Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@guacamole:/etc/nginx# cat /etc/nginx/nginx.conf
- user www-data;
- worker_processes 4;
- pid /run/nginx.pid;
- events {
- worker_connections 768;
- # multi_accept on;
- }
- http {
- ##
- # Basic Settings
- ##
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- keepalive_timeout 65;
- types_hash_max_size 2048;
- # server_tokens off;
- # server_names_hash_bucket_size 64;
- # server_name_in_redirect off;
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- ##
- # Logging Settings
- ##
- access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log;
- ##
- # Gzip Settings
- ##
- gzip on;
- gzip_disable "msie6";
- # gzip_vary on;
- # gzip_proxied any;
- # gzip_comp_level 6;
- # gzip_buffers 16 8k;
- # gzip_http_version 1.1;
- # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
- ##
- # nginx-naxsi config
- ##
- # Uncomment it if you installed nginx-naxsi
- ##
- #include /etc/nginx/naxsi_core.rules;
- ##
- # nginx-passenger config
- ##
- # Uncomment it if you installed nginx-passenger
- ##
- #passenger_root /usr;
- #passenger_ruby /usr/bin/ruby;
- ##
- # Virtual Host Configs
- ##
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*;
- }
- #mail {
- # # See sample authentication script at:
- # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
- #
- # # auth_http localhost/auth.php;
- # # pop3_capabilities "TOP" "USER";
- # # imap_capabilities "IMAP4rev1" "UIDPLUS";
- #
- # server {
- # listen localhost:110;
- # protocol pop3;
- # proxy on;
- # }
- #
- # server {
- # listen localhost:143;
- # protocol imap;
- # proxy on;
- # }
- #}
- root@guacamole:/etc/nginx# cat /etc/nginx/nginx.conf
- user www-data;
- worker_processes 4;
- pid /run/nginx.pid;
- events {
- worker_connections 768;
- # multi_accept on;
- }
- http {
- ##
- # Basic Settings
- ##
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- keepalive_timeout 65;
- types_hash_max_size 2048;
- # server_tokens off;
- # server_names_hash_bucket_size 64;
- # server_name_in_redirect off;
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- ##
- # Logging Settings
- ##
- access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log;
- ##
- # Gzip Settings
- ##
- gzip on;
- gzip_disable "msie6";
- # gzip_vary on;
- # gzip_proxied any;
- # gzip_comp_level 6;
- # gzip_buffers 16 8k;
- # gzip_http_version 1.1;
- # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
- ##
- # nginx-naxsi config
- ##
- # Uncomment it if you installed nginx-naxsi
- ##
- #include /etc/nginx/naxsi_core.rules;
- ##
- # nginx-passenger config
- ##
- # Uncomment it if you installed nginx-passenger
- ##
- #passenger_root /usr;
- #passenger_ruby /usr/bin/ruby;
- ##
- # Virtual Host Configs
- ##
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*;
- }
- #mail {
- # # See sample authentication script at:
- # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
- #
- # # auth_http localhost/auth.php;
- # # pop3_capabilities "TOP" "USER";
- # # imap_capabilities "IMAP4rev1" "UIDPLUS";
- #
- # server {
- # listen localhost:110;
- # protocol pop3;
- # proxy on;
- # }
- #
- # server {
- # listen localhost:143;
- # protocol imap;
- # proxy on;
- # }
- #}
- root@guacamole:/etc/nginx# cat sites-available/default
- # ANOTHER SERVER LISTENING ON PORT 443 (SSL) to secure the Guacamole traffic and proxy the requests to Tomcat7
- server {
- listen 443 ssl;
- server_name guacamole.localdomain.local;
- # This part is for SSL config only
- ssl on;
- ssl_certificate /etc/nginx/ssl/nginx.crt;
- ssl_certificate_key /etc/nginx/ssl/nginx.key;
- ssl_session_cache shared:SSL:10m;
- ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL';
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_stapling on;
- ssl_stapling_verify on;
- ssl_prefer_server_ciphers on;
- # ssl_dhparam /etc/ssl/certs/dhparam.pem;
- # Found below settings to be performing best but it will work with your own
- tcp_nodelay on;
- tcp_nopush off;
- sendfile on;
- client_body_buffer_size 10K;
- client_header_buffer_size 1k;
- client_max_body_size 8m;
- large_client_header_buffers 2 1k;
- client_body_timeout 12;
- client_header_timeout 12;
- keepalive_timeout 15;
- send_timeout 10;
- # HINT: You might want to enable access_log during the testing!
- access_log off;
- # Don't turn ON proxy_buffering!; this will impact the line quality
- proxy_buffering off;
- proxy_redirect off;
- # Enabling websockets using the first 3 lines; Check /var/log/tomcat8/catalina.out while testing; guacamole will show you a fallback message if websockets fail to work.
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- # Just something that was advised by someone from the dev team; worked fine without it too.
- proxy_cookie_path /guacamole/ /;
- location / {
- # I am running the Tomcat7 and Guacamole on the local server
- proxy_pass http://ts.bpdm.com:8080;
- break;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement