Add nginx reverse proxy with Let's Encrypt SSL

- nginx as reverse proxy for dawarich frontend - Let's Encrypt certificate support with automatic renewal - HTTP to HTTPS redirect, gzip compression - Bootstrap config for initial certificate request Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-14 11:19:07 +01:00
commit ab278da5fe
6 changed files with 329 additions and 0 deletions
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -0,0 +1,72 @@
+server {
+	listen 80;
+	listen [::]:80;
+	server_name location.butenostfreesen.de;
+
+	# ACME-Challenge für Let's Encrypt Zertifikatserneuerung
+	location /.well-known/acme-challenge/ {
+		root /var/www/certbot;
+	}
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
+
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;
+	http2 on;
+	server_name location.butenostfreesen.de;
+
+	# Let's Encrypt Zertifikate
+	ssl_certificate /etc/letsencrypt/live/location.butenostfreesen.de/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/location.butenostfreesen.de/privkey.pem;
+	ssl_protocols TLSv1.2 TLSv1.3;
+	ssl_prefer_server_ciphers off;
+	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
+	ssl_session_cache shared:SSL:10m;
+	ssl_session_timeout 1d;
+
+	gzip on;
+	gzip_vary on;
+	gzip_proxied any;
+	gzip_comp_level 6;
+	gzip_types
+		text/css
+		text/plain
+		text/xml
+		text/x-component
+		text/javascript
+		application/x-javascript
+		application/javascript
+		application/json
+		application/manifest+json
+		application/vnd.api+json
+		application/xml
+		application/xhtml+xml
+		application/rss+xml
+		application/atom+xml
+		application/vnd.ms-fontobject
+		application/x-font-ttf
+		application/x-font-opentype
+		application/x-font-truetype
+		image/svg+xml
+		image/x-icon
+		image/vnd.microsoft.icon
+		font/ttf
+		font/eot
+		font/otf
+		font/opentype;
+
+	location / {
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto https;
+		proxy_set_header X-Forwarded-Server $host;
+		proxy_set_header Host $http_host;
+		proxy_redirect off;
+
+		proxy_pass http://dawarich_app:3000/;
+	}
+}