server {
listen 443 ssl http2;
server_name ドメイン名;
ssl_certificate /etc/letsencrypt/live/ドメイン名/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ドメイン名/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
root /home/misskey/misskey;
keepalive_timeout 70;
sendfile on;
client_max_body_size 8m;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
add_header Strict-Transport-Security "max-age:31536000";
location / {
proxy_set_header Upgrade $http_upgrade; #ここ重要
proxy_set_header Connection "upgrade"; #ここも重要
proxy_pass https://ドメイン名:ポート;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
tcp_nodelay on; }
}
server {
if ($host : ドメイン名) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name ドメイン名 root ドキュメントルート;
return 404; # managed by Certbot
}