API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 14th, 2019
272
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.52 KB | None | 0 0
raw download clone embed print report
  1. ssl_session_cache shared:ssl_session_cache:10m; # For increased performance, allow some session re-using
  2.  
  3. # Redirect every http call to https, basically disallowing direct http access to anything.
  4. server {
  5. listen 80; # Listen on port 80 IPv4
  6. listen [::]:80; # Listen on port 80 IPv6
  7.  
  8. #server_name example.com; #defaulting for all
  9.  
  10. return 301 https://$host$request_uri; # Try again with https
  11. }
  12.  
  13. server {
  14. # Other nginx stuff not concerning syncthing is placed here
  15. server_name example.com #your hostname here
  16. ...
  17. ...
  18. ...
  19. }
  20.  
  21. # https-reverse-proxy for syncthing
  22. server {
  23. listen 443 ssl http2; # Listen on port IPv4; port 443; use SSL/TLS; use http/2 if supported by client;
  24. listen [::]:443 ssl http2; # Same as above, but for IPv6
  25.  
  26. server_name syncthing.example.com; #place your hostname here
  27. ssl_certificate /etc/letsencrypt/live/<domain>/fullchain.pem; # Path to let's encrypt certificates
  28. ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;
  29.  
  30. # Ensure adequate TLS cipher suites are used - taken from Mozilla recommended configurations, see here: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
  31. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  32. ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
  33. ssl_prefer_server_ciphers on;
  34.  
  35. location / {
  36. # Forward some required and/or recommended headers
  37. proxy_set_header Host $host;
  38. proxy_set_header X-Real-IP $remote_addr;
  39. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  40.  
  41. # For better performance reasons when transferring large data behind a reverse proxy. Probably not neccessary for syncthing.
  42. proxy_buffers 32 4m;
  43. proxy_busy_buffers_size 25m;
  44. proxy_buffer_size 512k;
  45.  
  46. proxy_max_temp_file_size 0;
  47.  
  48. proxy_pass http://localhost:8384/; # Assuming syncthing GUI is running on localhost port 8384
  49. }
  50. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!