Tamas,
If you can use nginx, you can use the following as an example config for a
TG app. I only provide https for redirects to confidential pages in the
following example (ie. login and myprofile).
proxy_cache_path /etc/nginx/data/cache keys_zone=one:10m
> loader_threshold=300 loader_files=200
> max_size=200m;
>
>
> server {
> listen 80;
> listen [::]:80 default ipv6only=on;
> proxy_cache one;
>
> # change to for production/dev
> server_name myinternaldomain.com;
>
>
> location / {
> proxy_cache_min_uses 3;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto $scheme;
>
> proxy_pass http://localhost:8081;
> proxy_read_timeout 190;
> proxy_redirect http://localhost:8081 http://$server_name;
> allow all;
>
> }
>
> location /css/ {
> alias /opt/Projectname/projectname/public/css/;
> try_files $uri =404;
> }
> location /javascript/ {
> alias /opt/Projectname/projectname/public/javascript/;
> try_files $uri =404;
> }
> location /images/ {
> alias /opt/Projectname/projectname/public/images/;
> try_files $uri =404;
> }
> location /login {
> return 301 https://$host$request_uri;
> }
> location /myprofile/ {
> return 301 https://$host$request_uri;
> }
> }
> # statements for each of your virtual hosts to this file
>
> server {
> listen 443;
> listen [::]:443 default ipv6only=on;
>
> server_name myinternal.domain.com;
>
> ssl_certificate /etc/nginx/cert.crt;
> ssl_certificate_key /etc/nginx/cert.key;
> ssl on;
> ssl_session_cache builtin:1000 shared:SSL:10m;
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
> ssl_prefer_server_ciphers on;
>
> access_log /var/log/nginx/access.log;
> error_log /var/log/nginx/error.log crit;
>
> location / {
> return 301 http://$host$request_uri;
> }
>
> location /login {
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto $scheme;
>
> proxy_pass http://localhost:****;
> proxy_read_timeout 90;
> proxy_redirect http://localhost:**** https://$server_name;
> allow all;
> }
>
>
> location /myprofile/ {
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto $scheme;
>
> proxy_pass http://localhost:****;
> proxy_read_timeout 90;
> proxy_redirect http://localhost:**** https://$server_name;
> allow all;
> }
>
> location /css/ {
> alias /opt/Projectname/projectname/public/css/;
> try_files $uri =404;
> }
> location /javascript/ {
> alias /opt/Projectname/projectname/public/javascript/;
> try_files $uri =404;
> }
> location /images/ {
> alias /opt/Projectname/projectname/public/images/;
> try_files $uri =404;
> }
> location /uploads/ {
> alias /opt/Projectname/projectname/public/uploads/;
> try_files $uri =404;
> }
>
> }
>
>
--
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/turbogears.
For more options, visit https://groups.google.com/d/optout.
