Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################
- # WARNING: This file is generated. Do not make changes to this file. #
- # They will be overwritten on update. You can manage various settings #
- # used in this file from the ./bwdata/config.yml file for your #
- # installation. #
- #######################################################################
- server {
- listen 8080 default_server;
- listen [::]:8080 default_server;
- server_name test.local;
- return 301 https://test.local$request_uri;
- }
- server {
- listen 8443 ssl http2;
- listen [::]:8443 ssl http2;
- server_name test.local;
- ssl_certificate /etc/letsencrypt/live/test.local/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/test.local/privkey.pem;
- ssl_session_timeout 30m;
- ssl_session_cache shared:SSL:20m;
- ssl_session_tickets off;
- # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
- ssl_dhparam /etc/letsencrypt/live/test.local/dhparam.pem;
- ssl_protocols TLSv1.2;
- ssl_ciphers ""
- # Enables server-side protection from BEAST attacks
- ssl_prefer_server_ciphers on;
- # OCSP Stapling ---
- # Fetch OCSP records from URL in ssl_certificate and cache them
- ssl_stapling on;
- ssl_stapling_verify on;
- # Verify chain of trust of OCSP response using Root CA and Intermediate certs
- ssl_trusted_certificate /etc/letsencrypt/live/pass.blackfirefly.org/fullchain.pem;
- resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=300s;
- include /etc/nginx/security-headers-ssl.conf;
- include /etc/nginx/security-headers.conf;
- location / {
- proxy_pass http://web:5000/;
- include /etc/nginx/security-headers-ssl.conf;
- include /etc/nginx/security-headers.conf;
- add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline';$
- add_header X-Frame-Options SAMEORIGIN;
- }
- location = /app-id.json {
- proxy_pass http://web:5000/app-id.json;
- include /etc/nginx/security-headers-ssl.conf;
- include /etc/nginx/security-headers.conf;
- proxy_hide_header Content-Type;
- add_header Content-Type $fido_content_type;
- }
- location = /duo-connector.html {
- proxy_pass http://web:5000/duo-connector.html;
- }
- location = /u2f-connector.html {
- proxy_pass http://web:5000/u2f-connector.html;
- }
- location /attachments/ {
- proxy_pass http://attachments:5000/;
- }
- location /api/ {
- proxy_pass http://api:5000/;
- }
- location /identity/ {
- proxy_pass http://identity:5000/;
- }
- location /icons/ {
- proxy_pass http://icons:5000/;
- }
- location /notifications/ {
- proxy_pass http://notifications:5000/;
- }
- location /notifications/hub {
- proxy_pass http://notifications:5000/hub;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
- }
- location /admin {
- proxy_pass http://admin:5000;
- include /etc/nginx/security-headers-ssl.conf;
- include /etc/nginx/security-headers.conf;
- add_header X-Frame-Options SAMEORIGIN;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement