2021-05-29 21:39:14 -04:00
|
|
|
|
|
|
|
#server {
|
|
|
|
# listen 443 ssl http2;
|
|
|
|
# listen [::]:443 ssl http2;
|
|
|
|
|
|
|
|
# server_name libraryofcode.org;
|
|
|
|
# ssl_certificate /etc/nginx/ssl/org.chain.crt;
|
|
|
|
|
|
|
|
#ssl_certificate_key /etc/nginx/ssl/org.key.pem;
|
|
|
|
|
|
|
|
#ssl_session_cache builtin:1000 shared:SSL:10m;
|
|
|
|
|
|
|
|
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
|
|
|
|
|
|
#ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
|
|
|
|
|
|
|
|
#ssl_prefer_server_ciphers on;
|
|
|
|
#ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
|
|
|
# ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
|
|
|
|
#ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
|
|
|
|
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
|
|
|
# ssl_dhparam /etc/nginx/dhparam.pem;
|
|
|
|
# ssl_ecdh_curve secp384r1;
|
|
|
|
# location / {
|
|
|
|
|
|
|
|
#proxy_set_header Host $host;
|
|
|
|
|
|
|
|
#proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
|
|
|
|
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
|
|
|
|
#proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
|
|
|
|
#proxy_pass http://localhost:4567;
|
|
|
|
|
|
|
|
#proxy_read_timeout 90;
|
|
|
|
|
|
|
|
#proxy_redirect https://www.libraryofcode.us/ https://libraryofcode.org;
|
|
|
|
|
|
|
|
# }
|
|
|
|
#}
|
|
|
|
|
|
|
|
#server {
|
|
|
|
# listen 443 ssl http2;
|
|
|
|
# listen [::]:443 ssl http2;
|
|
|
|
|
|
|
|
# server_name www.libraryofcode.org;
|
|
|
|
# ssl_certificate /etc/nginx/ssl/org.chain.crt;
|
|
|
|
|
|
|
|
#ssl_certificate_key /etc/nginx/ssl/org.key.pem;
|
|
|
|
|
|
|
|
#ssl_session_cache builtin:1000 shared:SSL:10m;
|
|
|
|
|
|
|
|
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
|
|
|
|
|
|
#ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
|
|
|
|
|
|
|
|
#ssl_prefer_server_ciphers on;
|
|
|
|
#ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
|
|
|
# ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
|
|
|
|
#ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
|
|
|
|
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
|
|
|
# ssl_dhparam /etc/nginx/dhparam.pem;
|
|
|
|
# ssl_ecdh_curve secp384r1;
|
|
|
|
# location / {
|
|
|
|
|
|
|
|
#proxy_set_header Host $host;
|
|
|
|
|
|
|
|
#proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
|
|
|
|
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
|
|
|
|
#proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
|
|
|
|
#proxy_pass http://localhost:4567;
|
|
|
|
|
|
|
|
#proxy_read_timeout 90;
|
|
|
|
|
|
|
|
#proxy_redirect http://localhost:4567 https://www.libraryofcode.org;
|
|
|
|
|
|
|
|
# }
|
|
|
|
#}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 443 ssl http2;
|
|
|
|
listen [::]:443 ssl http2;
|
|
|
|
|
|
|
|
server_name ecm.libraryofcode.us;
|
|
|
|
ssl_certificate /etc/nginx/ssl/globalsign.chain.crt;
|
|
|
|
|
|
|
|
ssl_certificate_key /etc/nginx/ssl/globalsign.key.pem;
|
|
|
|
|
|
|
|
#ssl_session_cache builtin:1000 shared:SSL:10m;
|
|
|
|
|
|
|
|
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
|
|
|
|
|
|
#ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
|
|
|
|
|
|
|
|
#ssl_prefer_server_ciphers on;
|
|
|
|
ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
|
|
|
ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
|
|
|
|
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
|
|
|
|
ssl_dhparam /etc/nginx/dhparam.pem;
|
|
|
|
ssl_ecdh_curve secp384r1;
|
|
|
|
location / {
|
|
|
|
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
|
|
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
|
|
|
|
proxy_pass https://localhost:7150;
|
|
|
|
|
|
|
|
proxy_read_timeout 90;
|
|
|
|
|
|
|
|
proxy_redirect https://localhost:7150 https://ecm.libraryofcode.us;
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#server {
|
|
|
|
# listen 443 ssl http2;
|
|
|
|
# listen [::]:443 ssl http2;
|
|
|
|
|
|
|
|
# server_name directory.libraryofcode.us;
|
|
|
|
# ssl_certificate /etc/nginx/ssl/globalsign.chain.crt;
|
|
|
|
|
|
|
|
#ssl_certificate_key /etc/nginx/ssl/globalsign.key.pem;
|
|
|
|
#ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
|
|
|
#ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;
|
|
|
|
#ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
|
|
|
|
#ssl_dhparam /etc/nginx/dhparam.pem;
|
|
|
|
#ssl_ecdh_curve secp384r1;
|
|
|
|
|
|
|
|
#location /lam {
|
|
|
|
# index index.html;
|
|
|
|
# alias /usr/share/ldap-account-manager;
|
|
|
|
# autoindex off;
|
|
|
|
#
|
|
|
|
# location ~ \.php$ {
|
|
|
|
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
|
|
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
|
|
|
|
# fastcgi_index index.php;
|
|
|
|
# include fastcgi_params;
|
|
|
|
# }
|
|
|
|
#
|
|
|
|
# location ~ /lam/(tmp/internal|sess|config|lib|help|locale) {
|
|
|
|
# deny all;
|
|
|
|
# return 403;
|
|
|
|
# }
|
|
|
|
#
|
|
|
|
#}
|
|
|
|
#}
|