Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- map $http_upgrade $connection_upgrade {
- default upgrade;
- '' close;
- }
- server {
- # Update this line to be your domain
- server_name www.mydomain.ca;
- # These shouldn't need to be changed
- listen [::]:80 default_server ipv6only=off;
- return 301 https://$host$request_uri;
- }
- server {
- # Update this line to be your domain
- server_name www.mydomain.ca;
- # Ensure these lines point to your SSL certificate and key
- ssl_certificate /etc/letsencrypt/live/www.mydomain.ca/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/www.mydomain.ca/privkey.pem;
- # Use these lines instead if you created a self-signed certificate
- # ssl_certificate /etc/nginx/ssl/cert.pem;
- # ssl_certificate_key /etc/nginx/ssl/key.pem;
- # Ensure this line points to your dhparams file
- ssl_dhparam /etc/nginx/ssl/dhparams.pem;
- # These shouldn't need to be changed
- listen [::]:443 default_server ipv6only=off; # if your nginx version is >= 1.9.5 you can also add the "http2" flag here
- add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
- ssl on;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
- ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:10m;
- proxy_buffering off;
- location /home/ {
- proxy_pass http://localhost:8123;
- proxy_set_header Host $host;
- proxy_redirect http:// https://;
- proxy_http_version 1.1;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
