From e0c1111fab8f42847951e18a1a7960217ee7ba69 Mon Sep 17 00:00:00 2001
From: "Karl O. Pinc" <kop@karlpinc.com>
Date: Fri, 13 Dec 2019 21:23:22 -0600
Subject: [PATCH] Provide a working Nginx config

---
 MANIFEST.in                               |  9 ++-
 README.rst                                |  9 ++-
 examples/etc/nginx/sites-available/mysite | 68 +++++++++++++++++++++++
 3 files changed, 81 insertions(+), 5 deletions(-)
 create mode 100644 examples/etc/nginx/sites-available/mysite

diff --git a/MANIFEST.in b/MANIFEST.in
index f1a024b..f630619 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -3,8 +3,13 @@ recursive-include tests *.py
 include *.mk
 include .coveragerc
 # List all the examples, so we don't accidently include editor backups
-include examples/development.ini
-include examples/pgwui.ini
+include examples/etc
+include examples/etc/nginx
+include examples/etc/nginx/sites-available
+include examples/etc/nginx/sites-available/mysite
+include examples/etc/pgwui.ini
+include examples/misc
+include examples/misc/development.ini
 include LICENSE.txt
 include Makefile
 include src/pgwui_server/VERSION
diff --git a/README.rst b/README.rst
index c814df9..f98aa5b 100644
--- a/README.rst
+++ b/README.rst
@@ -159,9 +159,12 @@ administration basics and network security essentials, are beyond the
 scope of this document.
 
 `Nginx`_ is often the simplest, and best, choice for a secure
-Internet-facing, reverse proxy, web server.  A useful `Nginx`_
-reverse-proxy configuration which connects PGWUI_Server's default WSGI
-server to the Internet might be::
+Internet-facing, reverse proxy, web server.  A simple but runnable
+nginx configuration, without HTTPS support, is provided with
+PGWUI_Server.
+
+A useful `Nginx`_ reverse-proxy configuration which connects
+PGWUI_Server's default WSGI server to the Internet might be::
 
         location / {
             proxy_pass       http://localhost:6543;
diff --git a/examples/etc/nginx/sites-available/mysite b/examples/etc/nginx/sites-available/mysite
new file mode 100644
index 0000000..2651d74
--- /dev/null
+++ b/examples/etc/nginx/sites-available/mysite
@@ -0,0 +1,68 @@
+## A Debian 9 Nginx configuration, should work with Nginx >= v1.10.3
+#
+# This configuration reverse-proxies to a PGWI_Server run with the
+# "waitress" WSGI webserver, or similar.
+#
+# Most people will want to change the "server_name" configuration parameter.
+#
+##
+# You should look at the following URL's in order to grasp a solid
+# understanding of Nginx configuration files in order to fully unleash
+# the power of Nginx.
+# https://www.nginx.com/resources/wiki/start/
+# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
+# https://wiki.debian.org/Nginx/DirectoryStructure
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+# Default server configuration
+#
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+
+	# SSL configuration
+	#
+	# listen 443 ssl default_server;
+	# listen [::]:443 ssl default_server;
+	#
+	# Note: You should disable gzip for SSL traffic.
+	# See: https://bugs.debian.org/773332
+	#
+	# Read up on ssl_ciphers to ensure a secure configuration.
+	# See: https://bugs.debian.org/765782
+	#
+	# Self signed certs generated by the ssl-cert package
+	# Don't use them in a production server!
+	#
+	# include snippets/snakeoil.conf;
+
+	root /var/www/html;
+
+	# Add index.php to the list if you are using PHP
+	index index.html index.htm;
+
+	server_name _;
+
+	location / {
+		# First attempt to serve request as file, then
+		# as directory, then fall back to displaying a 404.
+		try_files $uri $uri/ =404;
+	}
+
+        location / {  # Root of PGWUI resource component in URLs
+                      # (Typically the same as the pgwui.route_prefix
+                      # configuration setting.)
+                      # E.g. "location/pgwui/" means access to pgwui
+                      # via urls beginning: http://example.com/pgwui/
+            proxy_pass       http://127.0.0.1:6543;
+            # Using $http_host relies on the client, but is useful
+            # because it preserves the original URL's port when
+            # ssh tunneling.  If the client does not send the HOST
+            # header than it may be necessary to use $host instead.
+            proxy_set_header Host      $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_redirect default;
+        }
+}
-- 
2.34.1