fedorm

Untitled

Apr 30th, 2020
335
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.15 KB | None | 0 0
  1. server {
  2. listen 443 ssl;
  3. server_name artifactory.docker.ac-mpr.ru;
  4.  
  5. ssl_certificate /etc/letsencrypt/live/ac-mpr.ru/fullchain.pem;
  6. ssl_certificate_key /etc/letsencrypt/live/ac-mpr.ru/privkey.pem;
  7.  
  8. # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  9. ssl_protocols TLSv1.1 TLSv1.2;
  10. ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  11. ssl_prefer_server_ciphers on;
  12. ssl_session_cache shared:SSL:10m;
  13.  
  14. client_max_body_size 0;
  15. chunked_transfer_encoding on;
  16.  
  17.  
  18. location /v2/ {
  19. if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
  20. return 404;
  21. }
  22.  
  23. proxy_pass http://somehost:5001;
  24. proxy_set_header Host $http_host; # required for docker client's sake
  25. proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
  26. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  27. proxy_set_header X-Forwarded-Proto $scheme;
  28. proxy_read_timeout 900;
  29. }
  30. }
Add Comment
Please, Sign In to add comment