # Media: images, icons, video, audio, HTC
+    #location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|mp3|ogg|ogv|webm|htc|woff2|woff)$ {
+    #    expires 1M;
+    #    access_log off;
+    #    # max-age must be in seconds
+    #    add_header Cache-Control "max-age=2629746, public";
+    #}
+
+    # CSS and Javascript
+    #location ~* \.(?:css|js)$ {
+    #    expires 1M;
+    #    access_log off;
+    #    add_header Cache-Control "max-age=31556952, public";
+    #}
+
+    location / {
+        proxy_pass             http://127.0.0.1:8890;
+        proxy_read_timeout     60;
+        proxy_connect_timeout  60;
+        proxy_redirect         off;
+
+        # Allow the use of websockets
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_cache_bypass $http_upgrade;
+    }
+
+    location /content/favicons/ {
+        alias /srv/www/marks.example.org/favicons/;
+        # This can certainly be cached, so do so for a month
+        expires 1M;
+        add_header Cache-Control "public";
+    }
+
+    location /static/ {
+        alias /srv/www/marks.example.org/digimarks/src/digimarks/static/;
+        # This can certainly be cached, so do so for a month
+        #expires 1M;
+        #add_header Cache-Control "public";
+    }
+
+    ssl_certificate /etc/letsencrypt/live/marks.example.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/marks.example.org/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+server {
+    if ($host = marks.example.org) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    listen [::]:80 ;
+    listen 80;
+    server_name marks.example.org;
+    return 404; # managed by Certbot
+}