diff --git a/config/nginx.sample.conf b/config/nginx.sample.conf index e72ca14894d..ec3f0434525 100644 --- a/config/nginx.sample.conf +++ b/config/nginx.sample.conf @@ -46,28 +46,26 @@ server { root $public; location ~* \.(eot|ttf|woff|ico)$ { - add_header Access-Control-Allow-Origin *; - expires 1y; - add_header Cache-Control public; - } + expires 1y; + add_header Cache-Control public; + add_header Access-Control-Allow-Origin *; + } location ~ ^/assets/ { expires 1y; - add_header Cache-Control public; add_header ETag ""; + add_header Cache-Control public; break; } location ~ ^/uploads/ { expires 1y; - add_header Cache-Control public; add_header ETag ""; + add_header Cache-Control public; ## optional upload anti-hotlinking rules #valid_referers none blocked mysite.com *.mysite.com; - #if ($invalid_referer) { - # return 403; - #} + #if ($invalid_referer) { return 403; } # custom CSS location ~ /stylesheet-cache/ { try_files $uri =404; } @@ -83,6 +81,14 @@ server { break; } + location ~ ^/backups/ { + # backups must go through the rails application to handle security + proxy_set_header X-Sendfile-Type X-Accel-Redirect; + proxy_set_header X-Accel-Mapping $public/=/downloads/; + proxy_pass http://discourse; + break; + } + try_files $uri @discourse; } @@ -92,12 +98,10 @@ server { } location @discourse { + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $thescheme; - proxy_set_header Host $http_host; proxy_pass http://discourse; }