Advertisement
sb2014

Bitwarden nginx

Oct 27th, 2018
829
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #######################################################################
  2. # WARNING: This file is generated. Do not make changes to this file. #
  3. # They will be overwritten on update. You can manage various settings #
  4. # used in this file from the ./bwdata/config.yml file for your #
  5. # installation. #
  6. #######################################################################
  7.  
  8. server {
  9. listen 8080 default_server;
  10. listen [::]:8080 default_server;
  11. server_name test.local;
  12.  
  13. return 301 https://test.local$request_uri;
  14. }
  15.  
  16. server {
  17. listen 8443 ssl http2;
  18. listen [::]:8443 ssl http2;
  19. server_name test.local;
  20.  
  21. ssl_certificate /etc/letsencrypt/live/test.local/fullchain.pem;
  22. ssl_certificate_key /etc/letsencrypt/live/test.local/privkey.pem;
  23. ssl_session_timeout 30m;
  24. ssl_session_cache shared:SSL:20m;
  25. ssl_session_tickets off;
  26.  
  27. # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
  28. ssl_dhparam /etc/letsencrypt/live/test.local/dhparam.pem;
  29.  
  30. ssl_protocols TLSv1.2;
  31. ssl_ciphers ""
  32. # Enables server-side protection from BEAST attacks
  33. ssl_prefer_server_ciphers on;
  34.  
  35. # OCSP Stapling ---
  36. # Fetch OCSP records from URL in ssl_certificate and cache them
  37. ssl_stapling on;
  38. ssl_stapling_verify on;
  39.  
  40. # Verify chain of trust of OCSP response using Root CA and Intermediate certs
  41. ssl_trusted_certificate /etc/letsencrypt/live/pass.blackfirefly.org/fullchain.pem;
  42. resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=300s;
  43.  
  44. include /etc/nginx/security-headers-ssl.conf;
  45. include /etc/nginx/security-headers.conf;
  46.  
  47. location / {
  48. proxy_pass http://web:5000/;
  49. include /etc/nginx/security-headers-ssl.conf;
  50. include /etc/nginx/security-headers.conf;
  51. add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline';$
  52. add_header X-Frame-Options SAMEORIGIN;
  53. }
  54.  
  55. location = /app-id.json {
  56. proxy_pass http://web:5000/app-id.json;
  57. include /etc/nginx/security-headers-ssl.conf;
  58. include /etc/nginx/security-headers.conf;
  59. proxy_hide_header Content-Type;
  60. add_header Content-Type $fido_content_type;
  61. }
  62.  
  63. location = /duo-connector.html {
  64. proxy_pass http://web:5000/duo-connector.html;
  65. }
  66.  
  67. location = /u2f-connector.html {
  68. proxy_pass http://web:5000/u2f-connector.html;
  69. }
  70.  
  71. location /attachments/ {
  72. proxy_pass http://attachments:5000/;
  73. }
  74.  
  75. location /api/ {
  76. proxy_pass http://api:5000/;
  77. }
  78.  
  79. location /identity/ {
  80. proxy_pass http://identity:5000/;
  81. }
  82.  
  83. location /icons/ {
  84. proxy_pass http://icons:5000/;
  85. }
  86.  
  87. location /notifications/ {
  88. proxy_pass http://notifications:5000/;
  89. }
  90.  
  91. location /notifications/hub {
  92. proxy_pass http://notifications:5000/hub;
  93. proxy_set_header Upgrade $http_upgrade;
  94. proxy_set_header Connection $http_connection;
  95. }
  96.  
  97. location /admin {
  98. proxy_pass http://admin:5000;
  99. include /etc/nginx/security-headers-ssl.conf;
  100. include /etc/nginx/security-headers.conf;
  101. add_header X-Frame-Options SAMEORIGIN;
  102. }
  103. }
Advertisement
RAW Paste Data Copied
Advertisement