Skip to content

Instantly share code, notes, and snippets.

@dillonhafer

dillonhafer/nginx.conf

Created August 12, 2022 22:34
Show Gist options
  • Save dillonhafer/002c32b794277016938068a4601cf137 to your computer and use it in GitHub Desktop.
Save dillonhafer/002c32b794277016938068a4601cf137 to your computer and use it in GitHub Desktop.
Download ZIP
Dream Machine Pro TLS reverse Proxy with nginx
Raw
nginx.conf
# Custom Domain: dmp.dillonhafer.com
# DMP's LAN ip: 172.16.0.1
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name dmp.dillonhafer.com;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
add_header X-Frame-Options DENY;
add_header Strict-Transport-Security "max-age=31536000;" always;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
ssl_prefer_server_ciphers on;
ssl_certificate /dmp.dillonhafer.com.fullchain.pem;
ssl_certificate_key /dmp.dillonhafer.com.privkey.pem;
location / {
proxy_pass https://172.16.0.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host 172.16.0.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
}
location /api/ws/ {
proxy_pass https://172.16.0.1:443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
location /ws/ {
proxy_pass https://172.16.0.1:443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
location /proxy/protect/ws/ {
proxy_pass https://172.16.0.1:443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment