Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- upstream docservice {
- server my-document-server-address;
- }
- map $http_host $this_host {
- "" $host;
- default $http_host;
- }
- map $http_x_forwarded_proto $the_scheme {
- default $http_x_forwarded_proto;
- "" $scheme;
- }
- map $http_x_forwarded_host $the_host {
- default $http_x_forwarded_host;
- "" $this_host;
- }
- map $http_upgrade $proxy_connection {
- default upgrade;
- "" close;
- }
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $proxy_connection;
- proxy_set_header X-Forwarded-Host $the_host;
- proxy_set_header X-Forwarded-Proto $the_scheme;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- server {
- listen 0.0.0.0:80;
- listen [::]:80 default_server;
- server_name _;
- server_tokens off;
- return 301 https://$server_name:443$request_uri;
- }
- server {
- listen 0.0.0.0:443 ssl;
- listen [::]:443 ssl default_server;
- server_tokens off;
- root /usr/share/nginx/html;
- ssl on;
- ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
- ssl_verify_client off;
- ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_session_cache builtin:1000 shared:SSL:10m;
- ssl_prefer_server_ciphers on;
- add_header X-Content-Type-Options nosniff;
- location / {
- proxy_pass http://docservice;
- proxy_http_version 1.1;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement