Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/nginx/ssl/server.crt"
- nginx: [warn] conflicting server name "_" on 0.0.0.0:443, ignored
- nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
- nginx: configuration file /etc/nginx/nginx.conf test is successful
- # configuration file /etc/nginx/nginx.conf:
- user www-data;
- worker_processes auto;
- pid /var/run/nginx.pid;
- events {
- worker_connections 1024;
- use epoll; # gestionnaire d'évènements epoll (kernel 2.6+)
- }
- http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- access_log /var/log/nginx/access.log combined;
- error_log /var/log/nginx/error.log error;
- sendfile on;
- keepalive_timeout 15;
- keepalive_disable msie6;
- keepalive_requests 100;
- tcp_nopush on;
- tcp_nodelay off;
- server_tokens off;
- gzip on;
- gzip_comp_level 5;
- gzip_min_length 512;
- gzip_buffers 4 8k;
- gzip_proxied any;
- gzip_vary on;
- gzip_disable "msie6";
- gzip_types
- text/css
- text/javascript
- text/xml
- text/plain
- text/x-component
- application/javascript
- application/x-javascript
- application/json
- application/xml
- application/rss+xml
- application/vnd.ms-fontobject
- font/truetype
- font/opentype
- image/svg+xml;
- include /etc/nginx/sites-enabled/*.conf;
- include /etc/nginx/ssl/params.conf;
- }
- # configuration file /etc/nginx/mime.types:
- types {
- text/html html htm shtml;
- text/css css;
- text/xml xml;
- image/gif gif;
- image/jpeg jpeg jpg;
- application/javascript js;
- application/atom+xml atom;
- application/rss+xml rss;
- text/mathml mml;
- text/plain txt;
- text/vnd.sun.j2me.app-descriptor jad;
- text/vnd.wap.wml wml;
- text/x-component htc;
- image/png png;
- image/svg+xml svg svgz;
- image/tiff tif tiff;
- image/vnd.wap.wbmp wbmp;
- image/webp webp;
- image/x-icon ico;
- image/x-jng jng;
- image/x-ms-bmp bmp;
- application/font-woff woff;
- application/java-archive jar war ear;
- application/json json;
- application/mac-binhex40 hqx;
- application/msword doc;
- application/pdf pdf;
- application/postscript ps eps ai;
- application/rtf rtf;
- application/vnd.apple.mpegurl m3u8;
- application/vnd.google-earth.kml+xml kml;
- application/vnd.google-earth.kmz kmz;
- application/vnd.ms-excel xls;
- application/vnd.ms-fontobject eot;
- application/vnd.ms-powerpoint ppt;
- application/vnd.oasis.opendocument.graphics odg;
- application/vnd.oasis.opendocument.presentation odp;
- application/vnd.oasis.opendocument.spreadsheet ods;
- application/vnd.oasis.opendocument.text odt;
- application/vnd.openxmlformats-officedocument.presentationml.presentation
- pptx;
- application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- xlsx;
- application/vnd.openxmlformats-officedocument.wordprocessingml.document
- docx;
- application/vnd.wap.wmlc wmlc;
- application/x-7z-compressed 7z;
- application/x-cocoa cco;
- application/x-java-archive-diff jardiff;
- application/x-java-jnlp-file jnlp;
- application/x-makeself run;
- application/x-perl pl pm;
- application/x-pilot prc pdb;
- application/x-rar-compressed rar;
- application/x-redhat-package-manager rpm;
- application/x-sea sea;
- application/x-shockwave-flash swf;
- application/x-stuffit sit;
- application/x-tcl tcl tk;
- application/x-x509-ca-cert der pem crt;
- application/x-xpinstall xpi;
- application/xhtml+xml xhtml;
- application/xspf+xml xspf;
- application/zip zip;
- application/octet-stream bin exe dll;
- application/octet-stream deb;
- application/octet-stream dmg;
- application/octet-stream iso img;
- application/octet-stream msi msp msm;
- audio/midi mid midi kar;
- audio/mpeg mp3;
- audio/ogg ogg;
- audio/x-m4a m4a;
- audio/x-realaudio ra;
- video/3gpp 3gpp 3gp;
- video/mp2t ts;
