Advertisement
Guest User

Untitled

a guest
Feb 10th, 2023
565
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.45 KB | None | 0 0
  1. upstream docservice {
  2. server my-document-server-address;
  3. }
  4.  
  5. map $http_host $this_host {
  6. "" $host;
  7. default $http_host;
  8. }
  9.  
  10. map $http_x_forwarded_proto $the_scheme {
  11. default $http_x_forwarded_proto;
  12. "" $scheme;
  13. }
  14.  
  15. map $http_x_forwarded_host $the_host {
  16. default $http_x_forwarded_host;
  17. "" $this_host;
  18. }
  19.  
  20. map $http_upgrade $proxy_connection {
  21. default upgrade;
  22. "" close;
  23. }
  24.  
  25. proxy_set_header Upgrade $http_upgrade;
  26. proxy_set_header Connection $proxy_connection;
  27. proxy_set_header X-Forwarded-Host $the_host;
  28. proxy_set_header X-Forwarded-Proto $the_scheme;
  29. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  30.  
  31. server {
  32. listen 0.0.0.0:80;
  33. listen [::]:80 default_server;
  34. server_name _;
  35. server_tokens off;
  36.  
  37. return 301 https://$server_name:443$request_uri;
  38. }
  39.  
  40. server {
  41. listen 0.0.0.0:443 ssl;
  42. listen [::]:443 ssl default_server;
  43. server_tokens off;
  44. root /usr/share/nginx/html;
  45.  
  46. ssl on;
  47. ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  48. ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  49. ssl_verify_client off;
  50.  
  51. ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  52.  
  53. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  54. ssl_session_cache builtin:1000 shared:SSL:10m;
  55.  
  56. ssl_prefer_server_ciphers on;
  57.  
  58. add_header X-Content-Type-Options nosniff;
  59.  
  60. location / {
  61. proxy_pass http://docservice;
  62. proxy_http_version 1.1;
  63. }
  64. }
  65.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement