nginx-ssl.conf
| 1 | # /etc/nginx/sites-available/musehub |
| 2 | # This is the final config AFTER Certbot has added SSL. |
| 3 | # Certbot auto-generates a version like this; included here for reference/recovery. |
| 4 | |
| 5 | server { |
| 6 | listen 80; |
| 7 | listen [::]:80; |
| 8 | server_name musehub.ai www.musehub.ai; |
| 9 | return 301 https://$host$request_uri; |
| 10 | } |
| 11 | |
| 12 | server { |
| 13 | listen 443 ssl; |
| 14 | listen [::]:443 ssl; |
| 15 | server_name musehub.ai www.musehub.ai; |
| 16 | |
| 17 | ssl_certificate /etc/letsencrypt/live/musehub.ai/fullchain.pem; |
| 18 | ssl_certificate_key /etc/letsencrypt/live/musehub.ai/privkey.pem; |
| 19 | include /etc/letsencrypt/options-ssl-nginx.conf; |
| 20 | ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; |
| 21 | |
| 22 | client_max_body_size 50m; |
| 23 | |
| 24 | # Push endpoint needs a longer timeout — large repos can take several |
| 25 | # seconds to serialize and write all objects. 60s causes 502 on first push. |
| 26 | location ~ ^/[^/]+/[^/]+/push$ { |
| 27 | proxy_pass http://127.0.0.1:10003; |
| 28 | proxy_http_version 1.1; |
| 29 | proxy_set_header Host $host; |
| 30 | proxy_set_header X-Real-IP $remote_addr; |
| 31 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
| 32 | proxy_set_header X-Forwarded-Proto $scheme; |
| 33 | proxy_read_timeout 300s; |
| 34 | } |
| 35 | |
| 36 | # Proxy all other traffic to the MuseHub uvicorn container |
| 37 | location / { |
| 38 | proxy_pass http://127.0.0.1:10003; |
| 39 | proxy_http_version 1.1; |
| 40 | proxy_set_header Upgrade $http_upgrade; |
| 41 | proxy_set_header Connection "upgrade"; |
| 42 | proxy_set_header Host $host; |
| 43 | proxy_set_header X-Real-IP $remote_addr; |
| 44 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
| 45 | proxy_set_header X-Forwarded-Proto $scheme; |
| 46 | proxy_read_timeout 60s; |
| 47 | } |
| 48 | } |