scripts/nginx_config_maker/prod/lxc_containers/duniter.conf

49 lines
1.4 KiB
Plaintext

map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name g1.cipherbliss.com;
# Ne s'applique pas si vous utilisez un sous-domaine
if ($host = www.g1.cipherbliss.com) {
return 301 https://g1.cipherbliss.com$request_uri;
}
access_log /var/log/nginx/duniter-access.log;
error_log /var/log/nginx/duniter-error.log;
location / {
proxy_pass http://127.0.0.1:10901;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /ws2p {
proxy_pass http://127.0.0.1:10901;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# HTTPS
ssl_certificate /etc/letsencrypt/live/g1.cipherbliss.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/g1.cipherbliss.com/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ecdh_curve prime256v1;
ssl_ciphers EECDH+AESGCM:EECDH+AES;
ssl_prefer_server_ciphers on;
resolver 80.67.169.12 80.67.169.40 valid=300s;
resolver_timeout 5s;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=15768000";
add_header Referrer-Policy "strict-origin-when-cross-origin";
}