server { server_name marks.example.org; listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot real_ip_header X-Forwarded-For; access_log /var/log/nginx/access_marks.example.org.log; error_log /var/log/nginx/error_marks.example.org.log warn; # Media: images, icons, video, audio, HTC #location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|mp3|ogg|ogv|webm|htc|woff2|woff)$ { # expires 1M; # access_log off; # # max-age must be in seconds # add_header Cache-Control "max-age=2629746, public"; #} # CSS and Javascript #location ~* \.(?:css|js)$ { # expires 1M; # access_log off; # add_header Cache-Control "max-age=31556952, public"; #} location / { proxy_pass http://127.0.0.1:8890; proxy_read_timeout 60; proxy_connect_timeout 60; proxy_redirect off; # Allow the use of websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } location /content/favicons/ { alias /srv/www/marks.example.org/favicons/; # This can certainly be cached, so do so for a month expires 1M; add_header Cache-Control "public"; } location /static/ { alias /srv/www/marks.example.org/digimarks/src/digimarks/static/; # This can certainly be cached, so do so for a month #expires 1M; #add_header Cache-Control "public"; } ssl_certificate /etc/letsencrypt/live/marks.example.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/marks.example.org/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = marks.example.org) { return 301 https://$host$request_uri; } # managed by Certbot listen [::]:80 ; listen 80; server_name marks.example.org; return 404; # managed by Certbot }