Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- =====NGINX.CONF=====
- # Version=1.0
- user www-data;
- worker_processes auto;
- pid /run/nginx.pid;
- events {
- worker_connections 768;
- # multi_accept on;
- }
- http {
- ##
- # Basic Settings
- ##
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- keepalive_timeout 65;
- types_hash_max_size 2048;
- # server_tokens off;
- server_names_hash_bucket_size 128;
- # server_name_in_redirect off;
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- ##
- # SSL Settings
- ##
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
- ssl_prefer_server_ciphers on;
- ##
- # Logging Settings
- ##
- access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log;
- ##
- # Gzip Settings
- ##
- gzip on;
- gzip_disable "msie6";
- # gzip_vary on;
- # gzip_proxied any;
- # gzip_comp_level 6;
- # gzip_buffers 16 8k;
- # gzip_http_version 1.1;
- # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
- ##
- # Virtual Host Configs
- ##
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*;
- }
- #mail {
- # # See sample authentication script at:
- # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
- #
- # # auth_http localhost/auth.php;
- # # pop3_capabilities "TOP" "USER";
- # # imap_capabilities "IMAP4rev1" "UIDPLUS";
- #
- # server {
- # listen localhost:110;
- # protocol pop3;
- # proxy on;
- # }
- #
- # server {
- //====NGINX.CONF
- -------------------------------------------------------------------------------------
- ====Atomic.Conf(Sites-Enabled)
- # Version=2.0
- server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
- server_name [SERVER NAME(REPLACED];
- access_log /var/log/nginx/AtoMiC-ToolKit-configured-sites.access.log;
- error_log /var/log/nginx/AtoMiC-ToolKit-configured-sites.error.log;
- root /var/www/;
- index index.html index.php;
- client_body_buffer_size 128k;
- client_max_body_size 100M;
- send_timeout 5m;
- ##
- # Gzip Settings
- ##
- gzip on;
- gzip_buffers 16 8k;
- gzip_comp_level 6;
- gzip_disable "MSIE [1-6]\.";
- gzip_http_version 1.1;
- gzip_min_length 1000;
- gzip_proxied any;
- gzip_types application/javascript application/json application/xml application/xml+rss image/svg+xml text/css text/javascript text/plain text/xml;
- gzip_vary on;
- ##
- # SSL Settings
- ##
- # # Reference: https://cipherli.st/ using certain less secure settings for compatibility with older devices
- ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:D$
- ssl_ecdh_curve prime256v1; # Less secure for compatibility
- ssl_prefer_server_ciphers on;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Less secure for compatibility
- ssl_session_cache shared:SSL:10m;
- ssl_session_tickets off;
- ssl_session_timeout 10m;
- ssl_stapling on;
- ssl_stapling_verify on;
- # # Enable this manually after running the commended command at the end of the line (takes a long time)
- # ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096
- # # WARNING: Only enable Strict Transport after confirming HTTPS is working
- # add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload"; # 15768000 = 6 months
- add_header X-Content-Type-Options nosniff;
- add_header X-Frame-Options SAMEORIGIN; # Not using DENY because Organizr uses frames
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Robots-Tag none;
- ##
- # LetsEncrypt Config
- ##
- location ~ ^/\.well-known {
- root /var/www/letsencrypt;
- allow all;
- }
- location / {
- if ($scheme != https) {
- # # Uncomment this line after configuring certbot https://certbot.eff.org/
- #return 301 https://$host$request_uri;
- }
- }
- ###
- #REDIRECT
- ###
- rewrite ^/$ https://[SERVERNAME(Replaced)]/organizr/ redirect;
- ##
- # Proxy Config
- ##
- proxy_bind $server_addr;
- proxy_buffers 32 4k;
- proxy_hide_header X-Frame-Options;
- proxy_http_version 1.1;
- proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # Timeout if the real server is dead
- proxy_no_cache $cookie_session;
- proxy_read_timeout 240;
- proxy_redirect http:// $scheme://;
- proxy_send_timeout 240;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $host:$server_port;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Ssl on;
- proxy_set_header X-Real-IP $remote_addr;
- ##
- # PHP Config
- ##
- location ~ \.php$ {
- try_files $uri =404;
- include fastcgi_params;
- fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- }
- ##
- # App Location Config
- ##
- location /auth-user{
- internal;
- proxy_pass https://bossbox.ddns.net/auth.php?user;
- proxy_pass_request_body off;
- proxy_set_header Content-Length "";
- proxy_set_header X-Original-URI $request_uri;
- }
- include /etc/nginx/locations-enabled/*.atomic.conf;
- ssl_certificate /etc/letsencrypt/live/bossbox.ddns.net/fullchain.pem; # managed by Certbot
- ssl_certificate_key /etc/letsencrypt/live/bossbox.ddns.net/privkey.pem; # managed by Certbot
- }
- server {
- if ($host = [Servername(replaced)]) {
- return 301 https://$host$request_uri;
- } # managed by Certbot
- listen 80;
- listen [::]:80;
- server_name [Servername(replaced)];
- return 404; # managed by Certbot
- }
- //====Atomic.Conf(Sites-Enabled)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement