map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { server_name ${HEDGEDOC_HOSTNAME} ${HEDGEDOC_HOSTNAME}.${DOMAIN_NAME}; client_max_body_size 128m; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; #include /etc/nginx/mime.types; #default_type application/octet-stream; gzip on; gzip_disable "msie6"; proxy_read_timeout 1800s; proxy_cache mycache; proxy_cache_valid any 1m; add_header X-Cache-Status $upstream_cache_status; # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486) chunked_transfer_encoding on; location / { proxy_pass http://hedgedoc:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # allow the fonts to be used by anything location ~* \.(eot|otf|ttf|woff|woff2)$ { add_header Access-Control-Allow-Origin *; proxy_pass http://hedgedoc:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # websocket traffic with extra headers for upgrading the connection location /socket.io/ { proxy_pass http://hedgedoc:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } listen 443 ssl; ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem; include /etc/nginx/includes/options-ssl-nginx.conf; include /etc/nginx/includes/challenge.conf; ssl_dhparam /etc/nginx/includes/ssl-dhparams.pem; }