/etc/nginx/conf.d/erpnext.conf

1. upstream erpnext-frappe {
2. server 127.0.0.1:8000 fail_timeout=0;
3. }
4.  
5. upstream erpnext-socketio-server {
6. server 127.0.0.1:9000 fail_timeout=0;
7. }
8.  
9.  
10.  
11. # setup maps
12.  
13.  
14. # server blocks
15.  
16.  
17.  
18.  
19.  
20. server {
21.  
22. listen 8090;
23.  
24.  
25. server_name
26. erp.hashq.in
27. ;
28.  
29. root /opt/bench/erpnext/sites;
30.  
31.  
32.  
33. proxy_buffer_size 128k;
34. proxy_buffers 4 256k;
35. proxy_busy_buffers_size 256k;
36.  
37.  
38.  
39. add_header X-Frame-Options "SAMEORIGIN";
40. add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
41. add_header X-Content-Type-Options nosniff;
42. add_header X-XSS-Protection "1; mode=block";
43.  
44. location /assets {
45. try_files $uri =404;
46. }
47.  
48. location ~ ^/protected/(.*) {
49. internal;
50. try_files /erp.hashq.in/$1 =404;
51. }
52.  
53. location /socket.io {
54. proxy_http_version 1.1;
55. proxy_set_header Upgrade $http_upgrade;
56. proxy_set_header Connection "upgrade";
57. proxy_set_header X-Frappe-Site-Name erp.hashq.in;
58. proxy_set_header Origin $scheme://$http_host;
59. proxy_set_header Host $host;
60.  
61. proxy_pass http://erpnext-socketio-server;
62. }
63.  
64. location / {
65.  
66. rewrite ^(.+)/$ $1 permanent;
67. rewrite ^(.+)/index\.html$ $1 permanent;
68. rewrite ^(.+)\.html$ $1 permanent;
69.  
70. location ~ ^/files/.*.(htm|html|svg|xml) {
71. add_header Content-disposition "attachment";
72. try_files /erp.hashq.in/public/$uri @webserver;
73. }
74.  
75. try_files /erp.hashq.in/public/$uri @webserver;
76. }
77.  
78. location @webserver {
79. proxy_set_header X-Forwarded-For $remote_addr;
80. proxy_set_header X-Forwarded-Proto $scheme;
81. proxy_set_header X-Frappe-Site-Name erp.hashq.in;
82. proxy_set_header Host $host;
83. proxy_set_header X-Use-X-Accel-Redirect True;
84. proxy_read_timeout 120;
85. proxy_redirect off;
86.  
87. proxy_pass http://erpnext-frappe;
88. }
89.  
90. # error pages
91. error_page 502 /502.html;
92. location /502.html {
93. root /opt/bench/bench-repo/bench/config/templates;
94. internal;
95. }
96.  
97. # optimizations
98. sendfile on;
99. keepalive_timeout 15;
100. client_max_body_size 50m;
101. client_body_buffer_size 16K;
102. client_header_buffer_size 1k;
103.  
104. # enable gzip compresion
105. # based on https://mattstauffer.co/blog/enabling-gzip-on-nginx-servers-including-laravel-forge
106. gzip on;
107. gzip_http_version 1.1;
108. gzip_comp_level 5;
109. gzip_min_length 256;
110. gzip_proxied any;
111. gzip_vary on;
112. gzip_types
113. application/atom+xml
114. application/javascript
115. application/json
116. application/rss+xml
117. application/vnd.ms-fontobject
118. application/x-font-ttf
119. application/font-woff
120. application/x-web-app-manifest+json
121. application/xhtml+xml
122. application/xml
123. font/opentype
124. image/svg+xml
125. image/x-icon
126. text/css
127. text/plain
128. text/x-component
129. ;
130. # text/html is always compressed by HttpGzipModule
131.  
132. listen 443 ssl; # managed by Certbot
133. ssl_certificate /etc/letsencrypt/live/hashq.in/fullchain.pem; # managed by Certbot
134. ssl_certificate_key /etc/letsencrypt/live/hashq.in/privkey.pem; # managed by Certbot
135. include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
136. ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
137.  
138. }
139.