API tools faq
paste
Guest User

Untitled

a guest
Oct 18th, 2023
148
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.22 KB | None | 0 0
raw download clone embed print report
  1. limit_req_zone $binary_remote_addr zone=lemmytest.mydomain.com_ratelimit:10m rate=1r/s;
  2.  
  3. server {
  4. listen 80;
  5. listen [::]:80;
  6. server_name lemmytest.mydomain.com;
  7. # Hide nginx version
  8. server_tokens off;
  9. location /.well-known/acme-challenge/ {
  10. root /var/www/certbot;
  11. }
  12. location / {
  13. return 301 https://$host$request_uri;
  14. }
  15. }
  16.  
  17. server {
  18. listen 443 ssl http2;
  19. listen [::]:443 ssl http2;
  20. server_name lemmytest.mydomain.com;
  21.  
  22. ssl_certificate /etc/letsencrypt/live/lemmytest.mydomain.com/fullchain.pem;
  23. ssl_certificate_key /etc/letsencrypt/live/lemmytest.mydomain.com/privkey.pem;
  24.  
  25.  
  26. ssl_protocols TLSv1.2 TLSv1.3;
  27. ssl_prefer_server_ciphers on;
  28. ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  29. ssl_session_timeout 10m;
  30. ssl_session_cache shared:SSL:10m;
  31. ssl_session_tickets on;
  32. ssl_stapling on;
  33. ssl_stapling_verify on;
  34.  
  35. # Hide nginx version
  36. server_tokens off;
  37.  
  38. # Upload limit, relevant for pictrs
  39. client_max_body_size 20M;
  40.  
  41. # Enable compression for JS/CSS/HTML bundle, for improved client load times.
  42. # It might be nice to compress JSON, but leaving that out to protect against potential
  43. # compression+encryption information leak attacks like BREACH.
  44. gzip on;
  45. gzip_types text/css application/javascript image/svg+xml;
  46. gzip_vary on;
  47.  
  48. # Various content security headers
  49. add_header Referrer-Policy "same-origin";
  50. add_header X-Content-Type-Options "nosniff";
  51. add_header X-Frame-Options "DENY";
  52. add_header X-XSS-Protection "1; mode=block";
  53.  
  54.  
  55. location / {
  56. proxy_pass http://0.0.0.0:8536;
  57. proxy_http_version 1.1;
  58. proxy_set_header Upgrade $http_upgrade;
  59. proxy_set_header Connection "upgrade";
  60. proxy_set_header X-Real-IP $remote_addr;
  61. proxy_set_header Host $host;
  62. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  63. }
  64. }
  65.  
  66. access_log /var/log/nginx/access.log combined;
  67.  
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!