map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name g1.cipherbliss.com; # Ne s'applique pas si vous utilisez un sous-domaine if ($host = www.g1.cipherbliss.com) { return 301 https://g1.cipherbliss.com$request_uri; } access_log /var/log/nginx/duniter-access.log; error_log /var/log/nginx/duniter-error.log; location / { proxy_pass http://127.0.0.1:10901; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } location /ws2p { proxy_pass http://127.0.0.1:10901; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } # HTTPS ssl_certificate /etc/letsencrypt/live/g1.cipherbliss.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/g1.cipherbliss.com/privkey.pem; ssl_protocols TLSv1.2; ssl_ecdh_curve prime256v1; ssl_ciphers EECDH+AESGCM:EECDH+AES; ssl_prefer_server_ciphers on; resolver 80.67.169.12 80.67.169.40 valid=300s; resolver_timeout 5s; ssl_session_cache shared:SSL:10m; add_header Strict-Transport-Security "max-age=15768000"; add_header Referrer-Policy "strict-origin-when-cross-origin"; }