# Ansible managed: /home/bnewbold/code/infra/roles/mediagoblin/templates/etc_nginx_sites-available_mediagoblin.j2 modified on 2016-05-04 16:23:25 by bnewbold on eschaton

server {

    listen 80;
    listen [::]:80;
    listen 443 ssl spdy;
    listen [::]:443 ssl spdy;
    server_name goblin.bnewbold.net;


     ssl_certificate /etc/letsencrypt/live/bnewbold.net/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/bnewbold.net/privkey.pem;
        
     #add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'";
     add_header X-Frame-Options "SAMEORIGIN";       # 'always' if nginx > 1.7.5
     add_header X-Content-Type-Options "nosniff";   # 'always' if nginx > 1.7.5
     add_header X-Xss-Protection "1";
     # Enable STS with one year period (breaks http; optional)
     #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";


    # Change this to update the upload size limit for your users
    client_max_body_size 1024m;

    # prevent attacks (someone uploading a .txt file that the browser
    # interprets as an HTML file, etc.)
    add_header X-Content-Type-Options nosniff;

    access_log /var/log/nginx/mediagoblin.access.log;
    error_log /var/log/nginx/mediagoblin.error.log;

    # MediaGoblin's stock static files: CSS, JS, etc.
    location /mgoblin_static/ {
        alias /srv/http/goblin.bnewbold.net/src/mediagoblin/static/;
    }

    # Instance specific media:
    location /mgoblin_media/ {
        alias /srv/http/goblin.bnewbold.net/data/media/public/;
    }

    # Theme static files (usually symlinked in)
    location /theme_static/ {
        alias /srv/http/goblin.bnewbold.net/src/user_dev/theme_static/;
    }

    # Plugin static files (usually symlinked in)
    location /plugin_static/ {
        alias /srv/http/goblin.bnewbold.net/src/user_dev/plugin_static/;
    }

#    # Mounting MediaGoblin itself via FastCGI.
#    location / {
#        fastcgi_pass 127.0.0.1:26543;
#        include /etc/nginx/fastcgi_params;
#
#        # our understanding vs nginx's handling of script_name vs
#        # path_info don't match :)
#        fastcgi_param PATH_INFO $fastcgi_script_name;
#        fastcgi_param SCRIPT_NAME "";
#    }

    # Until FastCGI works, just do a proxy pass
    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://127.0.0.1:26543;
    }

    # Let's Encrypt SSL Certs
    location /.well-known/acme-challenge/ {
        root /var/www/letsencrypt;
        autoindex off;
    }

}