From d7dfe53f31452f7e16bc53a7e5be439a251c95c6 Mon Sep 17 00:00:00 2001
From: Andrew Buss <abuss@ucsd.edu>
Date: Wed, 29 Apr 2015 11:16:22 -0700
Subject: [PATCH] Moved nginx configuration into nginxconf

---
 nginxconf/flashy.cards | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 nginxconf/flashy.cards

diff --git a/nginxconf/flashy.cards b/nginxconf/flashy.cards
new file mode 100644
index 0000000..300c08b
--- /dev/null
+++ b/nginxconf/flashy.cards
@@ -0,0 +1,43 @@
+upstream backend_production {
+    server localhost:7001;
+}
+
+server {
+    server_name flashy.cards;
+    listen 443 ssl;
+    location / {
+        root /srv/flashy.cards/;
+    }
+
+    location ~ /(api|static|admin|api-auth)/ {
+        proxy_pass http://backend_production;
+        proxy_redirect      http://backend_production $scheme://flashy.cards;
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location ^~ /jenkins {
+        proxy_pass          http://localhost:8080;
+        proxy_redirect      http://localhost:8080 $scheme://flashy.cards;
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_read_timeout  90;
+    }
+    ssl_certificate /etc/nginx/ssl/bundle.crt;
+    ssl_certificate_key /etc/nginx/ssl/nginx.key;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
+    ssl_prefer_server_ciphers on;
+    keepalive_timeout 70;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    add_header Strict-Transport-Security "max-age=259200";
+}
+
+server {
+    server_name flashy.cards;
+    listen 80;
+    return 301 https://$host$request_uri;
+}
-- 
1.9.1