scripts/nginx_config_maker/prod/lxc_containers/duniter.conf

map $http_upgrade $connection_upgrade {
 default upgrade;
 '' close;
}

server {
	 listen 443 ssl http2;
	 listen [::]:443 ssl http2;
	 server_name g1.cipherbliss.com;

	 # Ne s'applique pas si vous utilisez un sous-domaine
	 if ($host = www.g1.cipherbliss.com) {
	  return 301 https://g1.cipherbliss.com$request_uri;
	 }

	 access_log /var/log/nginx/duniter-access.log;
	 error_log /var/log/nginx/duniter-error.log;

	    location / {
		proxy_pass http://127.0.0.1:10901;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection 'upgrade';
		proxy_set_header Host $host;
		proxy_cache_bypass $http_upgrade;
	    }

	    location /ws2p {
		        proxy_pass http://127.0.0.1:10901;
		        proxy_http_version 1.1;
		        proxy_set_header Upgrade $http_upgrade;
		        proxy_set_header Connection "upgrade";
	    }

	 # HTTPS
	 ssl_certificate /etc/letsencrypt/live/g1.cipherbliss.com/fullchain.pem;
	 ssl_certificate_key /etc/letsencrypt/live/g1.cipherbliss.com/privkey.pem;
	 ssl_protocols TLSv1.2;
	 ssl_ecdh_curve prime256v1;
	 ssl_ciphers EECDH+AESGCM:EECDH+AES;
	 ssl_prefer_server_ciphers on;
	 resolver 80.67.169.12 80.67.169.40 valid=300s;
	 resolver_timeout 5s;
	 ssl_session_cache shared:SSL:10m;
	 add_header Strict-Transport-Security "max-age=15768000";

	 add_header Referrer-Policy "strict-origin-when-cross-origin";
 }
backup prod files 2023-06-15 19:42:12 +02:00			`map $http_upgrade $connection_upgrade {`
			`default upgrade;`
			`'' close;`
			`}`

			`server {`
			`listen 443 ssl http2;`
			`listen [::]:443 ssl http2;`
			`server_name g1.cipherbliss.com;`

			`# Ne s'applique pas si vous utilisez un sous-domaine`
			`if ($host = www.g1.cipherbliss.com) {`
			`return 301 https://g1.cipherbliss.com$request_uri;`
			`}`

			`access_log /var/log/nginx/duniter-access.log;`
			`error_log /var/log/nginx/duniter-error.log;`

			`location / {`
			`proxy_pass http://127.0.0.1:10901;`
			`proxy_http_version 1.1;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection 'upgrade';`
			`proxy_set_header Host $host;`
			`proxy_cache_bypass $http_upgrade;`
			`}`

			`location /ws2p {`
			`proxy_pass http://127.0.0.1:10901;`
			`proxy_http_version 1.1;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection "upgrade";`
			`}`

			`# HTTPS`
			`ssl_certificate /etc/letsencrypt/live/g1.cipherbliss.com/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/g1.cipherbliss.com/privkey.pem;`
			`ssl_protocols TLSv1.2;`
			`ssl_ecdh_curve prime256v1;`
			`ssl_ciphers EECDH+AESGCM:EECDH+AES;`
			`ssl_prefer_server_ciphers on;`
			`resolver 80.67.169.12 80.67.169.40 valid=300s;`
			`resolver_timeout 5s;`
			`ssl_session_cache shared:SSL:10m;`
			`add_header Strict-Transport-Security "max-age=15768000";`

			`add_header Referrer-Policy "strict-origin-when-cross-origin";`
			`}`