API tools faq
paste
Advertisement
ichihaifu

nginx reverse proxy config

ichihaifu
Nov 11th, 2019
55
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.68 KB | None | 0 0
raw download clone embed print report
  1. user nginx;
  2. worker_processes auto;
  3. error_log /var/log/nginx/error.log;
  4. pid /run/nginx.pid;
  5.  
  6. # Load dynamic modules. See /usr/share/nginx/README.dynamic.
  7. include /usr/share/nginx/modules/*.conf;
  8.  
  9. events {
  10. worker_connections 1024;
  11. accept_mutex off;
  12. }
  13.  
  14.  
  15. http {
  16. include mime.types;
  17. default_type application/octet-stream;
  18.  
  19. gzip on;
  20. gzip_vary on;
  21. gzip_min_length 1000;
  22. gzip_proxied any;
  23. gzip_types text/plain text/html text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
  24. gzip_disable "MSIE [1-6]\.";
  25.  
  26. proxy_redirect off;
  27. proxy_buffering off;
  28.  
  29. log_format main '$remote_addr $http_x_forwarded_for - $remote_user [$time_local] '
  30. '"$request" $status $body_bytes_sent "$http_referer" '
  31. '"$http_user_agent"' ;
  32.  
  33. # Large file uploads and performance improvements
  34. sendfile on;
  35. #aio threads;
  36. directio 16M;
  37.  
  38. #keepalive_timeout 0;
  39. keepalive_timeout 65;
  40.  
  41. ## Upstream servers
  42. upstream ssl_pool_cloud {
  43. server back-end-server:port1;
  44. }
  45.  
  46. server {
  47. listen 443 ssl http2 default_server;
  48. server_name _;
  49. root /mnt/appdata/nginx/www;
  50.  
  51. ssl_certificate /mnt/appdata/nginx/certs/ssl_certificate.crt;
  52. ssl_certificate_key /mnt/appdata/nginx/certs/ssl_certificate_key.key;
  53.  
  54. ssl_session_cache shared:SSL:10m;
  55. ssl_session_timeout 1h;
  56. ssl on;
  57. ssl_protocols TLSv1.1 TLSv1.2;
  58. ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
  59. ssl_prefer_server_ciphers on;
  60.  
  61. add_header Strict-Transport-Security "max-age=31536000" always;
  62.  
  63. ## HTTPS config
  64. location / {
  65. return 301 https://$host$request_uri/cloud;
  66. #return 404;
  67. #index index.html index.htm;
  68. }
  69.  
  70. location /cloud {
  71. proxy_set_header Host $host;
  72. proxy_set_header X-Real-IP $remote_addr;
  73. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  74. proxy_set_header X-Forwarded-Proto $scheme;
  75. proxy_redirect http:// https://;
  76. proxy_ssl_verify off;
  77. proxy_max_temp_file_size 0;
  78. client_max_body_size 512M;
  79. proxy_pass http://ssl_pool_cloud;
  80. }
  81. }
  82.  
  83. server {
  84. listen 80;
  85. server_name _;
  86. root /mnt/appdata/nginx/www;
  87. access_log /var/log/nginx/access.log main;
  88.  
  89. ## HTTP config
  90. location /cloud {
  91. return 301 https://$host$request_uri;
  92. }
  93. }
  94. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!