Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Nginx reverse proxy - KhalilSecurity
- https://www.youtube.com/channel/UCWzXbclzEvSbQb4wQ6_em4A
- ============================================================
- apt install nginx
- systemctl enable nginx
- openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/guacamole-selfsigned.key -out /etc/ssl/certs/guacamole-selfsigned.crt
- gedit /etc/nginx/sites-available/nginx-guacamole-ssl
- ------------------------------------
- server {
- listen 80;
- server_name khalil.fortiddns.com;
- return 301 https://$host$request_uri;
- }
- server {
- listen 443 ssl;
- server_name khalil.fortiddns.com;
- root /var/www/html;
- index index.html index.htm index.nginx-debian.html;
- ssl_certificate /etc/ssl/certs/guacamole-selfsigned.crt;
- ssl_certificate_key /etc/ssl/private/guacamole-selfsigned.key;
- ssl_protocols TLSv1.2 TLSv1.3;
- ssl_prefer_server_ciphers on;
- ssl_dhparam /etc/nginx/dhparam.pem;
- ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
- ssl_ecdh_curve secp384r1;
- ssl_session_timeout 10m;
- ssl_session_cache shared:SSL:10m;
- resolver 192.168.42.129 8.8.8.8 valid=300s;
- resolver_timeout 5s;
- add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
- add_header X-Frame-Options DENY;
- add_header X-Content-Type-Options nosniff;
- add_header X-XSS-Protection "1; mode=block";
- access_log /var/log/nginx/guac_access.log;
- error_log /var/log/nginx/guac_error.log;
- location / {
- proxy_pass http://khalil.fortiddns.com:8080/guacamole/;
- proxy_buffering off;
- proxy_http_version 1.1;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
- proxy_cookie_path /guacamole/ /;
- }
- }
- -----------------------------
- openssl dhparam -dsaparam -out /etc/nginx/dhparam.pem 4096
- ln -s /etc/nginx/sites-available/nginx-guacamole-ssl /etc/nginx/sites-enabled/
- Restart Ubuntu
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement