server { include mime.types; default_type application/octet-stream; server_tokens off; # don't send nginx version to end users sendfile on; tcp_nopush on; tcp_nodelay on; gzip on; gzip_comp_level 4; # increase for better compression (values 1 to 9, 1 = fastest, 9 = slowest/best compression) gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; # compress multiple mime types gzip_disable "msie6"; # disable gzip for IE<=6 gzip_vary on; # send Vary: Accept-Encoding header gzip_proxied any; # enable compression for proxied requests charset utf-8; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; # count skin images for static data, though they are in "bin" path location ~* ^/xwiki/bin/skin/(.*)\.(jpg|jpeg|gif|png|ico)$ { access_log off; rewrite ^/xwiki/bin/skin/(.*) /xwiki/$1 permanent; expires max; } location ^~ /xwiki { proxy_pass http://localhost:8100/xwiki; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # for right generating RSS, please add thiss lines to nginx conf # for right generating RSS, please add thiss lines to nginx conf proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; client_max_body_size 1100m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffering off; proxy_max_temp_file_size 5M; } # listen 80; server_name ; listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live//fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live//privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot }