tyjak · May 19, 2021 22:09
diff --git a/nginx.conf b/nginx.conf
 # duniter reverse proxy conf
 # GistID: 73fb5272f602c5011aeaaf6b4f8b00d0

 map $http_upgrade $connection_upgrade {
 default upgrade;
 '' close;
 }

 server {
    listen 80;
    server_name duniter.netlib.re;

    return 301 https://$host$request_uri;
 }

 server {
    listen                    443 ssl http2;
    listen                    [::]:443 ssl http2;
    server_name               duniter.netlib.re;

    ssl_certificate           /etc/letsencrypt/live/duniter.netlib.re/fullchain.pem;
    ssl_certificate_key       /etc/letsencrypt/live/duniter.netlib.re/privkey.pem;
    ssl_trusted_certificate   /etc/letsencrypt/live/duniter.netlib.re/chain.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    ssl_protocols TLSv1.2;
    ssl_ciphers EECDH+AESGCM:EECDH+AES;
    ssl_ecdh_curve secp384r1;
    ssl_prefer_server_ciphers on;

    ssl_stapling on;
    ssl_stapling_verify on;

    add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;

    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_pass http://duniter:10901;
    }

    location /ws2p {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_pass http://duniter:20901;
    }
 }
	# duniter reverse proxy conf
	# GistID: 73fb5272f602c5011aeaaf6b4f8b00d0

	map $http_upgrade $connection_upgrade {
	default upgrade;
	'' close;
	}

	server {
	listen 80;
	server_name duniter.netlib.re;

	return 301 https://$host$request_uri;
	}

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name duniter.netlib.re;

	ssl_certificate /etc/letsencrypt/live/duniter.netlib.re/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/duniter.netlib.re/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/duniter.netlib.re/chain.pem;
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;

	ssl_protocols TLSv1.2;
	ssl_ciphers EECDH+AESGCM:EECDH+AES;
	ssl_ecdh_curve secp384r1;
	ssl_prefer_server_ciphers on;

	ssl_stapling on;
	ssl_stapling_verify on;

	add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
	add_header X-Frame-Options DENY;
	add_header X-Content-Type-Options nosniff;

	location / {
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header Host $host;
	proxy_cache_bypass $http_upgrade;
	proxy_pass http://duniter:10901;
	}

	location /ws2p {
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_set_header Host $host;
	proxy_pass http://duniter:20901;
	}
	}