Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- http {
- ...
- ...
- ...
- ssl_certificate /etc/pki/tls/certs/server.crt;
- ssl_certificate_key /etc/pki/tls/private/server.key;
- ssl_session_cache builtin:1000 shared:SSL:10m;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
- ssl_prefer_server_ciphers on;
- server {
- listen 10.xxx.xx.xx:80;
- listen [2xxx:xxxx:xxx:xx::12]:80;
- server_name usdsb.nwk.jwm2.net;
- return 301 https://$host$request_uri;
- }
- # SSL
- server {
- listen 10.xxx.xx.12:443 default_server;
- listen [2xxx:xxxx:xxx:xx::12]:443 default_server;
- server_name usdsb.nwk.jwm2.net;
- ssl on;
- # include location directory to other web services
- include /etc/nginx/locations/*.conf;
- add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
- add_header X-Frame-Options "SAMEORIGIN";
- resolver 127.0.0.1;
- location /auth_verify {
- internal;
- proxy_pass_request_body off;
- proxy_set_header Host $http_host;
- proxy_set_header X-Original-URI $request_uri;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Content-Length "";
- proxy_set_header Proxy-Authorization $http_authorization;
- proxy_pass https://login.nwk.jwm2.net/api/verify;
- }
- location /secure {
- auth_request /auth_verify;
- auth_request_set $redirect $upstream_http_redirect;
- auth_request_set $user $upstream_http_remote_user;
- proxy_set_header X-Forwarded-User $user;
- auth_request_set $groups $upstream_http_remote_groups;
- proxy_set_header Remote-Groups $groups;
- error_page 401 =302 https://login.nwk.jwm2.net?redirect=$redirect;
- #error_page 403 = https://login.nwk.jwm2.net/error/403;
- alias /home/config/FIRMWARES;
- autoindex on;
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
