API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 18th, 2019
107
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.52 KB | None | 0 0
raw download clone embed print report
  1. http {
  2. include mime.types;
  3. default_type application/octet-stream;
  4. server_names_hash_bucket_size 64;
  5.  
  6. #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  7. # '$status $body_bytes_sent "$http_referer" '
  8. # '"$http_user_agent" "$http_x_forwarded_for"';
  9.  
  10. #access_log logs/access.log main;
  11.  
  12. sendfile on;
  13. #tcp_nopush on;
  14.  
  15. #keepalive_timeout 0;
  16. keepalive_timeout 65;
  17.  
  18. # redirect all traffic to https
  19. server {
  20. listen 80 default_server;
  21. listen [::]:80 default_server;
  22. server_name requests.bobb.com;
  23.  
  24. return 301 https://$host$request_uri;
  25.  
  26. location / {
  27. root html;
  28. index index.html index.htm;
  29. }
  30. }
  31.  
  32.  
  33. # HTTPS with SSL
  34. server {
  35. listen 443 ssl;
  36. listen [::]:443 ssl;
  37. server_name requests.bobb.com;
  38.  
  39.  
  40.  
  41. ## Certificates from LE container placement
  42. ssl_certificate /config/keys/letsencrypt/fullchain.pem;
  43. ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
  44.  
  45. ## Strong Security recommended settings per cipherli.st
  46. ssl_dhparam /config/nginx/dhparams.pem; # Bit value: 4096
  47. ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
  48. ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
  49. ssl_session_timeout 10m;
  50.  
  51. client_max_body_size 0;
  52.  
  53. add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
  54. add_header X-Content-Type-Options nosniff;
  55. add_header X-XSS-Protection "1; mode=block";
  56. add_header X-Robots-Tag none;
  57. add_header Content-Security-Policy "frame-ancestors https://*.$server_name https://$server_name"; # Add your domains you want to enable iframing on. Use sub-strong-ssl.conf on subdomains you want to iframe.
  58. add_header X-Frame-Options sameorigin;
  59. add_header Referrer-Policy "strict-origin-when-cross-origin";
  60. proxy_cookie_path / "/; HTTPOnl; Secure"; ##NOTE: This may cause issues with unifi. Remove HTTPOnly; or create another ssl config for unifi.
  61. more_set_headers "Server: Classified";
  62. more_clear_headers 'X-Powered-By';
  63.  
  64. location / {
  65. proxy_pass http://192.xxxxx;
  66. proxy_set_header Host $host;
  67. proxy_set_header X-Forwarded-Host $server_name;
  68. proxy_set_header X-Real-IP $remote_addr;
  69. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  70. proxy_set_header X-Forwarded-Ssl on;
  71. proxy_set_header X-Forwarded-Proto $scheme;
  72. proxy_read_timeout 90;
  73. proxy_redirect http://192.xxxxx https://$host;
  74. }
  75.  
  76. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!