Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- http {
- include mime.types;
- default_type application/octet-stream;
- server_names_hash_bucket_size 64;
- #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- # '$status $body_bytes_sent "$http_referer" '
- # '"$http_user_agent" "$http_x_forwarded_for"';
- #access_log logs/access.log main;
- sendfile on;
- #tcp_nopush on;
- #keepalive_timeout 0;
- keepalive_timeout 65;
- # redirect all traffic to https
- server {
- listen 80 default_server;
- listen [::]:80 default_server;
- server_name requests.bobb.com;
- return 301 https://$host$request_uri;
- location / {
- root html;
- index index.html index.htm;
- }
- }
- # HTTPS with SSL
- server {
- listen 443 ssl;
- listen [::]:443 ssl;
- server_name requests.bobb.com;
- ## Certificates from LE container placement
- ssl_certificate /config/keys/letsencrypt/fullchain.pem;
- ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
- ## Strong Security recommended settings per cipherli.st
- ssl_dhparam /config/nginx/dhparams.pem; # Bit value: 4096
- ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
- ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
- ssl_session_timeout 10m;
- client_max_body_size 0;
- add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
- add_header X-Content-Type-Options nosniff;
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Robots-Tag none;
- add_header Content-Security-Policy "frame-ancestors https://*.$server_name https://$server_name"; # Add your domains you want to enable iframing on. Use sub-strong-ssl.conf on subdomains you want to iframe.
- add_header X-Frame-Options sameorigin;
- add_header Referrer-Policy "strict-origin-when-cross-origin";
- proxy_cookie_path / "/; HTTPOnl; Secure"; ##NOTE: This may cause issues with unifi. Remove HTTPOnly; or create another ssl config for unifi.
- more_set_headers "Server: Classified";
- more_clear_headers 'X-Powered-By';
- location / {
- proxy_pass http://192.xxxxx;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Host $server_name;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Ssl on;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_read_timeout 90;
- proxy_redirect http://192.xxxxx https://$host;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement