jeserodz · August 22, 2019 09:54
diff --git a/nginx-reverse-proxy b/nginx-reverse-proxy
 # Basic configuration to set NGNIX as a reverse proxy
 # Location: /etc/nginx/sites-available/com.fiberxel
 # Linked to: /etc/nginx/sites-enabled/com.fiberxel

 server {
    listen 80;
    listen [::]:80;

    server_name fiberxel.com;

    location / {
        proxy_pass "http://127.0.0.1:3002";
    }

    # redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
    return 301 https://$host$request_uri;
 }

 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name fiberxel.com;

    location / {
        proxy_pass "http://127.0.0.1:3002";
    }

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /etc/letsencrypt/live/fiberxel.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/fiberxel.com/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
    ssl_session_tickets off;

    # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem
    #ssl_dhparam /path/to/dhparam.pem;

    # intermediate configuration
    #ssl_protocols TLSv1.2 TLSv1.3;
    #ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    #ssl_prefer_server_ciphers off;

    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
    add_header Strict-Transport-Security "max-age=63072000" always;
 }
	# Basic configuration to set NGNIX as a reverse proxy
	# Location: /etc/nginx/sites-available/com.fiberxel
	# Linked to: /etc/nginx/sites-enabled/com.fiberxel

	server {
	listen 80;
	listen [::]:80;

	server_name fiberxel.com;

	location / {
	proxy_pass "http://127.0.0.1:3002";
	}

	# redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
	return 301 https://$host$request_uri;
	}

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name fiberxel.com;

	location / {
	proxy_pass "http://127.0.0.1:3002";
	}

	# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
	ssl_certificate /etc/letsencrypt/live/fiberxel.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/fiberxel.com/privkey.pem;
	ssl_session_timeout 1d;
	ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
	ssl_session_tickets off;

	# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem
	#ssl_dhparam /path/to/dhparam.pem;

	# intermediate configuration
	#ssl_protocols TLSv1.2 TLSv1.3;
	#ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
	#ssl_prefer_server_ciphers off;

	# HSTS (ngx_http_headers_module is required) (63072000 seconds)
	add_header Strict-Transport-Security "max-age=63072000" always;
	}