nginx.conf 1.7 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162
  1. server {
  2. listen 80;
  3. server_name YOURDOMAIN.TLD;
  4. return 301 https://$server_name$request_uri;
  5. }
  6. server {
  7. listen 443 ssl;
  8. listen [::]:443 ssl;
  9. server_name YOURDOMAIN.TLD;
  10. charset utf-8;
  11. location / {
  12. proxy_pass http://localhost:YOURCUSTOMPORT;
  13. proxy_http_version 1.1;
  14. proxy_set_header Upgrade $http_upgrade;
  15. proxy_set_header Connection 'upgrade';
  16. proxy_set_header Host $host;
  17. proxy_cache_bypass $http_upgrade;
  18. #proxy_set_header X-Forwarded-Host $custom_forwarded_host;
  19. #proxy_set_header X-Forwarded-Server $host;
  20. #proxy_set_header X-Real-IP $remote_addr;
  21. #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  22. #proxy_set_header X-Forwarded-Proto $scheme;
  23. }
  24. location = /favicon.ico { access_log off; log_not_found off; }
  25. location = /robots.txt { access_log off; log_not_found off; }
  26. access_log on;
  27. #error_log /var/www/YOURPROJECTNAME/log/error.log;
  28. sendfile off;
  29. client_max_body_size 100m;
  30. #SSL Certificates
  31. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  32. ssl_certificate "/etc/letsencrypt/live/YOURDOMAIN.LTD/fullchain.pem";
  33. ssl_certificate_key "/etc/letsenc8ypt/live/YOURDOMAIN.LTD/privkey.pem";
  34. ssl_dhparam /etc/nginx/ssl/certs/YOURDOMAIN.LTD/dhparam.pem;
  35. # ssl_session_cache shared:SSL:1m;
  36. ssl_session_timeout 10m;
  37. ssl_ciphers HIGH:!aNULL:!MD5;
  38. #ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  39. ssl_prefer_server_ciphers on;
  40. add_header Strict-Transport-Security "max-age=31536000;
  41. #includeSubDomains" always;
  42. location ~ /\.ht {
  43. deny all;
  44. }
  45. # website should not be displayed inside a <frame>, an <iframe> or an <object>
  46. add_header X-Frame-Options SAMEORIGIN;
  47. }