API tools faq
paste
Advertisement
sb2014

Bitwarden nginx

sb2014
Oct 27th, 2018
1,339
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.09 KB | None | 0 0
raw download clone embed print report
  1. #######################################################################
  2. # WARNING: This file is generated. Do not make changes to this file. #
  3. # They will be overwritten on update. You can manage various settings #
  4. # used in this file from the ./bwdata/config.yml file for your #
  5. # installation. #
  6. #######################################################################
  7.  
  8. server {
  9. listen 8080 default_server;
  10. listen [::]:8080 default_server;
  11. server_name test.local;
  12.  
  13. return 301 https://test.local$request_uri;
  14. }
  15.  
  16. server {
  17. listen 8443 ssl http2;
  18. listen [::]:8443 ssl http2;
  19. server_name test.local;
  20.  
  21. ssl_certificate /etc/letsencrypt/live/test.local/fullchain.pem;
  22. ssl_certificate_key /etc/letsencrypt/live/test.local/privkey.pem;
  23. ssl_session_timeout 30m;
  24. ssl_session_cache shared:SSL:20m;
  25. ssl_session_tickets off;
  26.  
  27. # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
  28. ssl_dhparam /etc/letsencrypt/live/test.local/dhparam.pem;
  29.  
  30. ssl_protocols TLSv1.2;
  31. ssl_ciphers ""
  32. # Enables server-side protection from BEAST attacks
  33. ssl_prefer_server_ciphers on;
  34.  
  35. # OCSP Stapling ---
  36. # Fetch OCSP records from URL in ssl_certificate and cache them
  37. ssl_stapling on;
  38. ssl_stapling_verify on;
  39.  
  40. # Verify chain of trust of OCSP response using Root CA and Intermediate certs
  41. ssl_trusted_certificate /etc/letsencrypt/live/pass.blackfirefly.org/fullchain.pem;
  42. resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=300s;
  43.  
  44. include /etc/nginx/security-headers-ssl.conf;
  45. include /etc/nginx/security-headers.conf;
  46.  
  47. location / {
  48. proxy_pass http://web:5000/;
  49. include /etc/nginx/security-headers-ssl.conf;
  50. include /etc/nginx/security-headers.conf;
  51. add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline';$
  52. add_header X-Frame-Options SAMEORIGIN;
  53. }
  54.  
  55. location = /app-id.json {
  56. proxy_pass http://web:5000/app-id.json;
  57. include /etc/nginx/security-headers-ssl.conf;
  58. include /etc/nginx/security-headers.conf;
  59. proxy_hide_header Content-Type;
  60. add_header Content-Type $fido_content_type;
  61. }
  62.  
  63. location = /duo-connector.html {
  64. proxy_pass http://web:5000/duo-connector.html;
  65. }
  66.  
  67. location = /u2f-connector.html {
  68. proxy_pass http://web:5000/u2f-connector.html;
  69. }
  70.  
  71. location /attachments/ {
  72. proxy_pass http://attachments:5000/;
  73. }
  74.  
  75. location /api/ {
  76. proxy_pass http://api:5000/;
  77. }
  78.  
  79. location /identity/ {
  80. proxy_pass http://identity:5000/;
  81. }
  82.  
  83. location /icons/ {
  84. proxy_pass http://icons:5000/;
  85. }
  86.  
  87. location /notifications/ {
  88. proxy_pass http://notifications:5000/;
  89. }
  90.  
  91. location /notifications/hub {
  92. proxy_pass http://notifications:5000/hub;
  93. proxy_set_header Upgrade $http_upgrade;
  94. proxy_set_header Connection $http_connection;
  95. }
  96.  
  97. location /admin {
  98. proxy_pass http://admin:5000;
  99. include /etc/nginx/security-headers-ssl.conf;
  100. include /etc/nginx/security-headers.conf;
  101. add_header X-Frame-Options SAMEORIGIN;
  102. }
  103. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!