From 1e2e1ddc47d706ce1ddd0ec12c3c7e031d269188 Mon Sep 17 00:00:00 2001
From: Bryan Newbold <bnewbold@robocracy.org>
Date: Fri, 11 Nov 2022 15:15:25 -0800
Subject: nginx and systemd config examples

---
 extra/nginx_example        | 37 +++++++++++++++++++++++++++++++++++++
 extra/systemd_unit_example | 19 +++++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 extra/nginx_example
 create mode 100644 extra/systemd_unit_example

(limited to 'extra')

diff --git a/extra/nginx_example b/extra/nginx_example
new file mode 100644
index 0000000..5ee3647
--- /dev/null
+++ b/extra/nginx_example
@@ -0,0 +1,37 @@
+
+upstream adenosine-pds {
+    server localhost:3030;
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name  example.adenosine.social;
+
+    ssl_certificate /etc/letsencrypt/live/adenosine.social/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/adenosine.social/privkey.pem;
+
+    #add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'";
+    add_header X-Frame-Options "SAMEORIGIN";       # 'always' if nginx > 1.7.5
+    add_header X-Content-Type-Options "nosniff";   # 'always' if nginx > 1.7.5
+    add_header X-Xss-Protection "1";
+    # Enable STS with one year period (breaks http; optional)
+    #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
+
+    #access_log  /var/log/nginx/adenosine-pds.access.log;
+    error_log  /var/log/nginx/adenosine-pds.error.log;
+
+    if ($scheme = http) {
+        return 301 https://$server_name$request_uri;
+    }
+
+    location / {
+        proxy_pass http://adenosine-pds;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP  $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
diff --git a/extra/systemd_unit_example b/extra/systemd_unit_example
new file mode 100644
index 0000000..63b261a
--- /dev/null
+++ b/extra/systemd_unit_example
@@ -0,0 +1,19 @@
+[Unit]
+Description=adenosine PDS
+After=network.target
+StartLimitBurst=20
+StartLimitInterval=30min
+
+[Service]
+Type=simple
+User=www-data
+Group=www-data
+# TODO: under /var/lib/adenosine/ instead?
+WorkingDirectory=/srv/adenosine/
+EnvironmentFile=/srv/adenosine/config.env
+ExecStart=/usr/bin/adenosine-pds serve -v
+Restart=always
+RestartSec=3sec
+
+[Install]
+WantedBy=multi-user.target
-- 
cgit v1.2.3