aldikhan13

nginx config sample

Feb 7th, 2021
103
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. server {
  2.     listen 80;
  3.     listen [::]:80;
  4.     index index.html index.htm;
  5.     root /usr/share/nginx/html;
  6.     server_name restuwahyu-tech.com www.restuwahyu-tech.com;
  7.     return 301 https://$host$request_uri;
  8.  
  9.     location / {
  10.        proxy_pass http://nodejs:8080;
  11.     }
  12.  
  13.     location ~ /.well-known/acme-challenge{
  14.       allow all;
  15.       root /usr/share/nginx/html;
  16.     }
  17. }
  18.  
  19. server {
  20.      listen 443 ssl http2;
  21.      listen [::]:443 ssl http2;
  22.      server_name restuwahyu-tech.com;
  23.      index index.html index.htm;
  24.      root /usr/share/nginx/html;
  25.  
  26.      access_log /var/logs/nginx/access;
  27.      error_log /var/logs/nginx/error;
  28.  
  29.      ssl_certificate /etc/nginx/ssl/live/restuwahyu-tech.com/fullchain.pem;
  30.      ssl_certificate_key /etc/nginx/ssl/live/restuwahyu-tech.com/privkey.pem;
  31.      ssl_session_timeout 1d;
  32.      ssl_session_cache shared:SSL:10m;
  33.      ssl_session_tickets off;
  34.      ssl_dhparam /etc/nginx/dhparam/dhparam-2048.pem;
  35.      ssl_buffer_size 8k;
  36.      ssl_protocols TLSv1.2 TLSv1.3;
  37.      ssl_prefer_server_ciphers off;
  38.      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  39.      ssl_stapling on;
  40.      ssl_stapling_verify on;
  41.  
  42.      add_header X-Frame-Options           "SAMEORIGIN" always;
  43.      add_header X-XSS-Protection          "1; mode=block" always;
  44.      add_header X-Content-Type-Options    "nosniff" always;
  45.      add_header Referrer-Policy           "no-referrer-when-downgrade" always;
  46.      add_header Content-Security-Policy   "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
  47.      add_header Strict-Transport-Security "max-age=63072000" always;
  48.  
  49.      resolver 9.9.9.9;
  50.      resolver_timeout 2s;
  51.  
  52.      location / {
  53.       proxy_pass http://nodejs:8080;
  54.     }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×