LibreChat/client/nginx.conf

# Secure default configuration generated by Mozilla SSL Configuration Generator
# generated 2024-01-21, Mozilla Guideline v5.7, nginx 1.24.0, OpenSSL 3.1.4, intermediate configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.24.0&config=intermediate&openssl=3.1.4&guideline=5.7

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    # To Configure SSL, comment all lines within the Non-SSL section and uncomment all lines under the SSL section. 
    ########################################  Non-SSL  ########################################
    server_name localhost;
 
    # Increase the client_max_body_size to allow larger file uploads
    # The default limits for image uploads as of 11/22/23 is 20MB/file, and 25MB/request
    client_max_body_size 25M;

    location /api {
        proxy_pass http://api:3080/api;
    }

    location / {
        proxy_pass http://api:3080;
    }

    ########################################  SSL  ########################################
#    # Redirect all http traffic to https
#    location / {
#        return 301 https://$host$request_uri;
#    }
}

#server {
#    listen 443 ssl http2;
#    listen [::]:443 ssl http2;

#    ssl_certificate /etc/nginx/ssl/nginx.crt;
#    ssl_certificate_key /etc/nginx/ssl/nginx.key;
#    ssl_session_timeout 1d;
#    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
#    ssl_session_tickets off;

#    # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/nginx/ssl/dhparam
#    ssl_dhparam /etc/nginx/ssl/dhparam;

#    # intermediate configuration
#    ssl_protocols TLSv1.2 TLSv1.3;
#    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
#    ssl_prefer_server_ciphers off;

#    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
#    add_header Strict-Transport-Security "max-age=63072000" always;

#    # OCSP stapling
#    ssl_stapling on;
#    ssl_stapling_verify on;

#    # verify chain of trust of OCSP response using Root CA and Intermediate certs
#    ssl_trusted_certificate /etc/nginx/ssl/ca.crt;

#    # replace with the IP address of your resolver
#    resolver 127.0.0.1;

#    server_name localhost;
 
#    # Increase the client_max_body_size to allow larger file uploads
#    # The default limits for image uploads as of 11/22/23 is 20MB/file, and 25MB/request
#    client_max_body_size 25M;

#    location /api {
#        proxy_pass http://api:3080/api;
#    }

#    location / {
#        proxy_pass http://api:3080;
#    }
#}
🔏 feat: Nginx SSL Secure Config (#1615) * Update nginx.conf Add Mozilla SSL Configuration Generator recommended options. * Update nginx.conf Remove Space 2024-01-23 06:30:26 -06:00			`# Secure default configuration generated by Mozilla SSL Configuration Generator`
			`# generated 2024-01-21, Mozilla Guideline v5.7, nginx 1.24.0, OpenSSL 3.1.4, intermediate configuration`
			`# https://ssl-config.mozilla.org/#server=nginx&version=1.24.0&config=intermediate&openssl=3.1.4&guideline=5.7`
wip: testing leaner docker strategy and deployment compose file (#719) * nginx setup * chore(dev-images.yml): update workflow trigger to push events on main branch chore(dev-images.yml): remove building and pushing of librechat-dev-client image chore(nginx.conf): comment out SSL configuration in nginx.conf chore(deploy-compose.yml): uncomment api build configuration in deploy-compose.yml chore(deploy-compose.yml): update client build configuration in deploy-compose.yml 2023-07-27 18:52:10 -04:00
🔏 feat: Nginx SSL Secure Config (#1615) * Update nginx.conf Add Mozilla SSL Configuration Generator recommended options. * Update nginx.conf Remove Space 2024-01-23 06:30:26 -06:00			`server {`
			`listen 80 default_server;`
			`listen [::]:80 default_server;`
wip: testing leaner docker strategy and deployment compose file (#719) * nginx setup * chore(dev-images.yml): update workflow trigger to push events on main branch chore(dev-images.yml): remove building and pushing of librechat-dev-client image chore(nginx.conf): comment out SSL configuration in nginx.conf chore(deploy-compose.yml): uncomment api build configuration in deploy-compose.yml chore(deploy-compose.yml): update client build configuration in deploy-compose.yml 2023-07-27 18:52:10 -04:00
🔏 feat: Nginx SSL Secure Config (#1615) * Update nginx.conf Add Mozilla SSL Configuration Generator recommended options. * Update nginx.conf Remove Space 2024-01-23 06:30:26 -06:00			`# To Configure SSL, comment all lines within the Non-SSL section and uncomment all lines under the SSL section.`
			`######################################## Non-SSL ########################################`
			`server_name localhost;`

