014b77b7aa
LE contacts the server by hostname and not by IP. This means that when installing and reconfiguring the app it hits the default_server route since nginx configs for the app are not generated at. When doing in the daily cert renew, the nginx configs exist and we are unable to renew the certs.
59 lines
1.6 KiB
Nginx Configuration File
59 lines
1.6 KiB
Nginx Configuration File
user www-data;
|
|
|
|
worker_processes 1;
|
|
|
|
pid /run/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
include mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
# the collectd config depends on this log format
|
|
log_format combined2 '$remote_addr - [$time_local] '
|
|
'"$request" $status $body_bytes_sent $request_time '
|
|
'"$http_referer" "$host" "$http_user_agent"';
|
|
|
|
# required for long host names
|
|
server_names_hash_bucket_size 128;
|
|
|
|
access_log /var/log/nginx/access.log combined2;
|
|
|
|
sendfile on;
|
|
|
|
# timeout for client to finish sending headers
|
|
client_header_timeout 30s;
|
|
|
|
# timeout for reading client request body (successive read timeout and not whole body!)
|
|
client_body_timeout 60s;
|
|
|
|
# keep-alive connections timeout in 65s. this is because many browsers timeout in 60 seconds
|
|
keepalive_timeout 65s;
|
|
|
|
# zones for rate limiting
|
|
limit_req_zone $binary_remote_addr zone=admin_login:10m rate=10r/s; # 10 request a second
|
|
|
|
|
|
# default http server that returns 404 for any domain we are not listening on
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
server_name does_not_match_anything;
|
|
|
|
# acme challenges (for app installation and re-configure when the vhost config does not exist)
|
|
location /.well-known/acme-challenge/ {
|
|
default_type text/plain;
|
|
alias /home/yellowtent/platformdata/acme/;
|
|
}
|
|
|
|
location / {
|
|
return 404;
|
|
}
|
|
}
|
|
|
|
include applications/*.conf;
|
|
}
|