1
0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2024-11-30 11:24:21 +01:00
fab-manager/setup/nginx_with_ssl.conf.example

86 lines
3.3 KiB
Plaintext

upstream puma {
server fabmanager:3000;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name MAIN_DOMAIN;
root /usr/src/app/public;
## with your ssl certificate
# ssl_certificate /etc/nginx/conf.d/ssl/MAIN_DOMAIN.crt;
# ssl_certificate_key /etc/nginx/conf.d/ssl/MAIN_DOMAIN.deprotected.key;
##
## with letsencrypt certificate (free)
ssl_certificate_key /etc/letsencrypt/live/MAIN_DOMAIN/privkey.pem;
ssl_certificate /etc/letsencrypt/live/MAIN_DOMAIN/fullchain.pem;
ssl_trusted_certificate /etc/letsencrypt/live/MAIN_DOMAIN/chain.pem;
##
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_session_timeout 1d;
ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
## required by letsencrypt to generate the certificat
location /.well-known/acme-challenge {
root /etc/letsencrypt/webrootauth;
default_type "text/plain";
}
##
try_files $uri/index.html $uri @puma;
location @puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_pass http://puma;
}
client_max_body_size 4G;
keepalive_timeout 10;
error_page 500 502 504 /500.html;
error_page 503 @503;
# Return a 503 error if the maintenance page exists.
if (-f /usr/src/app/public/maintenance.html) {
return 503;
}
location @503 {
# Serve static assets if found.
if (-f $request_filename) {
break;
}
# Set root to the shared directory.
root /usr/src/app/public/;
rewrite ^(.*)$ /maintenance.html break;
}
# no spam bot
if ($http_referer ~* (guardlink.org|free-share-buttons|social-buttons|buy-cheap-online.info|social-buttons.com|free-share-buttons.com|darodar.com|blackhatworth.com|hulfingtonpost.com|priceg.com|semalt.com|imaspammer.com|iedit.ilovevitaly.com|7makemoneyonline.com|iedit.ilovevitaly.com|7makemoneyonline.com|gamersyde.com|iloveitaly.com|econom.co|semalt.com|forum.topic44637676.darodar.com|darodar.com|iskalko.ru|ilovevitaly.ru|ilovevitaly.com|ilovevitaly.co|o-o-8-o-o.ru|o-o-6-o-o.ru|buttons-for-website.com|semalt.semalt.com|cenoval.ru|priceg.com|darodar.com|cenokos.ru|seoexperimenty.ru|gobongo.info|vodkoved.ru|adcash.com|websocial.me|cityadspix.com|luxup.ru|ykecwqlixx.ru|superiends.org|slftsdybbg.ru|edakgfvwql.ru|socialseet.ru|screentoolkit.com|econom.co|semalt.com|savetubevideo.com|shopping.ilovevitaly.com|iedit.ilovevitaly.com|forum.topic52548358.darodar.com|forum.topic53813291.darodar.com|share-buttons.com|event-tracking.com|success-seo.com|free-floating-buttons.com|get-free-social-traffic.com|chinese-amezon.com|get-free-traffic-now.com|free-social-buttons.com|videos-for-your-business.com)) { return 403; }
}
server {
listen 80;
server_name MAIN_DOMAIN ANOTHER_DOMAIN_1;
rewrite ^ URL_WITH_PROTOCOL_HTTPS$request_uri? permanent;
}