			`# Increase the client_max_body_size to allow larger file uploads`
			`# The default limits for image uploads as of 11/22/23 is 20MB/file, and 25MB/request`
			`client_max_body_size 25M;`
feat: docker-compose deployment file (#706) * feat(deploy-compose.yml): add docker-compose file for development deployment A new docker-compose file has been added for development deployment. This file defines the services required for running the application in a development environment. The services include a client service running nginx, an api service running the LibreChat application, a mongodb service for the database, and a meilisearch service for search functionality. The client service is configured to use the latest version of the nginx image, with port 3080 mapped to port 80. It also mounts the nginx.conf file and the client's node_modules directory. The api service is named LibreChat and is built from the librechat image. It exposes port 9000 and depends on the mongodb service. It also mounts the api directory, the .env files, and the client's node_modules directory. The mongodb service is named chat-mongodb and uses the mongo image. It exposes port 27018 and mounts the data-node directory for data storage * chore(deploy-compose.yml): update env_file path to ../../.env * chore(deploy-compose.yml): update image name to librechat_deploy chore(deploy-compose.yml): update build context to ../../ * chore(deploy-compose.yml): update image and comment out build section The image for the service has been updated to `ghcr.io/danny-avila/librechat:latest`. The build section has been commented out as it is no longer needed. * refactor(nginx.conf): reformat nginx.conf for better readability and maintainability * chore(nginx.conf): add worker_connections configuration to events block chore(nginx.conf): add listen configuration to server block * chore(deploy-compose.yml): update nginx container ports configuration feat(deploy-compose.yml): add support for HTTPS by exposing port 443 * docs(dev/README.md): add instructions for deploying with deploy-compose.yml * docs(dev/README.md): update instructions for deploying with deploy-compose.yml 2023-07-26 12:57:26 -04:00
🔏 feat: Nginx SSL Secure Config (#1615) * Update nginx.conf Add Mozilla SSL Configuration Generator recommended options. * Update nginx.conf Remove Space 2024-01-23 06:30:26 -06:00			`location /api {`
			`proxy_pass http://api:3080/api;`
			`}`
fix: Increase client_max_body_size for larger file uploads through nginx (#1210) 2023-11-22 19:07:01 -05:00
🔏 feat: Nginx SSL Secure Config (#1615) * Update nginx.conf Add Mozilla SSL Configuration Generator recommended options. * Update nginx.conf Remove Space 2024-01-23 06:30:26 -06:00			`location / {`
			`proxy_pass http://api:3080;`
			`}`
fix: update url rule in nginx 2023-03-29 16:11:43 +08:00
🔏 feat: Nginx SSL Secure Config (#1615) * Update nginx.conf Add Mozilla SSL Configuration Generator recommended options. * Update nginx.conf Remove Space 2024-01-23 06:30:26 -06:00			`######################################## SSL ########################################`
			`# # Redirect all http traffic to https`
			`# location / {`
			`# return 301 https://$host$request_uri;`
			`# }`
modify docker setup 2023-03-06 15:56:25 -05:00			`}`
🔏 feat: Nginx SSL Secure Config (#1615) * Update nginx.conf Add Mozilla SSL Configuration Generator recommended options. * Update nginx.conf Remove Space 2024-01-23 06:30:26 -06:00
			`#server {`
			`# listen 443 ssl http2;`
			`# listen [::]:443 ssl http2;`

			`# ssl_certificate /etc/nginx/ssl/nginx.crt;`
			`# ssl_certificate_key /etc/nginx/ssl/nginx.key;`
			`# ssl_session_timeout 1d;`
			`# ssl_session_cache shared:MozSSL:10m; # about 40000 sessions`
			`# ssl_session_tickets off;`

			`# # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/nginx/ssl/dhparam`
			`# ssl_dhparam /etc/nginx/ssl/dhparam;`

			`# # intermediate configuration`
			`# ssl_protocols TLSv1.2 TLSv1.3;`
			`# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;`
			`# ssl_prefer_server_ciphers off;`

			`# # HSTS (ngx_http_headers_module is required) (63072000 seconds)`
			`# add_header Strict-Transport-Security "max-age=63072000" always;`

			`# # OCSP stapling`
			`# ssl_stapling on;`
			`# ssl_stapling_verify on;`

			`# # verify chain of trust of OCSP response using Root CA and Intermediate certs`
			`# ssl_trusted_certificate /etc/nginx/ssl/ca.crt;`

			`# # replace with the IP address of your resolver`
			`# resolver 127.0.0.1;`

			`# server_name localhost;`

			`# # Increase the client_max_body_size to allow larger file uploads`
			`# # The default limits for image uploads as of 11/22/23 is 20MB/file, and 25MB/request`
			`# client_max_body_size 25M;`

			`# location /api {`
			`# proxy_pass http://api:3080/api;`
			`# }`

			`# location / {`
			`# proxy_pass http://api:3080;`
			`# }`
			`#}`