# upstream goaccess_backend { # server goaccess:7890; # # # Keep up to 32 idle connections per worker # keepalive 16; # # # Maximum time a connection can be idle # keepalive_timeout 60s; # # # Maximum requests per keepalive connection # keepalive_requests 100; # } server { listen 80; listen [::]:80; server_name goaccess.novicelab.io; # ACME challenge for Let's Encrypt certificate renewal location /.well-known/acme-challenge/ { root /var/www/certbot; } location / { return 301 https://$server_name$request_uri; } } map $http_upgrade $connection_upgrade { default upgrade; '' close; } # Server block for GoAccess dashboard server { listen 443 ssl; # http2; server_name goaccess.novicelab.io; # SSL configuration ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_protocols TLSv1.3; # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # add_header X-Content-Type-Options nosniff; # add_header X-Frame-Options DENY; # add_header X-XSS-Protection "1; mode=block"; resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; # Logging access_log /var/log/nginx/goaccess.novicelab.io_access.log json_combined; error_log /var/log/nginx/goaccess.novicelab.io_error.log debug; set $goaccess_backend goaccess:7890; root /usr/share/nginx/html; index report.html; location / { try_files $uri $uri/ =404; } location /ws { proxy_pass http://$goaccess_backend; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; #enable ws upgrade proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } }