update default to match working config in prod

diff --git a/etc/nginx/sites-available/default b/etc/nginx/sites-available/default
index 86773539c2dacd81a7c7e4fc1f2933ddd4cab99a..1cc285128a9b6d8a3d768b65de8aeaa095d74bab 100644 (file)
--- a/etc/nginx/sites-available/default
+++ b/etc/nginx/sites-available/default
@@ -17,7 +17,26 @@ server {
     try_files $uri @sanic;
   }
 
+  # Ghost
+  root /var/www/blog/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)
+
+  location ^~ /blog/ {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header Host $http_host;
+    proxy_pass http://127.0.0.1:2368;
+    proxy_redirect off;
+  }
+
+  location ~ /.well-known {
+    allow all;
+  }
+
+  client_max_body_size 50m;
 
+
+  # Sanic
   location @sanic {
     proxy_pass http://$server_name;
     # Allow fast streaming HTTP/1.1 pipes (keep-alive, unbuffered)
@@ -34,7 +53,7 @@ server {
 
   # default favicon
   location = /favicon.ico {
-    alias /var/www/ntserv/static/favicon.gif;
+    alias /var/www/favicon.gif;
   }
 
 
@@ -50,12 +69,16 @@ server {
 # https://wordpress.org/support/article/nginx/
 # http://wiki.nginx.org/IfIsEvil
 server {
-    if ($host = deveast.linode.poczatek.dev) {
-        return 301 https://$host$request_uri;
-    } # managed by Certbot
+
+  # CertBot
+  if ($host = deveast.linode.poczatek.dev) {
+    return 301 https://$host$request_uri;
+  } # managed by Certbot
 
 
   server_name deveast.linode.poczatek.dev;
+
+  # CertBot
   listen 80;
   return 404; # managed by Certbot
 }