chef/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb

upstream mastodon_app {
<% @upstream_hosts.each do |host| %>
  server <%= host %>:<%= @app_port %>;
<% end %>
}

upstream mastodon_streaming {
<% @upstream_hosts.each do |host| %>
  server <%= host %>:<%= @streaming_port %>;
<% end %>
}

map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}

proxy_cache_path /var/cache/nginx/mastodon levels=1:2
                 keys_zone=mastodon_cache:10m
                 max_size=1g inactive=120m use_temp_path=off;

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name <%= @server_name %>;
  include <%= @shared_config_path %>;

  ssl_certificate     <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;

  add_header Strict-Transport-Security "max-age=31536000";
<% if @onion_address %>
  add_header Onion-Location https://mastodon.<%= @onion_address %>$request_uri;
<% end %>
}

<% if @onion_address %>
server {
  listen 80;
  server_name mastodon.<%= @onion_address %>;
  include <%= @shared_config_path %>;
}
server {
  listen 443 ssl http2;
  server_name mastodon.<%= @onion_address %>;
  include <%= @shared_config_path %>;

  ssl_certificate     <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;

  add_header Strict-Transport-Security "max-age=31536000";
}
<% end %>