API tools faq
paste
VecH

Untitled

VecH
May 18th, 2025
32
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.59 KB | None | 0 0
raw download clone embed print report
  1. server {
  2. server_name subdomain.domain.com;
  3.  
  4. listen 80;
  5. listen 443 ssl reuseport;
  6. http2 on;
  7.  
  8. # HTTP to HTTPS
  9. if ($scheme != "https") {
  10. return 301 https://$host$request_uri;
  11. } # managed by Certbot
  12.  
  13. location / {
  14. proxy_http_version 1.1;
  15. proxy_pass http://127.0.0.1:3000;
  16. proxy_set_header Host $host;
  17. proxy_set_header Upgrade $http_upgrade;
  18. proxy_set_header X-Real-IP $remote_addr;
  19. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  20. proxy_set_header X-Forwarded-Proto $scheme;
  21. proxy_set_header X-Forwarded-Host $host;
  22. proxy_set_header X-Forwarded-Port $server_port;
  23.  
  24. proxy_send_timeout 60s;
  25. proxy_read_timeout 60s;
  26. }
  27.  
  28. # SSL Configuration (Mozilla Intermediate Guidelines)
  29. ssl_protocols TLSv1.2 TLSv1.3;
  30. ssl_ecdh_curve X25519:prime256v1:secp384r1;
  31. ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
  32. ssl_prefer_server_ciphers off;
  33.  
  34. ssl_session_timeout 1d;
  35. ssl_session_cache shared:MozSSL:10m; # ~40,000 sessions
  36.  
  37. acme letsencrypt;
  38. ssl_dhparam "/etc/angie/ssl/dhparam.pem"; # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /opt/angie/angie/ssl/dhparam.pem
  39. ssl_certificate $cert_letsencrypt;
  40. ssl_certificate_key $cert_key_letsencrypt;
  41.  
  42. # OCSP Stapling
  43. ssl_stapling on;
  44. ssl_stapling_verify on;
  45. resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220;
  46.  
  47. # HTTP Strict Transport Security (HSTS)
  48. proxy_hide_header Strict-Transport-Security;
  49. add_header Strict-Transport-Security "max-age=15552000" always;
  50.  
  51. # Gzip Compression
  52. gzip on;
  53. gzip_vary on;
  54. gzip_proxied any;
  55. gzip_comp_level 6;
  56. gzip_buffers 16 8k;
  57. gzip_http_version 1.1;
  58. gzip_min_length 256;
  59. gzip_types
  60. application/atom+xml
  61. application/geo+json
  62. application/javascript
  63. application/x-javascript
  64. application/json
  65. application/ld+json
  66. application/manifest+json
  67. application/rdf+xml
  68. application/rss+xml
  69. application/xhtml+xml
  70. application/xml
  71. font/eot
  72. font/otf
  73. font/ttf
  74. image/svg+xml
  75. text/css
  76. text/javascript
  77. text/plain
  78. text/xml;
  79. }
  80.  
  81. server {
  82. listen 443 ssl default_server;
  83. listen [::]:443 ssl default_server;
  84. server_name _;
  85.  
  86. ssl_reject_handshake on;
  87. }
  88.  
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!