Hello all. I just managed to install Mobilizon 3.1.3. via docker with an nginx reverse proxy configuration.
I was wondering if I’m missing anything with my reverse proxy configuration, as some things still look a bit weird, there are some margins missing and some buttons look unstyled (the button to upload an avatar image). As if certain CSS styles are missing. I configured mobilizon to use port 5000.
My nginx config derived from the configuration provided here:
https://docs.joinmobilizon.org/administration/install/release/#reverse-proxy
I didn’t specify the location block for the css/js files as the git repo for the docker setup doesn’t seem to provide that (assuming this is coming from the docker image?).
Am I missing something?
server {
listen 80;
listen [::]:80;
server_name mobilize.hamburg;
include snippets/letsencrypt.conf;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mobilize.hamburg;
ssl_trusted_certificate /etc/letsencrypt/live/mobilize.hamburg/fullchain.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mobilize.hamburg/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mobilize.hamburg/privkey.pem; # managed by Certbot
ssl_session_timeout 5m;
# Add TLSv1.3 if it's supported by your system
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA';
ssl_prefer_server_ciphers on;
ssl_ecdh_curve prime256v1;
# ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000";
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
# the nginx default is 1m, not enough for large media uploads
client_max_body_size 16m;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
location / {
proxy_pass http://127.0.0.1:5000/;
}
location ~ ^/(media|proxy) {
etag off;
access_log off;
add_header Cache-Control "public, max-age=31536000, immutable";
proxy_pass http://localhost:5000;
}
}
My snippets/letsencrypt.conf does the .well-known/acme-challenge/ stuff:
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/letsencrypt;
}