API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 19th, 2018
114
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.85 KB | None | 0 0
raw download clone embed print report
  1.  
  2. #server {
  3. # listen 80;
  4. # server_name mydomain2.com;
  5. # return 301 https://$host$request_uri;
  6. #}
  7. #server {
  8. # listen 443 ssl http2;
  9. # root /config/www;
  10. ## root /host;
  11. # index index.html index.htm index.php;
  12. # server_name mydomain2.com;
  13. #
  14. #
  15. # # all ssl related config moved to ssl.conf
  16. # include /config/nginx/ssl.conf;
  17. #
  18. # client_max_body_size 0;
  19. #
  20. ##
  21. ##ORGANIZR CONTAINER
  22. # location / {
  23. # proxy_pass http://192.168.1.99:80/#Radarr; #Organizr IP and Port
  24. # include /config/nginx/proxy.conf;
  25. # auth_request /auth-0; #=Admin
  26. # auth_request /auth-1; #=Co-Admin
  27. # auth_request /auth-2; #=Super User
  28. # auth_request /auth-3; #=Power User
  29. # auth_request /auth-4; #=User
  30. # auth_request /auth-999; #=Guest
  31. #}
  32.  
  33. # location ~ /auth-(.*) {
  34. # internal;
  35. # proxy_pass http://192.168.1.99:80/api/?v1/auth&group=$1;
  36. # proxy_set_header Content-Length "";
  37. #}
  38. # location /radarr {
  39. # proxy_pass http://192.168.1.200:7878;
  40. # include /config/nginx/proxy.conf;
  41. # auth_basic_user_file /config/nginx/.htpasswd;
  42. # }
  43. #}
  44.  
  45. ################################################################################################################
  46. #////////////////////////////////////////////////SERVER BLOCK\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\#
  47. ################################################################################################################
  48. # REDIRECT TRAFFIC FROM www.domain.com TO https://domain.com
  49. #server {
  50. #listen 80;
  51. #listen 443 ssl http2;
  52. #server_name www.mydomain2.com; #CHANGE THIS TO YOUR DOMAIN NAME!
  53. #return 301 https://mydomain2.com$request_uri; #CHANGE THIS TO YOUR DOMAIN NAME!
  54. #}
  55.  
  56. # REDIRECT HTTP TRAFFIC TO https://[domain.com]
  57. #server {
  58. #listen 80;
  59. #server_name mydomain2.com; #CHANGE THIS TO YOUR DOMAIN NAME!
  60. #return 301 https://$server_name$request_uri;
  61. #}
  62. ################################################################################################################
  63. #////////////////////////////////////////////////MAIN SERVER BLOCK\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\#
  64. ################################################################################################################
  65.  
  66. # MAIN SERVER BLOCK
  67. server {
  68. listen 443 ssl http2;
  69. server_name mydomain2.com; #CHANGE THIS TO YOUR DOMAIN NAME!
  70.  
  71. ## READ THE COMMENT ON add_header X-Frame-Options AND add_header Content-Security-Policy IF YOU USE THIS ON A SUBDOMAIN YOU WANT TO IFRAME!
  72.  
  73. ## Certificates from LE container placement
  74. ssl_certificate /config/keys/letsencrypt/fullchain.pem;
  75. ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
  76.  
  77. ## Strong Security recommended settings per cipherli.st
  78. ssl_dhparam /config/nginx/dhparams.pem; # Bit value: 4096
  79. ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
  80. ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
  81. ssl_session_timeout 10m;
  82.  
  83. ## NOTE: The add_header Content-Security-Policy won't work with duckdns since you don't own the root domain. Just buy a domain. It's cheap
  84. ## Settings to add strong security profile (A+ on securityheaders.io/ssllabs.com)
  85.  
  86. add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
  87. add_header X-Content-Type-Options nosniff;
  88. add_header X-XSS-Protection "1; mode=block";
  89. add_header X-Robots-Tag none; #SET THIS TO index IF YOU WANT GOOGLE TO INDEX YOU SITE!
  90. add_header Content-Security-Policy "frame-ancestors https://*.$server_name https://$server_name"; ## Use *.domain.com, not *.sub.domain.com (*.$server_name) when using this on a sub-domain that you want to iframe!
  91. add_header X-Frame-Options "ALLOW-FROM https://*.$server_name" always; ## Use *.domain.com, not *.sub.domain.com (*.$server_name) when using this on a sub-domain that you want to iframe!
  92. add_header Referrer-Policy "strict-origin-when-cross-origin";
  93. proxy_cookie_path / "/; HTTPOnly; Secure"; ##NOTE: This may cause issues with unifi. Remove HTTPOnly; or create another ssl config for unifi.
  94. more_set_headers "Server: Classified";
  95. more_clear_headers 'X-Powered-By';
  96.  
  97.  
  98. # Custom error pages
  99. error_page 400 401 402 403 404 405 408 502 503 503 504 $scheme://$server_name/?error=$status;
  100. error_log /config/log/nginx/error.log;
  101. proxy_intercept_errors on; #For custom Organizr error page
  102.  
  103. #AUTHORIZATION BLOCK
  104. location ~ /auth-(.*) {
  105. internal;
  106. proxy_pass http://192.168.1.99:80/api/?v1/auth&group=$1;
  107. proxy_set_header Content-Length "";
  108. }
  109.  
  110. # BLOCK ORGANIZR DASHBOARD FILES
  111. location ~ /loginLog.json|chat.db|users.db|org.log|org.db|organizrLog.json|organizrLoginLog.json {
  112. return 404;
  113. }
  114.  
  115. #ORGANIZR CONTAINER
  116. location / {
  117. proxy_pass http://192.168.1.99:80;
  118. include /config/nginx/proxy.conf;
  119. }
  120. }root@vault:/mnt/user/appdata/letsencrypt/nginx/site-confs#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!