{% if ACTIVATE_HTTPS %} server { server_name {{ LMS_HOST }} preview.{{ LMS_HOST }}; listen 80; return 301 https://$server_name$request_uri; } {% endif %} server { listen {{ "443 ssl" if ACTIVATE_HTTPS else "80" }}; server_name localhost {{ LMS_HOST }} preview.{{ LMS_HOST }}; {% if ACTIVATE_HTTPS %} ssl_certificate /etc/letsencrypt/live/{{ LMS_HOST }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ LMS_HOST }}/privkey.pem; {% endif %} # Prevent invalid display courseware in IE 10+ with high privacy settings add_header P3P 'CP="Open edX does not have a P3P policy."'; # Nginx does not support nested condition or or conditions so # there is an unfortunate mix of conditonals here. client_max_body_size 4M; rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last; # Disables server version feedback on pages and in headers server_tokens off; location @proxy_to_lms_app { proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $http_host; proxy_redirect off; # Docker resolver resolver 127.0.0.11 valid=10s; set $upstream lms; proxy_pass http://$upstream:8000; } location / { try_files $uri @proxy_to_lms_app; } # /login?next= can be used by 3rd party sites in tags to # determine whether a user on their site is logged into edX. # The most common image to use is favicon.ico. location /login { if ( $arg_next ~* "favicon.ico" ) { return 403; } try_files $uri @proxy_to_lms_app; } # Need a separate location for the image uploads endpoint to limit upload sizes location ~ ^/api/profile_images/[^/]*/[^/]*/upload$ { try_files $uri @proxy_to_lms_app; client_max_body_size 1049576; } location ~ ^/media/(?P.*) { root /openedx/data/lms/uploads; try_files /$file =404; expires 31536000s; } location ~ ^/static/(?P.*) { root /openedx/data/lms; try_files /staticfiles/$file /course_static/$file =404; # return a 403 for static files that shouldn't be # in the staticfiles directory location ~ ^/static/(?:.*)(?:\.xml|\.json|README.TXT) { return 403; } # Set django-pipelined files to maximum cache time location ~ "/static/(?P.*\.[0-9a-f]{12}\..*)" { expires max; # Without this try_files, files that have been run through # django-pipeline return 404s try_files /staticfiles/$collected /course_static/$collected =404; } # Set django-pipelined files for studio to maximum cache time location ~ "/static/(?P[0-9a-f]{7}/.*)" { expires max; # Without this try_files, files that have been run through # django-pipeline return 404s try_files /staticfiles/$collected /course_static/$collected =404; } # Expire other static files immediately (there should be very few / none of these) expires epoch; } }