Skip to content
Normal view History Permalink
nginx_rocketchat.j2 2.1 KiB
Newer Older
jerome's avatar
rocket.chat (new)
jerome committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 
# Upstreams
upstream backend{{ app_instance_id }} {
    server 127.0.0.1:{{ app_port }};
}

map $http_user_agent $log_ua {
    ~Monit 0;
    default 1;
}

server {
    listen 80;
    server_name {{ app_domain | mandatory }};
    # enforce https
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name {{ app_domain | mandatory }};

    ssl_certificate /etc/letsencrypt/live/{{ app_domain }}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/{{ app_domain }}/privkey.pem;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    # add_header Strict-Transport-Security "max-age=15768000;
    # includeSubDomains; preload;";
    #
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    add_header Strict-Transport-Security "max-age=15768000";

    # Path to the root of your installation
    root {{ app_instance_root }}/;

    access_log {{ www_log | mandatory }}/{{ app_instance_id }}/access.log combined if=$log_ua;
    error_log {{ www_log | mandatory }}/{{ app_instance_id }}/error.log;

    # set max upload size
Julien Gomes Dias's avatar
Fix bug in uploads https://github.com/RocketChat/Rocket.Chat/issues/8575  
Julien Gomes Dias committed
50 
    client_max_body_size 512M;
jerome's avatar
rocket.chat (new)
jerome committed
51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 

    location / {
        proxy_pass http://backend{{ app_instance_id }}/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;

        proxy_redirect off;
    }
Julien Gomes Dias's avatar
Fix bug in uploads https://github.com/RocketChat/Rocket.Chat/issues/8575  
Julien Gomes Dias committed
66 
}