API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 12th, 2023
43
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Nginx 2.08 KB | None | 0 0
raw download clone embed print report
  1. upstream newserver {
  2.   server ****;  # this is new server, by IP address
  3. }
  4. server {
  5.     set_real_ip_from ****;
  6.     real_ip_header proxy_protocol;
  7.  
  8.     proxy_set_header X-Real-IP       ****;
  9.     proxy_set_header X-Forwarded-For ****;
  10.  
  11.     listen 80;
  12.  
  13.     server_name **** www.****;
  14.     # Prevent nginx HTTP Server Detection
  15.     server_tokens off;
  16.  
  17.     location /.well-known/acme-challenge/ {
  18.         root /var/www/certbot;
  19.     }
  20.  
  21.     # Enforce HTTPS
  22.     #return 301 https://$server_name$request_uri;
  23.     # disable SSL HERE TOO    
  24.     if ($scheme = "http") {
  25.         return 301 https://$host$request_uri;
  26.     }
  27. }
  28.  
  29. server {
  30.     set_real_ip_from ****;
  31.     real_ip_header proxy_protocol;
  32.  
  33.     proxy_set_header X-Real-IP       ****;
  34.     proxy_set_header X-Forwarded-For ****;
  35.     listen 443 default_server proxy_protocol http2 ssl; #comment SSL to disbale SSL;
  36.  
  37.     server_name **** www.****;
  38.  
  39.     ssl_certificate /etc/nginx/ssl/live/****/fullchain.pem; #comment this to disbale SSL;
  40.     ssl_certificate_key /etc/nginx/ssl/live/****/privkey.pem;  #comment this to disbale SSL;
  41.  
  42.     ssl_session_timeout 1d;
  43.     ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
  44.     ssl_session_tickets off;
  45.  
  46.     ssl_protocols TLSv1.2 TLSv1.3;
  47.     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  48.     ssl_prefer_server_ciphers off;
  49.  
  50.     #root /var/www/html; #Only for ssh?
  51.  
  52.     # Managing literal requests to the JupyterHub frontend
  53.     location / {
  54.         proxy_pass "http://172.19.0.23:81";
  55.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  56.         proxy_set_header X-Forwarded-Proto $scheme;
  57.         proxy_set_header X-Forwarded-Host $host;
  58.         proxy_set_header X-Forwarded-Prefix /;
  59.     }
  60.  
  61.     # Managing requests to verify letsencrypt host
  62.     location ~ /.well-known {
  63.         allow all;
  64.     }
  65.  
  66.     # Prevent nginx HTTP Server Detection
  67.     server_tokens off;
  68. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!