Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- upstream thelounge_public {
- server 10.8.10.101:9001;
- }
- server {
- listen 80;
- listen [::]:80;
- server_name webchat.<removed>.net;
- return 301 https://$server_name$request_uri;
- }
- server {
- listen 443 http2 ssl;
- listen [::]:443 http2 ssl;
- server_name webchat.<removed>.net;
- ssl_certificate /usr/local/etc/nginx/ssl/webchat.<removed>.net.pem;
- ssl_certificate_key /usr/local/etc/nginx/ssl/webchat.<removed>.net.key;
- ssl_dhparam /usr/local/etc/nginx/ssl/dhparam.pem;
- ssl_session_cache shared:SSL:20m;
- ssl_session_timeout 60m;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
- ssl_prefer_server_ciphers on;
- ssl_stapling on;
- ssl_stapling_verify on;
- ssl_trusted_certificate /usr/local/etc/nginx/ssl/trustchain.crt;
- resolver 8.8.8.8 8.8.4.4;
- add_header Strict-Transport-Security "max-age=63072000";
- location / {
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Host $http_host;
- proxy_set_header X-NginX-Proxy true;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_max_temp_file_size 0;
- proxy_pass http://thelounge_public/;
- proxy_redirect off;
- proxy_read_timeout 240s;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement