martinrusev · August 29, 2015 14:17
diff --git a/amon.conf b/amon.conf
 {
 "host": "https://subdomain.amon:9001"
 }
diff --git a/nginx.conf b/nginx.conf
 worker_processes 4;
 user nobody nogroup;
 error_log /var/log/nginx.error.log ;

 events {
 	worker_connections 1024;
 	accept_mutex off;
 }

 http {
 	include mime.types;
 	default_type application/octet-stream;
 	access_log off;
 	sendfile on;
 	tcp_nopush on;
 	tcp_nodelay on;
 	keepalive_timeout 15;
 	types_hash_max_size 2048;
 	server_names_hash_bucket_size 64;
 	client_max_body_size 4G;

 	upstream app_server {
 		server 127.0.0.1:8000 fail_timeout=0;
 	}


 	ssl_certificate   /etc/nginx/ssl/amon_cx_bundle.cer;
 	ssl_certificate_key /etc/nginx/ssl/amon_cx.key;
 	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
 	
 	 # Add perfect forward secrecy
 	ssl_prefer_server_ciphers on;


 upstream subdomain {
    server 127.0.0.1:9001 fail_timeout=10;
 }

 server {
        listen 80;
        server_name subdomain.amon;
        return 301 https://subdomain.amon$request_uri;
    }


 server {
    listen 443 ssl;
    server_name  subdomain.amon;

     location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_intercept_errors off;
        proxy_pass   http://subdomain;
    }

 }

 	}


 }
	worker_processes 4;
	user nobody nogroup;
	error_log /var/log/nginx.error.log ;

	events {
	worker_connections 1024;
	accept_mutex off;
	}

	http {
	include mime.types;
	default_type application/octet-stream;
	access_log off;
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 15;
	types_hash_max_size 2048;
	server_names_hash_bucket_size 64;
	client_max_body_size 4G;

	upstream app_server {
	server 127.0.0.1:8000 fail_timeout=0;
	}


	ssl_certificate /etc/nginx/ssl/amon_cx_bundle.cer;
	ssl_certificate_key /etc/nginx/ssl/amon_cx.key;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

	# Add perfect forward secrecy
	ssl_prefer_server_ciphers on;


	upstream subdomain {
	server 127.0.0.1:9001 fail_timeout=10;
	}

	server {
	listen 80;
	server_name subdomain.amon;
	return 301 https://subdomain.amon$request_uri;
	}


	server {
	listen 443 ssl;
	server_name subdomain.amon;

	location / {
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_redirect off;
	proxy_intercept_errors off;
	proxy_pass http://subdomain;
	}

	}

	}


	}