Commit 0d03cd3d authored by Ludovic Courtès's avatar Ludovic Courtès

Add the nginx config file.

* nginx.conf: New file.
parent 1e380b03
# This is the nginx config file for guix-hpc.bordeaux.inria.fr.
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log error;
pid /var/run/nginx.pid;
pcre_jit on;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# We need to specify all these or nginx picks its own directory to
# store them, which doesn't work because the store is read-only.
client_body_temp_path /var/run/nginx/body;
proxy_temp_path /var/run/nginx/proxy;
fastcgi_temp_path /var/run/nginx/fastcgi;
uwsgi_temp_path /var/run/nginx/uwsgi;
scgi_temp_path /var/run/nginx/scgi;
access_log /var/log/nginx/access.log;
sendfile on;
# Maximum chunk size to send. Partly this is a workaround
# for <http://bugs.gnu.org/19939>, but also the nginx docs
# mention that "Without the limit, one fast connection may
# seize the worker process entirely."
# <http://nginx.org/en/docs/http/ngx_http_core_module#sendfile_max_chunk>
sendfile_max_chunk 1m;
keepalive_timeout 65;
server {
listen 80;
server_name guix-hpc.bordeaux.inria.fr;
access_log /var/log/nginx/http.access.log;
# location /private/draft {
# proxy_pass http://localhost:8080;
# proxy_redirect default;
# }
# location /static { # fonts
# proxy_pass http://localhost:8080;
# proxy_redirect default;
# }
location / {
root /home/ludo/src/guix-hpc-web/site;
}
# For use by Certbot.
location /.well-known {
root /var/www;
}
}
server {
listen 443 ssl;
server_name guix-hpc.bordeaux.inria.fr;
ssl_certificate /etc/letsencrypt/live/guix-hpc.bordeaux.inria.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/guix-hpc.bordeaux.inria.fr/privkey.pem;
# Make sure SSL is disabled.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Disable weak cipher suites.
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Use our own DH parameters created with:
# openssl dhparam -out dhparams.pem 2048
# as suggested at <https://weakdh.org/sysadmin.html>.
ssl_dhparam /etc/dhparams.pem;
access_log /var/log/nginx/http.access.log;
location / {
root /home/ludo/src/guix-hpc-web/site;
}
# For use by Certbot.
location /.well-known {
root /var/www;
}
}
# server {
# listen 8080;
# server_name guix-hpc.bordeaux.inria.fr;
# access_log /var/log/nginx/http.access.log;
# rewrite ^/private/draft/(.*) /$1;
# location / {
# root /home/ludo/src/guix-hpc-web/site;
# }
# }
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment