snehesht · February 15, 2019 18:01
diff --git a/nginx.conf b/nginx.conf
 user www-data;
 worker_processes 2;
 error_log /var/log/nginx/nginx.log;
 pid /run/nginx.pid;
 worker_rlimit_nofile 8192;

 ## 4096 Workers per process
 events {
  use epoll;
  worker_connections  4096;
 }

 http {
  server_tokens off;
  keepalive_timeout 10;
  keepalive_requests 2147483647;
  types_hash_max_size 2048;

  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  ssl_protocols TLSv1.2;
  ssl_prefer_server_ciphers on;

  map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
  }

  access_log off;
  error_log /var/log/nginx/error.log crit;

  gzip on;
  gzip_disable "msie6";

  gzip_vary on;
  gzip_proxied any;
  gzip_comp_level 6;
  gzip_buffers 16 8k;
  gzip_http_version 1.1;
  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

  # Add Server Config
  server {

    recursive_error_pages on;
    access_log /var/log/nginx/nginx.log;
    error_log /var/log/nginx/error.log;

    listen 443 ssl;

    server_name band.bunchdev.com;

    ssl on;
    ssl_certificate /etc/nginx/cert.pem;
    ssl_certificate_key /etc/nginx/key.pem;
    ssl_dhparam /etc/nginx/dhparam.pem;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    location / {
      # CORS
      proxy_pass http://0.0.0.0:22000;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
    }
  }
 }
	user www-data;
	worker_processes 2;
	error_log /var/log/nginx/nginx.log;
	pid /run/nginx.pid;
	worker_rlimit_nofile 8192;

	## 4096 Workers per process
	events {
	use epoll;
	worker_connections 4096;
	}

	http {
	server_tokens off;
	keepalive_timeout 10;
	keepalive_requests 2147483647;
	types_hash_max_size 2048;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	ssl_protocols TLSv1.2;
	ssl_prefer_server_ciphers on;

	map $http_upgrade $connection_upgrade {
	default upgrade;
	'' close;
	}

	access_log off;
	error_log /var/log/nginx/error.log crit;

	gzip on;
	gzip_disable "msie6";

	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
	gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	# Add Server Config
	server {

	recursive_error_pages on;
	access_log /var/log/nginx/nginx.log;
	error_log /var/log/nginx/error.log;

	listen 443 ssl;

	server_name band.bunchdev.com;

	ssl on;
	ssl_certificate /etc/nginx/cert.pem;
	ssl_certificate_key /etc/nginx/key.pem;
	ssl_dhparam /etc/nginx/dhparam.pem;
	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:10m;

	location / {
	# CORS
	proxy_pass http://0.0.0.0:22000;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}
	}
	}