##// END OF EJS Templates
nix: added required peppercorn lib
nix: added required peppercorn lib

File last commit:

r477:a554162e default
r521:2f81029a default
Show More
nginx-config-example.rst
92 lines | 3.0 KiB | text/x-rst | RstLexer
/ docs / admin / nginx-config-example.rst

Nginx Configuration Example

Use the following example to configure Nginx as a your web server.

upstream rc {

    server 127.0.0.1:10002;

    # add more instances for load balancing
    # server 127.0.0.1:10003;
    # server 127.0.0.1:10004;
}

## gist alias

server {
    listen          443;
    server_name     gist.myserver.com;
    access_log      /var/log/nginx/gist.access.log;
    error_log       /var/log/nginx/gist.error.log;

    ssl on;
    ssl_certificate     gist.rhodecode.myserver.com.crt;
    ssl_certificate_key gist.rhodecode.myserver.com.key;

    ssl_session_timeout 5m;

    ssl_protocols SSLv3 TLSv1;
    ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
    ssl_prefer_server_ciphers on;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;

    rewrite ^/(.+)$ https://rhodecode.myserver.com/_admin/gists/$1;
    rewrite (.*)    https://rhodecode.myserver.com/_admin/gists;
}

server {
    listen          443;
    server_name     rhodecode.myserver.com;
    access_log      /var/log/nginx/rhodecode.access.log;
    error_log       /var/log/nginx/rhodecode.error.log;

    ssl on;
    ssl_certificate     rhodecode.myserver.com.crt;
    ssl_certificate_key rhodecode.myserver.com.key;

    ssl_session_timeout 5m;

    ssl_protocols SSLv3 TLSv1;
    ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
    ssl_prefer_server_ciphers on;

    include         /etc/nginx/proxy.conf;

    ## uncomment to serve static files by nginx
    # location /_static {
    #    alias /path/to/.rccontrol/enterprise-1/static;
    # }

    ## channel stream live components
    location /_channelstream {
        rewrite /_channelstream/(.*) /$1 break;
        proxy_connect_timeout        10;
        proxy_send_timeout           10m;
        proxy_read_timeout           10m;
        tcp_nodelay                      off;
        proxy_pass                   http://127.0.0.1:9800;
        proxy_set_header             Host $host;
        proxy_set_header             X-Real-IP $remote_addr;
        proxy_set_header             X-Url-Scheme $scheme;
        proxy_set_header             X-Forwarded-Proto $scheme;
        proxy_set_header             X-Forwarded-For $proxy_add_x_forwarded_for;
        gzip                         off;
        proxy_http_version           1.1;
        proxy_set_header Upgrade     $http_upgrade;
        proxy_set_header Connection  "upgrade";
    }

    location / {
        try_files $uri @rhode;
    }

    location @rhode {
        proxy_pass      http://rc;
    }
}