nuriel77 · February 6, 2020 20:42
diff --git a/hornet.conf b/hornet.conf
 upstream hornet_dashboard {
    server 127.0.0.1:8087;
 }

 # Rate limit requestsi
 limit_req_zone $binary_remote_addr zone=hornet_dashboard:2m rate=10r/s;

 server {
    limit_req zone=hornet_dashboard burst=25;
    listen 8081 default_server ssl http2;
    server_name _;
    server_tokens off;

    # Redirect same port from http to https
    # This directive is only used when using any
    # port other than 80
    error_page 497 https://$host:$server_port$request_uri;

    # Here you would include the SSL directives
    # or include a file containing the SSL directives
    include /etc/nginx/conf.d/ssl.cfg;

    # For password authentication use a htpasswd file
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.htpasswd;

    location /ws {
        proxy_pass http://hornet_dashboard/ws;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 86400;
    }

    location / {
        proxy_pass http://hornet_dashboard;
    }
 }
diff --git a/ssl.cfg b/ssl.cfg
 ssl_certificate /etc/letsencrypt/live/node01.x-vps.com/cert.pem;
 ssl_certificate_key /etc/letsencrypt/live/node01.x-vps.com/privkey.pem;

 # If you choose to add dhparam, run this command and
 # remove # from the line beginning with `ssl_dhparam`:
 # `cd /etc/ssl/private && openssl dhparam -out dhparam.pem 4096`
 #ssl_dhparam /etc/ssl/private/dhparam.pem;

 ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL';
 ssl_session_timeout 1d;
 ssl_session_cache shared:SSL:10m;
 ssl_ecdh_curve secp384r1;
 resolver 8.8.8.8 8.8.4.4 valid=300s;
 resolver_timeout 10s;
 ssl_stapling on;
 ssl_stapling_verify on;
 ssl_trusted_certificate /etc/letsencrypt/live/node01.x-vps.com/fullchain.pem;
 add_header Strict-Transport-Security max-age=15768000;
 add_header X-Frame-Options DENY;
 add_header X-Content-Type-Options nosniff;
	upstream hornet_dashboard {
	server 127.0.0.1:8087;
	}

	# Rate limit requestsi
	limit_req_zone $binary_remote_addr zone=hornet_dashboard:2m rate=10r/s;

	server {
	limit_req zone=hornet_dashboard burst=25;
	listen 8081 default_server ssl http2;
	server_name _;
	server_tokens off;

	# Redirect same port from http to https
	# This directive is only used when using any
	# port other than 80
	error_page 497 https://$host:$server_port$request_uri;

	# Here you would include the SSL directives
	# or include a file containing the SSL directives
	include /etc/nginx/conf.d/ssl.cfg;

	# For password authentication use a htpasswd file
	auth_basic "Restricted";
	auth_basic_user_file /etc/nginx/.htpasswd;

	location /ws {
	proxy_pass http://hornet_dashboard/ws;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_read_timeout 86400;
	}

	location / {
	proxy_pass http://hornet_dashboard;
	}
	}
	ssl_certificate /etc/letsencrypt/live/node01.x-vps.com/cert.pem;
	ssl_certificate_key /etc/letsencrypt/live/node01.x-vps.com/privkey.pem;

	# If you choose to add dhparam, run this command and
	# remove # from the line beginning with `ssl_dhparam`:
	# `cd /etc/ssl/private && openssl dhparam -out dhparam.pem 4096`
	#ssl_dhparam /etc/ssl/private/dhparam.pem;

	ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL';
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:10m;
	ssl_ecdh_curve secp384r1;
	resolver 8.8.8.8 8.8.4.4 valid=300s;
	resolver_timeout 10s;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_trusted_certificate /etc/letsencrypt/live/node01.x-vps.com/fullchain.pem;
	add_header Strict-Transport-Security max-age=15768000;
	add_header X-Frame-Options DENY;
	add_header X-Content-Type-Options nosniff;