Versions Compared

Old Version 19

changes.mady.by.user Mikael Ottosson

Saved on

compared with

New Version 20

changes.mady.by.user Mikael Ottosson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
title/etc/nginx/sites-available/default
$ sudo vi /etc/nginx/sites-available/default

The following configuration should be a good start.

upstream django {    
    server 127.0.0.1:8001; # for a web port socket
}

server {
    listen         80;
    listen         [::]:80;
    server_name    ni.nordu.net;
    rewrite        ^ https://$server_name$request_uri? permanent;
}

server {
    listen 443;
    listen [::]:443 default ipv6only=on; ## listen for ipv6
    ssl on;
	ssl_certificate /etc/ssl/ni_nordu_net.crt;
    ssl_certificate_key /etc/ssl/ni_nordu_net.key;

    # PFS settings from http://people.adams.edu/~cdmiller/posts/NSA_SSL_settings_for_nginx_and_apache/
    # NOTE: these settings exclude Win XP with IE 6
    #
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA:!ADH:!aNULL;
    
    server_name ni.nordu.net;

    location /static/ {
        root alias         /var/opt/norduni/norduni/src/niweb/sitestatic/;
        autoindex    on;
        access_log   off;
        expires      30d; 
    }

    location / {
        include     /etc/nginx/uwsgi_params;
        proxy_set_header   Host                 $host;
        proxy_set_header   X-Real-IP            $remote_addr;
        proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto    $scheme;
        proxy_redirect     off;
        uwsgi_pass  django;
    }   
}

...