Mercurial > hg > digilib
changeset 1639:b924f480326e
Adds a doc/?/deployment.md
with notes regarding the usage of nginx as proxy
| author | Frank Sachsenheim <funkyfuture@riseup.net> |
|---|---|
| date | Thu, 10 Aug 2017 15:58:45 +0200 |
| parents | 3972535c1146 |
| children | 31e259b64e26 |
| files | doc/src/site/markdown/deployment.md |
| diffstat | 1 files changed, 38 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/doc/src/site/markdown/deployment.md Thu Aug 10 15:58:45 2017 +0200 @@ -0,0 +1,38 @@ +# Deploying digilib + +There are a variety of ways to deploy digilib on different server setups. + +## nginx as proxy + +This is an example configuration for `nginx` as a proxy for a single instance +of digilib (listening on port `8080`) that handles transport encryption and +restricts access to sensitive data to the gateway of a local network +(`1.2.3.4`). + +```nginx +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name digilib.example.org; + + # this certificate chain shall *not* include the root certificate: + ssl_certificate /etc/ssl/certs/digilib.example.org.pem; + ssl_certificate_key /etc/ssl/private/digilib.example.org.key; + + include /etc/nginx/proxy_params; + + location ~* .*/(dlConfig|dlRequest).jsp$ { + allow 1.2.3.4; + deny all; + proxy_pass http://localhost:8080; + } + + location / { + proxy_pass http://localhost:8080; + } +} +``` + +## Resources + +- the [nginx documentation](nginx.org/en/docs/)