Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- server {
- listen 80;
- server_name headphones.DOMAIN.ch;
- # tell users to go to SSL version this time
- if ($ssl_protocol = "") {
- rewrite ^ https://$server_name$request_uri? permanent;
- }
- }
- server {
- listen 443 ssl;
- server_name headphones.DOMAIN.ch;
- # tell users to go to SSL version next time
- add_header Strict-Transport-Security "max-age=15768000; includeSubdomains;";
- # tell the browser we can only talk to self and google analytics.
- add_header X-Content-Security-Policy "default-src 'self'; \
- script-src 'self' https://ssl.google-analytics.com; \
- img-src 'self' https://ssl.google-analytics.com";
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- # ciphers chosen for forward secrecy an compatibility
- ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
- ssl_prefer_server_ciphers on;
- ssl_certificate_key /config/keys/privkey.pem;
- ssl_certificate /config/keys/fullchain.pem;
- ssl_session_cache shared:SSL:10m;
- ssl_session_timeout 10m;
- # redirect to node for the dynamic stuff
- location / {
- proxy_pass http://192.168.178.200:8181;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $host;
- proxy_hide_header X-Powered-By;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement