Skip to content

Instantly share code, notes, and snippets.

@reetp

reetp/rocketchat.conf

Last active August 17, 2020 00:52
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save reetp/e6bd562d85cc40ba4beba28f98678290 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save reetp/e6bd562d85cc40ba4beba28f98678290 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. reetp revised this gist Oct 22, 2019. 1 changed file with 22 additions and 12 deletions.
    34 changes: 22 additions & 12 deletions rocketchat.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -1,27 +1,37 @@
    upstream backend {
    # Upstreams
    upstream backend {
    server 127.0.0.1:3000;
    }
    server {
    listen 1.2.3.4:443;
    server_name example.com chat.example.com;
    }

    # HTTPS Server
    server {
    listen 1.2.3.4:443 ssl http2;
    server_name chat.mydomain.com;

    # You can increase the limit if your need to.
    client_max_body_size 200M;
    error_log /var/log/nginx/rocketchat.access.log;
    access_log /var/log/nginx/rocketchat.access.log;
    error_log /var/log/nginx/rocketchat.error.log;

    ssl on;
    ssl_certificate /etc/dehydrated/certs/example.com/fullchain.pem;
    ssl_certificate_key /etc/dehydrated/certs/example.com/privkey.pem;
    # Mine ran fine without ssl_trusted but it seems to work
    ssl_trusted_certificate /etc/dehydrated/certs/example.com/chain.pem;
    ssl_certificate /etc/dehydrated/certs/mydomain.com/fullchain.pem;
    ssl_certificate_key /etc/dehydrated/certs/mydomain.com/privkey.pem;
    ssl_trusted_certificate /etc/dehydrated/certs/mydomain.com/chain.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE

    location / {
    # add_header Content-Security-Policy "frame-ancestors www.myotherdomain.com";
    # add_header X-Frame-Options "ALLOW-FROM https://www.myotherdomain.com/";
    proxy_pass http://backend/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forward-Proto http;
    proxy_set_header X-Nginx-Proxy true;
    proxy_redirect off;
    }
    }
    }
  2. reetp created this gist Apr 26, 2019.
    27 changes: 27 additions & 0 deletions rocketchat.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,27 @@
    upstream backend {
    server 127.0.0.1:3000;
    }
    server {
    listen 1.2.3.4:443;
    server_name example.com chat.example.com;
    client_max_body_size 200M;
    error_log /var/log/nginx/rocketchat.access.log;
    ssl on;
    ssl_certificate /etc/dehydrated/certs/example.com/fullchain.pem;
    ssl_certificate_key /etc/dehydrated/certs/example.com/privkey.pem;
    # Mine ran fine without ssl_trusted but it seems to work
    ssl_trusted_certificate /etc/dehydrated/certs/example.com/chain.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
    location / {
    proxy_pass http://backend/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forward-Proto http;
    proxy_set_header X-Nginx-Proxy true;
    proxy_redirect off;
    }
    }