API tools faq
paste
Guest User

/etc/nginx/sites-enabled/ds.conf

a guest
Dec 20th, 2023
226
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Nginx 2.62 KB | None | 0 0
raw download clone embed print report
  1. include /etc/nginx/includes/http-common.conf;
  2.  
  3. ## Normal HTTP host
  4. server {
  5.   listen 0.0.0.0:80;
  6.   listen [::]:80 default_server;
  7.   server_name onlyoffice.domain.tld;
  8.   server_tokens off;
  9.   set $secure_link_secret G14UeRw6viUESx3IyWSb;
  10.  
  11.   ## Redirects all traffic to the HTTPS host
  12.   root /nowhere; ## root doesn't have to be a valid path since we are redirecting
  13.   rewrite ^ https://$host$request_uri? permanent;
  14. }
  15.  
  16. #HTTP host for internal services
  17. server {
  18.   listen 127.0.0.1:80;
  19.   listen [::1]:80;
  20.   server_name onlyoffice.domain.tld;
  21.   server_tokens off;
  22.   set $secure_link_secret G14UeRw6viUESx3IyWSb;
  23.  
  24.   include /etc/nginx/includes/ds-common.conf;
  25.   include /etc/nginx/includes/ds-docservice.conf;
  26. }
  27.  
  28. ## HTTPS host
  29. server {
  30.   listen 0.0.0.0:443 ssl;
  31.   listen [::]:443 ssl default_server;
  32.   server_name onlyoffice.domain.tld;
  33.   server_tokens off;
  34.   set $secure_link_secret G14UeRw6viUESx3IyWSb;
  35.   root /var/www/onlyoffice/documentserver;
  36.   error_log oodsmondebug.log debug;
  37.  
  38.   ## Strong SSL Security
  39.   ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  40. #  ssl on;
  41.   ssl_certificate /etc/letsencrypt/live/onlyoffice.domain.tld/fullchain.pem;
  42.   ssl_certificate_key /etc/letsencrypt/live/onlyoffice.domain.tld/privkey.pem;
  43.   # Uncomment string below and specify the path to the file with the password if you use encrypted certificate key
  44.   # ssl_password_file {{SSL_PASSWORD_PATH}};
  45.   ssl_verify_client off;
  46.  
  47.   ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  48.  
  49.   ssl_protocols TLSv1.2;
  50.   ssl_session_cache  builtin:1000  shared:SSL:10m;
  51.  
  52.   ssl_prefer_server_ciphers   on;
  53.  
  54.   add_header Strict-Transport-Security max-age=31536000;
  55.   # add_header X-Frame-Options SAMEORIGIN;
  56.   add_header X-Content-Type-Options nosniff;
  57.  
  58.   ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
  59.   ## Replace with your ssl_trusted_certificate. For more info see:
  60.   ## - https://medium.com/devops-programming/4445f4862461
  61.   ## - https://www.ruby-forum.com/topic/4419319
  62.   ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
  63.   # ssl_stapling on;
  64.   # ssl_stapling_verify on;
  65.   # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
  66.   # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
  67.   # resolver_timeout 10s;
  68.  
  69.   ## [Optional] Generate a stronger DHE parameter:
  70.   ##   cd /etc/ssl/certs
  71.   ##   sudo openssl dhparam -out dhparam.pem 4096
  72.   ##
  73.   # ssl_dhparam /etc/ssl/certs/dhparam.pem;
  74.  
  75.   include /etc/nginx/includes/ds-*.conf;
  76.  
  77. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!