49 lines
1.4 KiB
Plaintext
49 lines
1.4 KiB
Plaintext
map $http_upgrade $connection_upgrade {
|
|
default upgrade;
|
|
'' close;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
server_name g1.cipherbliss.com;
|
|
|
|
# Ne s'applique pas si vous utilisez un sous-domaine
|
|
if ($host = www.g1.cipherbliss.com) {
|
|
return 301 https://g1.cipherbliss.com$request_uri;
|
|
}
|
|
|
|
access_log /var/log/nginx/duniter-access.log;
|
|
error_log /var/log/nginx/duniter-error.log;
|
|
|
|
location / {
|
|
proxy_pass http://127.0.0.1:10901;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection 'upgrade';
|
|
proxy_set_header Host $host;
|
|
proxy_cache_bypass $http_upgrade;
|
|
}
|
|
|
|
location /ws2p {
|
|
proxy_pass http://127.0.0.1:10901;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
}
|
|
|
|
# HTTPS
|
|
ssl_certificate /etc/letsencrypt/live/g1.cipherbliss.com/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/g1.cipherbliss.com/privkey.pem;
|
|
ssl_protocols TLSv1.2;
|
|
ssl_ecdh_curve prime256v1;
|
|
ssl_ciphers EECDH+AESGCM:EECDH+AES;
|
|
ssl_prefer_server_ciphers on;
|
|
resolver 80.67.169.12 80.67.169.40 valid=300s;
|
|
resolver_timeout 5s;
|
|
ssl_session_cache shared:SSL:10m;
|
|
add_header Strict-Transport-Security "max-age=15768000";
|
|
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
|
}
|