|
|
|
@ -0,0 +1,56 @@ |
|
|
|
# Example configuration for another subdomain |
|
|
|
|
|
|
|
# Redirect http traffic to https |
|
|
|
|
|
|
|
server { |
|
|
|
listen 80; |
|
|
|
server_name YOURSUBDOMAIN.YOURSITEDOMAIN.com; |
|
|
|
return 301 https://$host$request_uri; |
|
|
|
} |
|
|
|
|
|
|
|
# Main https server block |
|
|
|
|
|
|
|
server { |
|
|
|
|
|
|
|
listen 443; |
|
|
|
server_name YOURSUBDOMAIN.YOURSITEDOMAIN.com; |
|
|
|
|
|
|
|
# SSL configuration |
|
|
|
|
|
|
|
ssl_certificate /etc/letsencrypt/live/YOURSUBDOMAIN.YOURSITEDOMAIN.com/fullchain.pem; # managed by Certbot |
|
|
|
ssl_certificate_key /etc/letsencrypt/live/YOURSUBDOMAIN.YOURSITEDOMAIN.com/privkey.pem; # managed by Certbot |
|
|
|
ssl on; |
|
|
|
ssl_session_cache builtin:1000 shared:SSL:10m; |
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
|
|
|
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; |
|
|
|
ssl_prefer_server_ciphers on; |
|
|
|
|
|
|
|
# Set the access log location |
|
|
|
|
|
|
|
access_log /var/log/nginx/YOURSUBDOMAIN.access.log; |
|
|
|
|
|
|
|
location / { |
|
|
|
|
|
|
|
# Set the proxy headers |
|
|
|
|
|
|
|
proxy_set_header Host $host; |
|
|
|
proxy_set_header X-Real-IP $remote_addr; |
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
|
|
proxy_set_header X-Forwarded-Proto $scheme; |
|
|
|
|
|
|
|
# Configure which address the request is proxied to |
|
|
|
|
|
|
|
proxy_pass http://YOURSERVER:YOURPORT; |
|
|
|
proxy_read_timeout 90; |
|
|
|
proxy_redirect http://YOURSERVER:YOURPORT https://YOURSUBDOMAIN.YOURSITEDOMAIN.com; |
|
|
|
|
|
|
|
# Set the security headers |
|
|
|
|
|
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; |
|
|
|
add_header X-Frame-Options DENY; |
|
|
|
add_header X-Content-Type-Options nosniff; |
|
|
|
add_header X-XSS-Protection "1; mode=block"; |
|
|
|
add_header Referrer-Policy "origin"; |
|
|
|
} |
|
|
|
|
|
|
|
} |
