SHARE
TWEET

Nginx reverse proxy - KhalilSecurity

a guest Nov 16th, 2019 131 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Nginx reverse proxy - KhalilSecurity
  2. https://www.youtube.com/channel/UCWzXbclzEvSbQb4wQ6_em4A
  3. ============================================================
  4. apt install nginx
  5.  
  6. systemctl enable  nginx
  7.  
  8.  
  9. openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/guacamole-selfsigned.key -out /etc/ssl/certs/guacamole-selfsigned.crt
  10.  
  11. gedit /etc/nginx/sites-available/nginx-guacamole-ssl
  12. ------------------------------------
  13. server {
  14.     listen 80;
  15.     server_name khalil.fortiddns.com;
  16.     return 301 https://$host$request_uri;
  17. }
  18. server {
  19.     listen 443 ssl;
  20.     server_name khalil.fortiddns.com;
  21.  
  22.     root /var/www/html;
  23.  
  24.     index index.html index.htm index.nginx-debian.html;
  25.    
  26.         ssl_certificate /etc/ssl/certs/guacamole-selfsigned.crt;
  27.     ssl_certificate_key /etc/ssl/private/guacamole-selfsigned.key;
  28.  
  29.     ssl_protocols TLSv1.2 TLSv1.3;
  30.     ssl_prefer_server_ciphers on;
  31.     ssl_dhparam /etc/nginx/dhparam.pem;
  32.     ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
  33.     ssl_ecdh_curve secp384r1;
  34.     ssl_session_timeout  10m;
  35.     ssl_session_cache shared:SSL:10m;
  36.     resolver 192.168.42.129 8.8.8.8 valid=300s;
  37.     resolver_timeout 5s;
  38.     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
  39.     add_header X-Frame-Options DENY;
  40.     add_header X-Content-Type-Options nosniff;
  41.     add_header X-XSS-Protection "1; mode=block";
  42.  
  43.     access_log  /var/log/nginx/guac_access.log;
  44.     error_log  /var/log/nginx/guac_error.log;
  45.  
  46.     location / {
  47.             proxy_pass http://khalil.fortiddns.com:8080/guacamole/;
  48.             proxy_buffering off;
  49.             proxy_http_version 1.1;
  50.             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  51.             proxy_set_header Upgrade $http_upgrade;
  52.             proxy_set_header Connection $http_connection;
  53.             proxy_cookie_path /guacamole/ /;
  54.     }
  55.  
  56. }
  57. -----------------------------
  58.  
  59. openssl dhparam -dsaparam -out /etc/nginx/dhparam.pem 4096
  60.  
  61. ln -s /etc/nginx/sites-available/nginx-guacamole-ssl /etc/nginx/sites-enabled/
  62.  
  63.  
  64. Restart Ubuntu
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top