From d182d299f8f4ed95d5f8b71fa64c4d0f1e8c7ebb Mon Sep 17 00:00:00 2001
From: Ari Timonen <ari@fastmail.com>
Date: Sat, 4 Mar 2023 18:52:42 +0200
Subject: [PATCH] Fix staging nginx cfg

---
 ext/nginx.conf.d/staging.conf.template | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/ext/nginx.conf.d/staging.conf.template b/ext/nginx.conf.d/staging.conf.template
index b809b5e..dbd62c8 100644
--- a/ext/nginx.conf.d/staging.conf.template
+++ b/ext/nginx.conf.d/staging.conf.template
@@ -1,10 +1,11 @@
+
 # Staging nginx conf
 # The point of this config file is to have near-identical setup in staging.
 # Use it in production or copy it over
 
 upstream ensl_staging {
-  server staging:$PUMA_STAGING_PORT;
-  # server unix:/var/tmp/puma.$RAILS_ENV.sock fail_timeout=0;
+  # server staging:$STAGING_PUMA_PORT;
+  server unix:$STAGING_NGINX_PUBLIC/tmp/puma.sock fail_timeout=0;
 }
 
 server {
@@ -26,7 +27,7 @@ server {
 
   ssl_certificate /etc/letsencrypt/live/ensl.org/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/ensl.org/privkey.pem;
-
+  
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
   ssl_session_timeout 1d;
@@ -56,10 +57,10 @@ server {
 
   # FIXME: use env. var
   location /files/ {
-    # try_files $uri $uri/ @puma;
-    # alias root $APP_PATH_PUBLIC/files/;
+    alias /srv/ensl_files/;
     autoindex on;
   }
+  
   location @puma {
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header Host $http_host;