API tools faq
paste
Advertisement
Guest User

Nginx reverse proxy - KhalilSecurity

a guest
Nov 16th, 2019
248
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.05 KB | None | 0 0
raw download clone embed print report
  1. Nginx reverse proxy - KhalilSecurity
  2. https://www.youtube.com/channel/UCWzXbclzEvSbQb4wQ6_em4A
  3. ============================================================
  4. apt install nginx
  5.  
  6. systemctl enable nginx
  7.  
  8.  
  9. openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/guacamole-selfsigned.key -out /etc/ssl/certs/guacamole-selfsigned.crt
  10.  
  11. gedit /etc/nginx/sites-available/nginx-guacamole-ssl
  12. ------------------------------------
  13. server {
  14. listen 80;
  15. server_name khalil.fortiddns.com;
  16. return 301 https://$host$request_uri;
  17. }
  18. server {
  19. listen 443 ssl;
  20. server_name khalil.fortiddns.com;
  21.  
  22. root /var/www/html;
  23.  
  24. index index.html index.htm index.nginx-debian.html;
  25.  
  26. ssl_certificate /etc/ssl/certs/guacamole-selfsigned.crt;
  27. ssl_certificate_key /etc/ssl/private/guacamole-selfsigned.key;
  28.  
  29. ssl_protocols TLSv1.2 TLSv1.3;
  30. ssl_prefer_server_ciphers on;
  31. ssl_dhparam /etc/nginx/dhparam.pem;
  32. ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
  33. ssl_ecdh_curve secp384r1;
  34. ssl_session_timeout 10m;
  35. ssl_session_cache shared:SSL:10m;
  36. resolver 192.168.42.129 8.8.8.8 valid=300s;
  37. resolver_timeout 5s;
  38. add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
  39. add_header X-Frame-Options DENY;
  40. add_header X-Content-Type-Options nosniff;
  41. add_header X-XSS-Protection "1; mode=block";
  42.  
  43. access_log /var/log/nginx/guac_access.log;
  44. error_log /var/log/nginx/guac_error.log;
  45.  
  46. location / {
  47. proxy_pass http://khalil.fortiddns.com:8080/guacamole/;
  48. proxy_buffering off;
  49. proxy_http_version 1.1;
  50. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  51. proxy_set_header Upgrade $http_upgrade;
  52. proxy_set_header Connection $http_connection;
  53. proxy_cookie_path /guacamole/ /;
  54. }
  55.  
  56. }
  57. -----------------------------
  58.  
  59. openssl dhparam -dsaparam -out /etc/nginx/dhparam.pem 4096
  60.  
  61. ln -s /etc/nginx/sites-available/nginx-guacamole-ssl /etc/nginx/sites-enabled/
  62.  
  63.  
  64. Restart Ubuntu
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!