Dear Stuart,
Thanks a lot! It seems to work with nginx (it is pretty easy to
quick-configure and try; especially based on your config file.
On 01/14/2015 06:47 PM, Stuart Zurcher wrote:
Tamas,
If you can use nginx, you can use the following as an example config for
a TG app. I only provide https for redirects to confidential pages in
the following example (ie. login and myprofile).
proxy_cache_path /etc/nginx/data/cache keys_zone=one:10m
loader_threshold=300 loader_files=200
max_size=200m;
server {
listen 80;
listen [::]:80 default ipv6only=on;
proxy_cache one;
# change to for production/dev
server_name myinternaldomain.com;
location / {
proxy_cache_min_uses 3;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8081;
proxy_read_timeout 190;
proxy_redirect http://localhost:8081 http://$server_name;
allow all;
}
location /css/ {
alias /opt/Projectname/projectname/public/css/;
try_files $uri =404;
}
location /javascript/ {
alias /opt/Projectname/projectname/public/javascript/;
try_files $uri =404;
}
location /images/ {
alias /opt/Projectname/projectname/public/images/;
try_files $uri =404;
}
location /login {
return 301 https://$host$request_uri;
}
location /myprofile/ {
return 301 https://$host$request_uri;
}
}
# statements for each of your virtual hosts to this file
server {
listen 443;
listen [::]:443 default ipv6only=on;
server_name myinternal.domain.com;
ssl_certificate /etc/nginx/cert.crt;
ssl_certificate_key /etc/nginx/cert.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers
HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log crit;
location / {
return 301 http://$host$request_uri;
}
location /login {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:****;
proxy_read_timeout 90;
proxy_redirect http://localhost:**** https://$server_name;
allow all;
}
location /myprofile/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:****;
proxy_read_timeout 90;
proxy_redirect http://localhost:**** https://$server_name;
allow all;
}
location /css/ {
alias /opt/Projectname/projectname/public/css/;
try_files $uri =404;
}
location /javascript/ {
alias /opt/Projectname/projectname/public/javascript/;
try_files $uri =404;
}
location /images/ {
alias /opt/Projectname/projectname/public/images/;
try_files $uri =404;
}
location /uploads/ {
alias /opt/Projectname/projectname/public/uploads/;
try_files $uri =404;
}
}
--
You received this message because you are subscribed to the Google
Groups "TurboGears" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
To post to this group, send email to [email protected]
<mailto:[email protected]>.
Visit this group at http://groups.google.com/group/turbogears.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/turbogears.
For more options, visit https://groups.google.com/d/optout.
