f7c78e675a
make use of mainline nginx image, switch ssl/non-ssl config file based on presence of cert/key, hardcode app port since it is hardcoded in the app container as well
40 lines
1.2 KiB
Plaintext
40 lines
1.2 KiB
Plaintext
# server {
|
|
# listen 80;
|
|
# server_name mattermost.example.com;
|
|
# return 301 https://$server_name$request_uri;
|
|
# }
|
|
|
|
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
|
|
default $http_x_forwarded_proto;
|
|
'' $scheme;
|
|
}
|
|
|
|
server {
|
|
listen 443;
|
|
|
|
ssl on;
|
|
ssl_certificate /cert/cert.pem;
|
|
ssl_certificate_key /cert/key-no-password.pem;
|
|
ssl_session_timeout 5m;
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_ciphers HIGH:MEDIUM:!SSLv2:!PSK:!SRP:!ADH:!AECDH;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
location / {
|
|
gzip off;
|
|
proxy_set_header X-Forwarded-Ssl on;
|
|
|
|
client_max_body_size 50M;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
|
proxy_set_header X-Frame-Options SAMEORIGIN;
|
|
proxy_pass http://app:80;
|
|
}
|
|
}
|
|
|
|
# See https://github.com/mattermost/docs/blob/master/source/install/prod-ubuntu.rst for the SSL configuration
|