From 9e85291cd37e6907541519d671bfdd625c4c2f70 Mon Sep 17 00:00:00 2001
From: MeiMei <30769358+mei23@users.noreply.github.com>
Date: Wed, 19 Dec 2018 01:00:57 +0900
Subject: [PATCH] Add example nginx configuration (#3659)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Sample Nginx configuration

* nginxによせる

* 非Debian系ではsites-enabledがない
---
 docs/examples/misskey.nginx | 70 +++++++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)
 create mode 100644 docs/examples/misskey.nginx

diff --git a/docs/examples/misskey.nginx b/docs/examples/misskey.nginx
new file mode 100644
index 0000000000..2b4a0548e6
--- /dev/null
+++ b/docs/examples/misskey.nginx
@@ -0,0 +1,70 @@
+# Sample nginx configuration for Misskey
+#
+# 1. Replace example.tld to your domain
+# 2. Copy to /etc/nginx/sites-available/ and then symlink from /etc/nginx/sites-ebabled/
+#    or copy to /etc/nginx/conf.d/
+
+# For WebSocket
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      close;
+}
+
+proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache1:16m max_size=1g inactive=720m use_temp_path=off;
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name example.tld;
+
+    # For SSL domain validation
+    root /var/www/html;
+    location /.well-known/acme-challenge/ { allow all; }
+    location /.well-known/pki-validation/ { allow all; }
+    location / { return 301 https://$server_name$request_uri; }
+}
+
+server {
+    listen 443 http2;
+    listen [::]:443 http2;
+    server_name example.tld;
+    ssl on;
+		ssl_session_cache shared:ssl_session_cache:10m;
+
+    # To use Let's Encrypt certificate
+    ssl_certificate     /etc/letsencrypt/live/example.tld/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/example.tld/privkey.pem;
+
+    # To use Debian/Ubuntu's self-signed certificate (For testing or before issuing a certificate)
+    #ssl_certificate     /etc/ssl/certs/ssl-cert-snakeoil.pem;
+    #ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+
+    # SSL protocol settings
+    ssl_protocols TLSv1 TLSv1.2;
+    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA;
+    ssl_prefer_server_ciphers on;
+
+    # Change to your upload limit
+    client_max_body_size 80m;
+
+    # Proxy to Node
+    location / {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_http_version 1.1;
+        proxy_redirect off;
+
+        # For WebSocket
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+
+        # Cache settings
+        proxy_cache cache1;
+        proxy_cache_lock on;
+        proxy_cache_use_stale updating;
+        add_header X-Cache $upstream_cache_status;
+    }
+}