Advertisement
aldikhan13

nginx config sample

Feb 7th, 2021
1,607
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Nginx 1.90 KB | None | 0 0
  1. server {
  2.     listen 80;
  3.     listen [::]:80;
  4.     index index.html index.htm;
  5.     root /usr/share/nginx/html;
  6.     server_name restuwahyu-tech.com www.restuwahyu-tech.com;
  7.     return 301 https://$host$request_uri;
  8.  
  9.     location / {
  10.        proxy_pass http://nodejs:8080;
  11.     }
  12.  
  13.     location ~ /.well-known/acme-challenge{
  14.       allow all;
  15.       root /usr/share/nginx/html;
  16.     }
  17. }
  18.  
  19. server {
  20.      listen 443 ssl http2;
  21.      listen [::]:443 ssl http2;
  22.      server_name restuwahyu-tech.com;
  23.      index index.html index.htm;
  24.      root /usr/share/nginx/html;
  25.  
  26.      access_log /var/logs/nginx/access;
  27.      error_log /var/logs/nginx/error;
  28.  
  29.      ssl_certificate /etc/nginx/ssl/live/restuwahyu-tech.com/fullchain.pem;
  30.      ssl_certificate_key /etc/nginx/ssl/live/restuwahyu-tech.com/privkey.pem;
  31.      ssl_session_timeout 1d;
  32.      ssl_session_cache shared:SSL:10m;
  33.      ssl_session_tickets off;
  34.      ssl_dhparam /etc/nginx/dhparam/dhparam-2048.pem;
  35.      ssl_buffer_size 8k;
  36.      ssl_protocols TLSv1.2 TLSv1.3;
  37.      ssl_prefer_server_ciphers off;
  38.      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  39.      ssl_stapling on;
  40.      ssl_stapling_verify on;
  41.  
  42.      add_header X-Frame-Options           "SAMEORIGIN" always;
  43.      add_header X-XSS-Protection          "1; mode=block" always;
  44.      add_header X-Content-Type-Options    "nosniff" always;
  45.      add_header Referrer-Policy           "no-referrer-when-downgrade" always;
  46.      add_header Content-Security-Policy   "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
  47.      add_header Strict-Transport-Security "max-age=63072000" always;
  48.  
  49.      resolver 9.9.9.9;
  50.      resolver_timeout 2s;
  51.  
  52.      location / {
  53.       proxy_pass http://nodejs:8080;
  54.     }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement