ultramookie · October 1, 2024 04:37
diff --git a/gotosocial.conf b/gotosocial.conf
 upstream backend {
    server 127.0.0.1:8080;
 }

 server {
  server_name DOMAIN.TLD;
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
  location / {
    proxy_pass http://backend;
    proxy_set_header Host $host;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_buffering on;
    proxy_buffer_size 16k;
    proxy_busy_buffers_size 24k;
    proxy_buffers 64 4k;
    proxy_http_version 1.1;
    tcp_nodelay on;
  }

  location /assets/ {
    alias /gotosocial/web/assets/;
    autoindex off;
    expires 7d;
    add_header Cache-Control "public";
  }

  location @fileserver {
    proxy_pass http://backend;
    proxy_set_header Host $host;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_buffering on;
    proxy_buffer_size 16k;
    proxy_busy_buffers_size 24k;
    proxy_buffers 64 4k;
    proxy_http_version 1.1;
    tcp_nodelay on;
    expires 52w;
    add_header Cache-Control "public, immutable";
  }

  location /fileserver/ {
    alias /gotosocial/storage/;
    autoindex off;
    expires 52w;
    add_header Cache-Control "public, immutable";
    try_files $uri @fileserver;
  }

  location /auth/sign_in {
    proxy_pass http://backend;
    proxy_set_header Host $host;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
  }

  client_max_body_size 40M;

  listen [::]:443 ssl ipv6only=on http2;
  listen 443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/DOMAIN.TLD/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/DOMAIN.TLD/privkey.pem; # managed by Certbot
  ssl_protocols TLSv1.2 TLSv1.3;

  access_log /var/log/nginx/access.log combined;

  gzip on;
  gzip_disable "msie6";
  gzip_vary on;
  gzip_proxied any;
  gzip_comp_level 1;
  gzip_buffers 16 8k;
  gzip_http_version 1.1;
  gzip_min_length 1024;
  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon;
  }
 }

 server {
  if ($host = DOMAIN.TLD) {
      return 301 https://$host$request_uri;
  } 

  listen 80;
  listen [::]:80;
  server_name DOMAIN.TLD;
    return 404; 
 }
	upstream backend {
	server 127.0.0.1:8080;
	}

	server {
	server_name DOMAIN.TLD;
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
	location / {
	proxy_pass http://backend;
	proxy_set_header Host $host;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_buffering on;
	proxy_buffer_size 16k;
	proxy_busy_buffers_size 24k;
	proxy_buffers 64 4k;
	proxy_http_version 1.1;
	tcp_nodelay on;
	}

	location /assets/ {
	alias /gotosocial/web/assets/;
	autoindex off;
	expires 7d;
	add_header Cache-Control "public";
	}

	location @fileserver {
	proxy_pass http://backend;
	proxy_set_header Host $host;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_buffering on;
	proxy_buffer_size 16k;
	proxy_busy_buffers_size 24k;
	proxy_buffers 64 4k;
	proxy_http_version 1.1;
	tcp_nodelay on;
	expires 52w;
	add_header Cache-Control "public, immutable";
	}

	location /fileserver/ {
	alias /gotosocial/storage/;
	autoindex off;
	expires 52w;
	add_header Cache-Control "public, immutable";
	try_files $uri @fileserver;
	}

	location /auth/sign_in {
	proxy_pass http://backend;
	proxy_set_header Host $host;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Proto $scheme;
	}

	client_max_body_size 40M;

	listen [::]:443 ssl ipv6only=on http2;
	listen 443 ssl http2;
	ssl_certificate /etc/letsencrypt/live/DOMAIN.TLD/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/DOMAIN.TLD/privkey.pem; # managed by Certbot
	ssl_protocols TLSv1.2 TLSv1.3;

	access_log /var/log/nginx/access.log combined;

	gzip on;
	gzip_disable "msie6";
	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 1;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
	gzip_min_length 1024;
	gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon;
	}
	}

	server {
	if ($host = DOMAIN.TLD) {
	return 301 https://$host$request_uri;
	}

	listen 80;
	listen [::]:80;
	server_name DOMAIN.TLD;
	return 404;
	}