--- /dev/null
+server_name
+ burette.heureux-cyclage.org;
+
+client_body_buffer_size 1024k;
+client_max_body_size 10m;
+
+proxy_buffers 16 64k;
+proxy_buffer_size 128k;
+
+location ~ /\. {
+ access_log off;
+ deny all;
+ log_not_found off;
+ }
+location / {
+ proxy_next_upstream error timeout
+ invalid_header
+ http_500
+ http_502
+ http_503;
+ # NOTE: force timeouts if the backend dies.
+ proxy_pass http://lhc_openerp_web;
+ proxy_redirect off;
+ # NOTE: by default, do not forward anything
+ proxy_read_timeout 500;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+ # NOTE: let the OpenERP web service know that we're using HTTPS,
+ # otherwise it will generate URL using http:// and not https://
+ proxy_set_header X-Real-IP $remote_addr;
+ }
+
+location ~* ^/web/static/ {
+ # NOTE: cache some static data in memory for 60mins;
+ # under heavy load this should relieve stress on the OpenERP web interface a bit.
+ expires 864000;
+ proxy_buffering on;
+ proxy_cache_valid 200 60m;
+ proxy_pass http://lhc_openerp_web;
+ }
+
+# vim: ft=sh
--- /dev/null
+server {
+ listen 443;
+ include /etc/nginx/org/heureux-cyclage/burette/common.conf;
+ include /etc/nginx/conf.d/ssl-pfs.conf;
+ ssl_certificate /etc/nginx/org/heureux-cyclage/crt.pem;
+ ssl_certificate_key /etc/nginx/org/heureux-cyclage/key.pem;
+}
+server {
+ listen 80;
+ server_name
+ burette.heureux-cyclage.org;
+
+ return 301 https://$host$request_uri;
+ }
+upstream lhc_openerp_web {
+ server 127.0.0.1:8080
+ fail_timeout=300s
+ weight=1;
+ }