github.com/ddev/ddev@v1.23.2-0.20240519125000-d824ffe36ff3/pkg/ddevapp/webserver_config_assets/nginx-site-django4.conf

github.com/ddev/ddev@v1.23.2-0.20240519125000-d824ffe36ff3/pkg/ddevapp/webserver_config_assets/nginx-site-django4.conf (about)

     1  # ddev Django nginx config
     2  #ddev-generated
     3  # If you want to take over this file and customize it, remove the line above
     4  # and ddev will respect it and won't overwrite the file.
     5  # See https://ddev.readthedocs.io/en/stable/users/extend/customization-extendibility/#custom-nginx-configuration
     6  
     7  server {
     8      listen 80 default_server;
     9      listen 443 ssl default_server;
    10  
    11      client_max_body_size 4G;
    12  
    13      # Path for static files
    14      root /var/www/html/mysite;
    15  
    16      ssl_certificate /etc/ssl/certs/master.crt;
    17      ssl_certificate_key /etc/ssl/certs/master.key;
    18  
    19      include /etc/nginx/monitoring.conf;
    20  
    21      keepalive_timeout 5;
    22  
    23      location / {
    24        # checks for static file, if not found proxy to app
    25        try_files $uri @proxy_to_app;
    26      }
    27  
    28      location @proxy_to_app {
    29        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    30  # X-Forwarded-Proto doesn't seem to work in reverse-proxied gunicorn
    31  # See https://github.com/benoitc/gunicorn/issues/1857#issuecomment-1134699466
    32  #       proxy_set_header X-Forwarded-Proto $scheme;
    33        proxy_set_header Host $http_host;
    34        # we don't want nginx trying to do something clever with
    35        # redirects, we set the Host: header above already.
    36        proxy_redirect off;
    37        proxy_pass http://localhost:8000;
    38      }
    39  
    40  #    error_page 500 502 503 504 /500.html;
    41  #    location = /500.html {
    42  #      root /var/www/html/mysite;
    43  #    }
    44  
    45      # Prevent clients from accessing hidden files (starting with a dot)
    46      # This is particularly important if you store .htpasswd files in the site hierarchy
    47      # Access to `/.well-known/` is allowed.
    48      # https://www.mnot.net/blog/2010/04/07/well-known
    49      # https://tools.ietf.org/html/rfc5785
    50      location ~* /\.(?!well-known\/) {
    51        deny all;
    52      }
    53  
    54      # Prevent clients from accessing to backup/config/source files
    55      location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
    56        deny all;
    57      }
    58  
    59      include /etc/nginx/common.d/*.conf;
    60      include /mnt/ddev_config/nginx/*.conf;
    61  }