rav4s
/
NginX-Config-Files
mirror of https://github.com/Rav4s/NginX-Config-Files
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
Some config files for the NginX web server & reverse proxy server
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12 Commits
1 Branch
0 Tags
34 KiB
Tree: 7308dbdae1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7308dbdae1'
${ noResults }
NginX-Config-Files/subdomain-proxy.conf

57 lines
1.9 KiB
Raw Normal View History

Added example config for a subdomain other than www
5 years ago
Added explanations for security headers
5 years ago
Added permissions policy to opt-out of Google FLoC (Federated Learning of Cohorts)
5 years ago
Added explanations for security headers
5 years ago
Added example config for a subdomain other than www
5 years ago
  1. # Example configuration for another subdomain
  3. # Redirect http traffic to https
  5. server {
  6. listen 80;
  7. server_name YOURSUBDOMAIN.YOURSITEDOMAIN.com;
  8. return 301 https://$host$request_uri;
  9. }
  11. # Main https server block
  13. server {
  15. listen 443;
  16. server_name YOURSUBDOMAIN.YOURSITEDOMAIN.com;
  18. # SSL configuration
  20. ssl_certificate /etc/letsencrypt/live/YOURSUBDOMAIN.YOURSITEDOMAIN.com/fullchain.pem; # managed by Certbot
  21. ssl_certificate_key /etc/letsencrypt/live/YOURSUBDOMAIN.YOURSITEDOMAIN.com/privkey.pem; # managed by Certbot
  22. ssl on;
  23. ssl_session_cache builtin:1000 shared:SSL:10m;
  24. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  25. ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
  26. ssl_prefer_server_ciphers on;
  28. # Set the access log location
  30. access_log /var/log/nginx/YOURSUBDOMAIN.access.log;
  32. location / {
  34. # Set the proxy headers
  36. proxy_set_header Host $host;
  37. proxy_set_header X-Real-IP $remote_addr;
  38. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  39. proxy_set_header X-Forwarded-Proto $scheme;
  41. # Configure which address the request is proxied to
  43. proxy_pass http://YOURSERVER:YOURPORT;
  44. proxy_read_timeout 90;
  45. proxy_redirect http://YOURSERVER:YOURPORT https://YOURSUBDOMAIN.YOURSITEDOMAIN.com;
  47. # Set the security headers
  49. add-header Permissions-Policy "interest-cohort=()"; # Don't allow Google FLoC
  50. add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; #HSTS
  51. add_header X-Frame-Options DENY; #Prevents clickjacking
  52. add_header X-Content-Type-Options nosniff; #Prevents mime sniffing
  53. add_header X-XSS-Protection "1; mode=block"; #Prevents cross-site scripting attacks
  54. add_header Referrer-Policy "origin"; #Idk what this actually does";
  55. }
  57. }