6543/nginx_config
2
2
Fork 1
Code Issues 3 Pull Requests Projects Releases Wiki Activity

Format & Clean

Browse Source
This commit is contained in:
6543 2021-01-23 00:10:53 +01:00
parent 6259f0be35
commit 9c13cc42d4
Signed by: 6543
GPG Key ID: C99B82E40B027BAE
7 changed files with 42 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
sites-available/default
View File

@ -1,13 +1,13 @@
server { server {
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;


root /var/www/html; root /var/www/html;
index index.html; index index.html;


server_name my.domain.com; server_name my.domain.com;


ssl_certificate /etc/letsencrypt/live/my.domain.com/fullchain.pem; ssl_certificate /etc/letsencrypt/live/my.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.domain.com/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/my.domain.com/privkey.pem;
include /etc/nginx/snippets/ssl_options.conf; include /etc/nginx/snippets/ssl_options.conf;


@ -16,13 +16,12 @@ server {
client_max_body_size 5M; client_max_body_size 5M;
client_body_buffer_size 256K; client_body_buffer_size 256K;


sendfile on; sendfile on;
send_timeout 600s; send_timeout 600s;


location / { location / {
proxy_pass http://192.168.2.1/; proxy_pass http://192.168.2.1/;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;


proxy_buffering on; proxy_buffering on;
proxy_buffers 12 12k; proxy_buffers 12 12k;
@ -33,5 +32,5 @@ server {
proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443; proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host; proxy_set_header Host $host;
} }
} }

2
sites-available/http_2_https
View File

@ -1,7 +1,7 @@
server { server {
listen 80 default_server; listen 80 default_server;
listen [::]:80 default_server ipv6only=on; listen [::]:80 default_server ipv6only=on;

server_name *.de ; server_name *.de ;


include /etc/nginx/snippets/letsencrypt.conf; include /etc/nginx/snippets/letsencrypt.conf;

44
sites-available/nextcloud
View File

@ -1,32 +1,32 @@
server { server {
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;


root /var/www/html; root /var/www/html;
index index.html; index index.html;


server_name cloud.domain.com; server_name cloud.domain.com;


ssl_certificate /etc/letsencrypt/live/cloud.domain.com/fullchain.pem; ssl_certificate /etc/letsencrypt/live/cloud.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloud.domain.com/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/cloud.domain.com/privkey.pem;
include /etc/nginx/snippets/ssl_options.conf; include /etc/nginx/snippets/ssl_options.conf;


client_body_in_file_only clean; client_body_in_file_only clean;
client_body_buffer_size 128K; client_body_buffer_size 128K;


client_max_body_size 5g; client_max_body_size 5g;


sendfile on; sendfile on;
send_timeout 600s; send_timeout 600s;


location / { location / {
proxy_pass http://192.168.2.2/; proxy_pass http://192.168.2.2/;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;


proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off; proxy_redirect off;
} }
} }

13
snippets/fastcgi-php.conf
View File

@ -1,13 +0,0 @@
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+?\.php)(/.*)$;

# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;

# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;

fastcgi_index index.php;
include fastcgi.conf;

5
snippets/snakeoil.conf
View File

@ -1,5 +0,0 @@
# Self signed certificates generated by the ssl-cert package
# Don't use them in a production server!

ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

15
snippets/ssl.conf
View File

@ -1,15 +0,0 @@
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

ssl_protocols TLSv1.2;
ssl_ciphers EECDH+AESGCM:EECDH+AES;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;

ssl_stapling on;
ssl_stapling_verify on;

add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

8
snippets/ssl_options.conf
View File

@ -1,9 +1,15 @@
ssl_session_timeout 1d; ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_session_cache shared:SSL:50m;
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;

add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;