daily pastebin goal
17%
SHARE
TWEET

Untitled

a guest Mar 14th, 2019 44 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ssl_session_cache shared:ssl_session_cache:10m; # For increased performance, allow some session re-using
  2.  
  3. # Redirect every http call to https, basically disallowing direct http access to anything.
  4. server {
  5.   listen 80; # Listen on port 80 IPv4
  6.   listen [::]:80; # Listen on port 80 IPv6
  7.  
  8.   #server_name example.com; #defaulting for all
  9.  
  10.   return 301 https://$host$request_uri; # Try again with https
  11. }
  12.  
  13. server {
  14.     # Other nginx stuff not concerning syncthing is placed here
  15.     server_name example.com #your hostname here
  16.     ...
  17.     ...
  18.     ...
  19. }
  20.  
  21. # https-reverse-proxy for syncthing
  22. server {
  23.   listen 443 ssl http2; # Listen on port IPv4; port 443; use SSL/TLS; use http/2 if supported by client;
  24.   listen [::]:443 ssl http2; # Same as above, but for IPv6
  25.  
  26.   server_name syncthing.example.com; #place your hostname here
  27.   ssl_certificate /etc/letsencrypt/live/<domain>/fullchain.pem; # Path to let's encrypt certificates
  28.   ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;
  29.  
  30.   # Ensure adequate TLS cipher suites are used - taken from Mozilla recommended configurations, see here: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
  31.   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  32.   ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
  33.   ssl_prefer_server_ciphers on;
  34.  
  35.   location / {
  36.       # Forward some required and/or recommended headers
  37.       proxy_set_header Host $host;
  38.       proxy_set_header X-Real-IP $remote_addr;
  39.       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  40.      
  41.       # For better performance reasons when transferring large data behind a reverse proxy. Probably not neccessary for syncthing.
  42.       proxy_buffers           32 4m;
  43.       proxy_busy_buffers_size     25m;
  44.       proxy_buffer_size 512k;
  45.  
  46.       proxy_max_temp_file_size 0;
  47.  
  48.       proxy_pass http://localhost:8384/; # Assuming syncthing GUI is running on localhost port 8384
  49.   }
  50. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top