user www-data; worker_processes 1; pid /run/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; # the collectd config depends on this log format log_format combined2 '$remote_addr - [$time_local] ' '"$request" $status $body_bytes_sent $request_time ' '"$http_referer" "$http_user_agent"'; # required for long host names server_names_hash_bucket_size 128; access_log access.log combined2; sendfile on; keepalive_timeout 65; # HTTP server server { listen 80; # collectd location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; deny all; } # acme challenges location /.well-known/acme-challenge/ { default_type text/plain; alias /home/yellowtent/data/acme/; } location / { # redirect everything to HTTPS return 301 https://$host$request_uri; } } # We have to enable https for nginx to read in the vhost in http request # and send a 404. This is a side-effect of using wildcard DNS server { listen 443 default_server; ssl on; ssl_certificate cert/host.cert; ssl_certificate_key cert/host.key; # increase the proxy buffer sizes to not run into buffer issues (http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers) proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; # Disable check to allow unlimited body sizes client_max_body_size 0; error_page 404 = @fallback; location @fallback { internal; root /home/yellowtent/box/webadmin/dist; rewrite ^/$ /nakeddomain.html break; } location / { internal; root /home/yellowtent/box/webadmin/dist; rewrite ^/$ /nakeddomain.html break; } location /api/ { proxy_pass http://127.0.0.1:3000; client_max_body_size 1m; } } include applications/*.conf; }