6
0
mirror of https://github.com/ChristianLight/tutor.git synced 2024-11-17 10:35:12 +00:00
tutor/configurator/templates/nginx/lms.conf
Régis Behmo 04a0fb5902 Simplify configurator
Template files are now directly loaded in the configurator container, so
that it is possible to run the configurator container directly, outside
of this project.
2018-09-15 17:22:02 +02:00

101 lines
3.0 KiB
Plaintext

{% if ACTIVATE_HTTPS %}
server {
server_name {{ LMS_HOST }} preview.{{ LMS_HOST }};
listen 80;
return 301 https://$server_name$request_uri;
}
{% endif %}
server {
listen {{ "443 ssl" if ACTIVATE_HTTPS else "80" }};
server_name localhost {{ LMS_HOST }} preview.{{ LMS_HOST }};
{% if ACTIVATE_HTTPS %}
ssl_certificate /etc/letsencrypt/live/{{ LMS_HOST }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ LMS_HOST }}/privkey.pem;
{% endif %}
# Prevent invalid display courseware in IE 10+ with high privacy settings
add_header P3P 'CP="Open edX does not have a P3P policy."';
# Nginx does not support nested condition or or conditions so
# there is an unfortunate mix of conditonals here.
client_max_body_size 4M;
rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last;
# Disables server version feedback on pages and in headers
server_tokens off;
location @proxy_to_lms_app {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_redirect off;
# Docker resolver
resolver 127.0.0.11 valid=10s;
set $upstream lms;
proxy_pass http://$upstream:8000;
}
location / {
try_files $uri @proxy_to_lms_app;
}
# /login?next=<any image> can be used by 3rd party sites in <img> tags to
# determine whether a user on their site is logged into edX.
# The most common image to use is favicon.ico.
location /login {
if ( $arg_next ~* "favicon.ico" ) {
return 403;
}
try_files $uri @proxy_to_lms_app;
}
# Need a separate location for the image uploads endpoint to limit upload sizes
location ~ ^/api/profile_images/[^/]*/[^/]*/upload$ {
try_files $uri @proxy_to_lms_app;
client_max_body_size 1049576;
}
location ~ ^/media/(?P<file>.*) {
root /openedx/data/lms/uploads;
try_files /$file =404;
expires 31536000s;
}
location ~ ^/static/(?P<file>.*) {
root /openedx/data/lms;
try_files /staticfiles/$file /course_static/$file =404;
# return a 403 for static files that shouldn't be
# in the staticfiles directory
location ~ ^/static/(?:.*)(?:\.xml|\.json|README.TXT) {
return 403;
}
# Set django-pipelined files to maximum cache time
location ~ "/static/(?P<collected>.*\.[0-9a-f]{12}\..*)" {
expires max;
# Without this try_files, files that have been run through
# django-pipeline return 404s
try_files /staticfiles/$collected /course_static/$collected =404;
}
# Set django-pipelined files for studio to maximum cache time
location ~ "/static/(?P<collected>[0-9a-f]{7}/.*)" {
expires max;
# Without this try_files, files that have been run through
# django-pipeline return 404s
try_files /staticfiles/$collected /course_static/$collected =404;
}
# Expire other static files immediately (there should be very few / none of these)
expires epoch;
}
}