Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #server {
- # listen 80;
- # server_name mydomain2.com;
- # return 301 https://$host$request_uri;
- #}
- #server {
- # listen 443 ssl http2;
- # root /config/www;
- ## root /host;
- # index index.html index.htm index.php;
- # server_name mydomain2.com;
- #
- #
- # # all ssl related config moved to ssl.conf
- # include /config/nginx/ssl.conf;
- #
- # client_max_body_size 0;
- #
- ##
- ##ORGANIZR CONTAINER
- # location / {
- # proxy_pass http://192.168.1.99:80/#Radarr; #Organizr IP and Port
- # include /config/nginx/proxy.conf;
- # auth_request /auth-0; #=Admin
- # auth_request /auth-1; #=Co-Admin
- # auth_request /auth-2; #=Super User
- # auth_request /auth-3; #=Power User
- # auth_request /auth-4; #=User
- # auth_request /auth-999; #=Guest
- #}
- # location ~ /auth-(.*) {
- # internal;
- # proxy_pass http://192.168.1.99:80/api/?v1/auth&group=$1;
- # proxy_set_header Content-Length "";
- #}
- # location /radarr {
- # proxy_pass http://192.168.1.200:7878;
- # include /config/nginx/proxy.conf;
- # auth_basic_user_file /config/nginx/.htpasswd;
- # }
- #}
- ################################################################################################################
- #////////////////////////////////////////////////SERVER BLOCK\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\#
- ################################################################################################################
- # REDIRECT TRAFFIC FROM www.domain.com TO https://domain.com
- #server {
- #listen 80;
- #listen 443 ssl http2;
- #server_name www.mydomain2.com; #CHANGE THIS TO YOUR DOMAIN NAME!
- #return 301 https://mydomain2.com$request_uri; #CHANGE THIS TO YOUR DOMAIN NAME!
- #}
- # REDIRECT HTTP TRAFFIC TO https://[domain.com]
- #server {
- #listen 80;
- #server_name mydomain2.com; #CHANGE THIS TO YOUR DOMAIN NAME!
- #return 301 https://$server_name$request_uri;
- #}
- ################################################################################################################
- #////////////////////////////////////////////////MAIN SERVER BLOCK\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\#
- ################################################################################################################
- # MAIN SERVER BLOCK
- server {
- listen 443 ssl http2;
- server_name mydomain2.com; #CHANGE THIS TO YOUR DOMAIN NAME!
- ## READ THE COMMENT ON add_header X-Frame-Options AND add_header Content-Security-Policy IF YOU USE THIS ON A SUBDOMAIN YOU WANT TO IFRAME!
- ## Certificates from LE container placement
- ssl_certificate /config/keys/letsencrypt/fullchain.pem;
- ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
- ## Strong Security recommended settings per cipherli.st
- ssl_dhparam /config/nginx/dhparams.pem; # Bit value: 4096
- ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
- ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
- ssl_session_timeout 10m;
- ## NOTE: The add_header Content-Security-Policy won't work with duckdns since you don't own the root domain. Just buy a domain. It's cheap
- ## Settings to add strong security profile (A+ on securityheaders.io/ssllabs.com)
- add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
- add_header X-Content-Type-Options nosniff;
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Robots-Tag none; #SET THIS TO index IF YOU WANT GOOGLE TO INDEX YOU SITE!
- add_header Content-Security-Policy "frame-ancestors https://*.$server_name https://$server_name"; ## Use *.domain.com, not *.sub.domain.com (*.$server_name) when using this on a sub-domain that you want to iframe!
- add_header X-Frame-Options "ALLOW-FROM https://*.$server_name" always; ## Use *.domain.com, not *.sub.domain.com (*.$server_name) when using this on a sub-domain that you want to iframe!
- add_header Referrer-Policy "strict-origin-when-cross-origin";
- proxy_cookie_path / "/; HTTPOnly; Secure"; ##NOTE: This may cause issues with unifi. Remove HTTPOnly; or create another ssl config for unifi.
- more_set_headers "Server: Classified";
- more_clear_headers 'X-Powered-By';
- # Custom error pages
- error_page 400 401 402 403 404 405 408 502 503 503 504 $scheme://$server_name/?error=$status;
- error_log /config/log/nginx/error.log;
- proxy_intercept_errors on; #For custom Organizr error page
- #AUTHORIZATION BLOCK
- location ~ /auth-(.*) {
- internal;
- proxy_pass http://192.168.1.99:80/api/?v1/auth&group=$1;
- proxy_set_header Content-Length "";
- }
- # BLOCK ORGANIZR DASHBOARD FILES
- location ~ /loginLog.json|chat.db|users.db|org.log|org.db|organizrLog.json|organizrLoginLog.json {
- return 404;
- }
- #ORGANIZR CONTAINER
- location / {
- proxy_pass http://192.168.1.99:80;
- include /config/nginx/proxy.conf;
- }
- }root@vault:/mnt/user/appdata/letsencrypt/nginx/site-confs#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement