moments/asset/nginx/site.conf.tmpl

upstream moments_api {
    server {{API_UPSTREAM_ADDR}} max_fails=3 fail_timeout=30s;
    keepalive 8;
}

server {
    server_name {{SERVER_NAME}};
    listen 443 ssl;
    http2 on;

    ssl_certificate /etc/letsencrypt/live/{{SERVER_NAME}}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/{{SERVER_NAME}}/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;

    root {{DOCROOT}};
    index index.html;

    location / {
        try_files $uri $uri/ /index.html;
        add_header Cache-Control "no-cache" always;
    }

    location ~* \.(js|css|woff2?|ttf|eot|svg|png|jpg|jpeg|gif|ico|webp|avif)$ {
        expires 30d;
        add_header Cache-Control "public, max-age=2592000, immutable";
        try_files $uri =404;
    }

    location /api/ {
        rewrite ^/api/(.*)$ /$1 break;
        proxy_pass {{API_UPSTREAM_SCHEME}}://moments_api;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 30s;
        proxy_connect_timeout 5s;
    }

    access_log /var/log/nginx/{{SERVER_NAME}}.access.log;
    error_log  /var/log/nginx/{{SERVER_NAME}}.error.log;
}