Wiki
Clone wikikobo-install / enketo_conf
Nginx enketo .conf files
/etc/nginx/enketo_http.conf
listen 80; charset utf-8; access_log /var/log/nginx/enketo.access.log; error_log /var/log/nginx/enketo.error.log; # max upload size client_max_body_size 75M; # Serve locations containing 'submission' or 'formList' via HTTP without # further ado, since ODK Collect makes requests containing those terms and # does not support any kind of redirection. location ~ (submission|formList) { uwsgi_pass enketo; include /etc/nginx/uwsgi_params; } # Redirect all other requests to HTTPS location / { return 301 https://$server_name$request_uri; } # or comment block above and uncomment line below if you cant use http-to-https redirection #include /etc/nginx/kc_include.conf;
/etc/nginx/enketo_https.conf
listen 443 ssl; charset utf-8; access_log /var/log/nginx/enketo.access.log; error_log /var/log/nginx/enketo.error.log; # max upload size client_max_body_size 75M; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # ssl_ciphers prevents Forward Secrecy; requires >ie6/winxp # DHE-RSA-AES128-SHA provides Android 2.3 compatibility. No need # to add it again to the kf.kobotoolbox.org configuration; # old Android doesn't support SNI and would never see it there. ssl_ciphers 'AES256+EECDH:AES256+EDH:DHE-RSA-AES128-SHA'; include /etc/nginx/enketo_include.conf;
/etc/nginx/enketo_include.conf
location /static { alias /srv/www/enketo; } location / { if ($maintenance = "yes") { rewrite .* http://enketo.unhcr.dev; } proxy_pass http://enketo; include /etc/nginx/proxy_params; }
kobo.conf
upstream enketo { server 172.17.42.1:8005; } server { include /etc/nginx/enketo_http.conf; server_name enketo.unhcr.dev; } server { include /etc/nginx/enketo_https.conf; server_name enketo.unhcr.dev; ssl_certificate /etc/nginx/ssl.crt; ssl_certificate_key /etc/nginx/ssl.key; }
Updated