NoPaste

nginx reverse proxy config

von heisenberg

SNIPPET_TEXT:
  1. nginx -T
  2. nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
  3. nginx: configuration file /etc/nginx/nginx.conf test is successful
  4. # configuration file /etc/nginx/nginx.conf:
  5.  
  6. user  nginx;
  7. worker_processes  auto;
  8.  
  9. error_log  /var/log/nginx/debug.log debug;
  10. pid        /run/nginx.pid;
  11.  
  12.  
  13. events {
  14.     worker_connections  1024;
  15. }
  16.  
  17.  
  18. http {
  19.     include       /etc/nginx/mime.types;
  20.     default_type  application/octet-stream;
  21.  
  22.     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
  23.                       '$status $body_bytes_sent "$http_referer" '
  24.                       '"$http_user_agent" "$http_x_forwarded_for"';
  25.  
  26.     server_tokens off;
  27.  
  28.     access_log  /var/log/nginx/access.log  main;
  29.  
  30.     sendfile        on;
  31.     #tcp_nopush     on;
  32.  
  33.     keepalive_timeout  65;
  34.  
  35.     #gzip  on;
  36.  
  37.     include /etc/nginx/conf.d/*.conf;
  38.     include /etc/nginx/sites-enabled/*.conf;
  39. }
  40.  
  41. # configuration file /etc/nginx/conf.d/auth_misc.conf:
  42. proxy_cache_path cache/ keys_zone=auth_cache:10m;
  43.  
  44. # configuration file /etc/nginx/conf.d/default-http.conf:
  45. server {
  46.         listen 80;
  47.  
  48.         location /.well-known/acme-challenge/ {
  49.                 root /var/www/certbot;
  50.         }
  51.  
  52. }
  53.  
  54.  
  55. # configuration file /etc/nginx/extra/options-ssl.conf:
  56.  
  57. # this is added already by backend servers
  58. # add_header Strict-Transport-Security max-age=15768000;
  59.  
  60. ssl_prefer_server_ciphers on;
  61.  
  62. ssl_session_cache shared:SSL:50m;
  63. ssl_session_timeout 5m;
  64.  
  65. ssl_protocols TLSv1.2 TLSv1.3;
  66.  
  67. ssl_dhparam /etc/nginx/extra/ssl-dhparams.pem;
  68.  
  69. ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5:!SHA1:!SHA256:!SHA384;
  70.  
  71. server {
  72.  
  73.         listen 80;
  74.         server_name         view.mydomain.de;
  75.  
  76.         return 301 https://$host$request_uri;
  77. }
  78.  
  79. server {
  80.  
  81.         listen              443 ssl;
  82.         server_name         view.mydomain.de;
  83.  
  84.         ssl_certificate /etc/letsencrypt/live/star.mydomain.de/fullchain.pem;
  85.         ssl_certificate_key /etc/letsencrypt/live/star.mydomain.de/privkey.pem;
  86.  
  87.         # I trust the internal network
  88.         ssl_verify_client off;
  89.  
  90.         location /  {
  91.                 proxy_pass https://0.0.0.30;
  92.         }
  93.  
  94.         include /etc/nginx/extra/options-ssl.conf;
  95. }

Quellcode

Hier kannst du den Code kopieren und ihn in deinen bevorzugten Editor einfügen. PASTEBIN_DOWNLOAD_SNIPPET_EXPLAIN

Verlinken

URL: alles markieren
https://nopaste.debianforum.de/41822

BBCode: alles markieren
[NP]41822[/NP]

LATEST_SNIPPETS