# HG changeset patch
# User Frank Sachsenheim <funkyfuture@riseup.net>
# Date 1502373525 -7200
# Node ID b924f480326e80efb12ed9de469cb12a1dc4d170
# Parent  3972535c1146ebfb4619eb99daab73a656bdb534
Adds a doc/?/deployment.md

with notes regarding the usage of nginx as proxy

diff -r 3972535c1146 -r b924f480326e doc/src/site/markdown/deployment.md
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/src/site/markdown/deployment.md	Thu Aug 10 15:58:45 2017 +0200
@@ -0,0 +1,38 @@
+# Deploying digilib
+
+There are a variety of ways to deploy digilib on different server setups.
+
+## nginx as proxy
+
+This is an example configuration for `nginx` as a proxy for a single instance
+of digilib (listening on port `8080`) that handles transport encryption and
+restricts access to sensitive data to the gateway of a local network
+(`1.2.3.4`).
+
+```nginx
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name digilib.example.org;
+
+    # this certificate chain shall *not* include the root certificate:
+    ssl_certificate /etc/ssl/certs/digilib.example.org.pem;
+    ssl_certificate_key /etc/ssl/private/digilib.example.org.key;
+
+    include /etc/nginx/proxy_params;
+
+    location ~* .*/(dlConfig|dlRequest).jsp$ {
+        allow 1.2.3.4;
+        deny all;
+        proxy_pass http://localhost:8080;
+    }
+
+    location / {
+        proxy_pass http://localhost:8080;
+    }
+}
+```
+
+## Resources
+
+- the [nginx documentation](nginx.org/en/docs/)