- video/mp4 mp4;
- video/mpeg mpeg mpg;
- video/quicktime mov;
- video/webm webm;
- video/x-flv flv;
- video/x-m4v m4v;
- video/x-mng mng;
- video/x-ms-asf asx asf;
- video/x-ms-wmv wmv;
- video/x-msvideo avi;
- }
- # configuration file /etc/nginx/sites-enabled/gateone.conf:
- map $http_upgrade $connection_upgrade {
- default upgrade;
- '' close;
- }
- server {
- listen 443 ssl;
- server_name _;
- access_log /var/log/nginx/gateone-access.log;
- error_log /var/log/nginx/gateone-error.log;
- auth_basic "Veuillez-vous authentifier";
- auth_basic_user_file "/etc/nginx/passwd/rutorrent_passwd";
- # See https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
- ssl_certificate /etc/nginx/ssl/server.crt;
- ssl_certificate_key /etc/nginx/ssl/server.key;
- location /gateone {
- proxy_buffering off;
- proxy_read_timeout 600s;
- proxy_send_timeout 600s;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- proxy_pass http://127.0.0.1:8080;
- }
- }
- # configuration file /etc/nginx/sites-enabled/nextcloud.conf:
- server {
- listen 80;
- server_name cloud.hugoclo411.xyz;
- return 301 https://$host$request_uri;
- }
- server {
- listen 443 ssl;
- server_name cloud.hugoclo411.xyz;
- index index.php;
- ssl on;
- ssl_certificate /etc/letsencrypt/live/chat.hugoclo411.xyz/fullchain.pem; # managed by Certbot
- ssl_certificate_key /etc/letsencrypt/live/chat.hugoclo411.xyz/privkey.pem; # managed by Certbot
- add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
- # include /etc/nginx/conf.d/ciphers.conf; #à désactiver si vous ne faites pas le tuto Logjam
- # ssl_prefer_server_ciphers on; #à activer si vous ne faites pas le tuto Logjam
- # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # à activer si vous ne faites pas le tuto Logjam
- # ssl_ciphers 'AES256+EECDH:AES256+EDH'; #à activer si vous ne faites pas le tuto Logjam
- # ssl_session_cache shared:SSL:10m; (limite la session ssl à 10mn, à activer ou non si vous le souhaitez.
- #LOGS
- access_log /var/log/nginx/nextcloud-access.log combined;
- error_log /var/log/nginx/nextcloud-error.log error;
- # root doit pointer vers le chemin d'installation de Nextcloud. Typiquement /var/www/nextcloud.
- root /var/www/nextcloud;
- client_max_body_size 10G; # set max upload size
- fastcgi_buffers 64 4K;
- #rewrite url pour la synchronisation caldav/webdav.
- rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
- rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
- rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
- error_page 403 /core/templates/403.php;
- error_page 404 /core/templates/404.php;
- #eviter le référencement de votre cloud par google.
- location = /robots.txt {
- allow all;
- log_not_found off;
- access_log off;
- }
- #interdire l'accès aux sous dossiers de nextcloud.
- location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
- deny all;
- }
- location / {
- # The following 2 rules are only needed with webfinger
- rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
- rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
- rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
- rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
- rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
- try_files $uri $uri/ index.php;
- }
- #config php
- location ~ ^(.+?\.php)(/.*)?$ {
- try_files $1 = 404;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$1;
- fastcgi_param PATH_INFO $2;
- fastcgi_pass unix:/var/run/php5-fpm.sock;
- }
- # Mise en cache des images
- location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
- expires 30d;
- # Optional: Don’t log access to assets
- access_log off;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement