SHARE
TWEET

Untitled

a guest May 25th, 2019 87 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. upstream repository {
  2.     server 192.168.1.70:60080;
  3. }
  4.  
  5. map $http_upgrade $connection_upgrade {
  6.     default upgrade;
  7.     '' close;
  8. }
  9.  
  10. server {
  11.     listen 443 ssl;
  12.     server_name MY_SERVER;
  13.  
  14.     # SSL
  15.     ssl_certificate         file.crt;
  16.     ssl_certificate_key     file.key;
  17.  
  18.     # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  19.     ssl_protocols TLSv1.1 TLSv1.2;
  20.     ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  21.     ssl_prefer_server_ciphers on;
  22.     ssl_session_cache shared:SSL:10m;
  23.  
  24.     location /repository/ {
  25.         proxy_http_version 1.1;
  26.         proxy_set_header Host              $http_host;   # required for docker client's sake
  27.         proxy_set_header X-Real-IP         $remote_addr; # pass on real client's IP
  28.         proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
  29.         proxy_set_header X-Forwarded-Proto $scheme;
  30.         proxy_read_timeout                 900;
  31.  
  32.         proxy_set_header Connection "";
  33.         proxy_buffers 32 4k;
  34.         proxy_pass http://repository/;
  35.     }
  36.  
  37. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top