SHARE
TWEET

Untitled

a guest Mar 20th, 2017 68 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. server {
  2.  
  3.     listen       80 default_server;
  4.     listen       [::]:80 default_server;
  5.     server_name  _;
  6.  
  7.     location ~ /.well-known {
  8.                 allow all;
  9.     }
  10.  
  11.     location / {
  12.  
  13.       proxy_set_header        Host $host;
  14.       proxy_set_header        X-Real-IP $remote_addr;
  15.       proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  16.       proxy_set_header        X-Forwarded-Proto $scheme;
  17.  
  18.       return 301 https://$host$request_uri;
  19.  
  20.     }
  21.  
  22.     error_page 404 /404.html;
  23.         location = /40x.html {
  24.     }
  25.  
  26.     error_page 500 502 503 504 /50x.html;
  27.         location = /50x.html {
  28.     }
  29.   }  
  30.  
  31.   server  {
  32.   listen  443 ssl;
  33.   server_name  vpn.kzlab.xyz;
  34.  
  35.  
  36.   ssl_certificate           /etc/letsencrypt/live/vpn.kzlab.xyz/fullchain.pem;
  37.   ssl_certificate_key       /etc/letsencrypt/live/vpn.kzlab.xyz/privkey.pem;
  38.  
  39.         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  40.         ssl_prefer_server_ciphers on;
  41.         ssl_dhparam /etc/ssl/certs/dhparam.pem;
  42.         ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
  43.         ssl_session_timeout 1d;
  44.         ssl_session_cache shared:SSL:50m;
  45.         ssl_stapling on;
  46.         ssl_stapling_verify on;
  47.         add_header Strict-Transport-Security max-age=15768000;
  48.  
  49.   location  / {
  50.     proxy_pass  https://192.168.1.220/;
  51.   }
  52. }
  53.  
  54.  
  55.   server  {
  56.   listen  443 ssl;
  57.   server_name  plex.kzlab.xyz;
  58.  
  59.  
  60.   ssl_certificate           /etc/letsencrypt/live/plex.kzlab.xyz/fullchain.pem;
  61.   ssl_certificate_key       /etc/letsencrypt/live/plex.kzlab.xyz/privkey.pem;
  62.  
  63.         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  64.         ssl_prefer_server_ciphers on;
  65.         ssl_dhparam /etc/ssl/certs/dhparam.pem;
  66.         ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
  67.         ssl_session_timeout 1d;
  68.         ssl_session_cache shared:SSL:50m;
  69.         ssl_stapling on;
  70.         ssl_stapling_verify on;
  71.         add_header Strict-Transport-Security max-age=15768000;
  72.  
  73.   location  / {
  74.     proxy_pass  http://192.168.1.228:32400;
  75.   }
  76. }
RAW Paste Data
Top