API tools faq
paste
Advertisement
Guest User

default

a guest
Jan 4th, 2018
73
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Nginx 3.93 KB | None | 0 0
raw download clone embed print report
  1. # listening on port 80 disabled by default, remove the "#" signs to enable
  2. # redirect all traffic to https
  3. server {
  4.     listen 80;
  5.     server_name example.com;
  6.     return 301 https://example.com$request_uri;
  7. }
  8.  
  9. # main server block
  10. server {
  11.     listen 443 ssl default_server;
  12.  
  13.     root /config/www;
  14.     index index.html index.htm index.php;
  15.  
  16.     server_name example.com;
  17.  
  18.     ssl_certificate /config/keys/letsencrypt/fullchain.pem;
  19.     ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
  20.     ssl_dhparam /config/nginx/dhparams.pem;
  21.     ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
  22.     ssl_prefer_server_ciphers on;
  23.  
  24.     proxy_buffering off;
  25.  
  26.     client_max_body_size 0;
  27.  
  28. #   location / {
  29. #       try_files $uri $uri/ /index.html /index.php?$args =404;
  30. #   }
  31.  
  32.     location ~ \.php$ {
  33.         fastcgi_split_path_info ^(.+\.php)(/.+)$;
  34.         # With php7-cgi alone:
  35.         fastcgi_pass 127.0.0.1:9000;
  36.         # With php7-fpm:
  37.         #fastcgi_pass unix:/var/run/php7-fpm.sock;
  38.         fastcgi_index index.php;
  39.         include /etc/nginx/fastcgi_params;
  40.     }
  41.  
  42. # sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp"
  43. # notice this is within the same server block as the base
  44. # don't forget to generate the .htpasswd file as described on docker hub
  45.     # Organizr 
  46.     location / {
  47.         include /config/nginx/proxy.conf;
  48.         proxy_pass http://[IP]:81;
  49.         # add_header X-Frame-Options "SAMEORIGIN";
  50.             # proxy_set_header Host $host;
  51.             # proxy_set_header X-Real-IP $remote_addr;
  52.             # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  53.  
  54.     }
  55.    
  56.     # Ombi
  57.     location ^~ /ombi {
  58.         include /config/nginx/proxy.conf;
  59.         proxy_pass http://[IP]:3579/ombi;
  60.         # add_header X-Frame-Options "SAMEORIGIN";
  61.             proxy_set_header Host $host;
  62.             proxy_set_header X-Real-IP $remote_addr;
  63.             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  64.     }
  65.  
  66. }
  67.  
  68. # sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above
  69. # notice this is a new server block, you need a new server block for each subdomain
  70. #server {
  71. #   listen 443 ssl;
  72. #
  73. #   root /config/www;
  74. #   index index.html index.htm index.php;
  75. #
  76. #   server_name cp.*;
  77. #
  78. #   ssl_certificate /config/keys/letsencrypt/fullchain.pem;
  79. #   ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
  80. #   ssl_dhparam /config/nginx/dhparams.pem;
  81. #   ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
  82. #   ssl_prefer_server_ciphers on;
  83. #
  84. #   client_max_body_size 0;
  85. #
  86. #   location / {
  87. #       auth_basic "Restricted";
  88. #       auth_basic_user_file /config/nginx/.htpasswd;
  89. #       include /config/nginx/proxy.conf;
  90. #       proxy_pass http://192.168.1.50:5050;   
  91. #   }
  92. #}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!