Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##
- # SSL Settings
- ##
- ssl_stapling off;
- ssl_session_timeout 1h;
- ssl_session_tickets off;
- ssl_stapling_verify off;
- ssl_ecdh_curve secp384r1;
- ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:5m;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
- ssl_certificate /srv/ssl/nginx-selfsigned.crt;
- ssl_certificate_key /srv/ssl/nginx-selfsigned.key;
- ssl_dhparam /srv/ssl/dhparam.pem;
- server {
- listen 1025 ssl http2;
- listen [::]:1025 ssl http2;
- server_name api.site.com;
- location / {
- #include /etc/nginx/naxsi.rules;
- proxy_pass https://td-api:1025;
- proxy_buffering on;
- proxy_buffers 256 16k;
- proxy_buffer_size 128k;
- proxy_read_timeout 300;
- proxy_intercept_errors on;
- proxy_max_temp_file_size 0;
- proxy_busy_buffers_size 256k;
- proxy_temp_file_write_size 256k;
- proxy_set_header Host $host;
- proxy_set_header Accept-Encoding "";
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- }
- server {
- listen 1025 ssl http2;
- listen [::]:1025 ssl http2;
- server_name site.network;
- root /srv/agentfree-client/dist;
- limit_conn addr 10;
- limit_req zone=one burst=15 nodelay;
- index index.html;
- autoindex off;
- location = /favicon.ico {
- log_not_found off;
- access_log off;
- }
- location = /robots.txt {
- allow all;
- log_not_found off;
- access_log off;
- }
- location / {
- if (!-e $request_filename){
- rewrite ^(.*)$ /index.html break;
- }
- }
- location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {
- expires max;
- log_not_found off;
- }
- }
- server {
- listen 1025 ssl http2 default_server;
- listen [::]:1025 ssl http2 default_server;
- index index.php;
- root /srv/www/public;
- server_name api.site.com;
- limit_conn addr 10;
- limit_req zone=one burst=15 nodelay;
- location / {
- #include /etc/nginx/naxsi.rules;
- try_files $uri $uri/ /index.php?$query_string;
- }
- location ~ .php$ {
- include snippets/fastcgi-php.conf;
- fastcgi_pass td-api-fpm:9000;
- }
- }
- openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /srv/ssl/nginx-selfsigned.key -out /srv/ssl/nginx-selfsigned.crt
- openssl dhparam -out /srv/ssl/dhparam.pem 2048
Add Comment
Please, Sign In to add comment