changeset 1639:b924f480326e

Adds a doc/?/deployment.md with notes regarding the usage of nginx as proxy
author Frank Sachsenheim <funkyfuture@riseup.net>
date Thu, 10 Aug 2017 15:58:45 +0200
parents 3972535c1146
children 31e259b64e26
files doc/src/site/markdown/deployment.md
diffstat 1 files changed, 38 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/src/site/markdown/deployment.md	Thu Aug 10 15:58:45 2017 +0200
@@ -0,0 +1,38 @@
+# Deploying digilib
+
+There are a variety of ways to deploy digilib on different server setups.
+
+## nginx as proxy
+
+This is an example configuration for `nginx` as a proxy for a single instance
+of digilib (listening on port `8080`) that handles transport encryption and
+restricts access to sensitive data to the gateway of a local network
+(`1.2.3.4`).
+
+```nginx
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name digilib.example.org;
+
+    # this certificate chain shall *not* include the root certificate:
+    ssl_certificate /etc/ssl/certs/digilib.example.org.pem;
+    ssl_certificate_key /etc/ssl/private/digilib.example.org.key;
+
+    include /etc/nginx/proxy_params;
+
+    location ~* .*/(dlConfig|dlRequest).jsp$ {
+        allow 1.2.3.4;
+        deny all;
+        proxy_pass http://localhost:8080;
+    }
+
+    location / {
+        proxy_pass http://localhost:8080;
+    }
+}
+```
+
+## Resources
+
+- the [nginx documentation](nginx.org/en/docs/)