You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
56 lines
1.7 KiB
56 lines
1.7 KiB
# Example configuration for another subdomain
|
|
|
|
# Redirect http traffic to https
|
|
|
|
server {
|
|
listen 80;
|
|
server_name YOURSUBDOMAIN.YOURSITEDOMAIN.com;
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
# Main https server block
|
|
|
|
server {
|
|
|
|
listen 443;
|
|
server_name YOURSUBDOMAIN.YOURSITEDOMAIN.com;
|
|
|
|
# SSL configuration
|
|
|
|
ssl_certificate /etc/letsencrypt/live/YOURSUBDOMAIN.YOURSITEDOMAIN.com/fullchain.pem; # managed by Certbot
|
|
ssl_certificate_key /etc/letsencrypt/live/YOURSUBDOMAIN.YOURSITEDOMAIN.com/privkey.pem; # managed by Certbot
|
|
ssl on;
|
|
ssl_session_cache builtin:1000 shared:SSL:10m;
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# Set the access log location
|
|
|
|
access_log /var/log/nginx/YOURSUBDOMAIN.access.log;
|
|
|
|
location / {
|
|
|
|
# Set the proxy headers
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# Configure which address the request is proxied to
|
|
|
|
proxy_pass http://YOURSERVER:YOURPORT;
|
|
proxy_read_timeout 90;
|
|
proxy_redirect http://YOURSERVER:YOURPORT https://YOURSUBDOMAIN.YOURSITEDOMAIN.com;
|
|
|
|
# Set the security headers
|
|
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
|
|
add_header X-Frame-Options DENY;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Referrer-Policy "origin";
|
|
}
|
|
|
|
}
|