12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 |
- upstream app_server {
- server unix:/home/phosic/gunicorn_flask.sock fail_timeout=0;
- }
- server {
- listen 80 default;
- listen [::]:80 default_server ipv6only=on;
- location / {
- rewrite ^(.*) https://phosic.com permanent;
- }
- }
- server {
- listen 443;
- ssl on;
- ssl_certificate /etc/ssl/private/phosic.com.crt;
- ssl_certificate_key /etc/ssl/private/phosic.com.key;
- ssl_session_timeout 5m;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';
- ssl_prefer_server_ciphers on;
- server_name www.phosic.com;
- rewrite ^(.*) https://phosic.com$1 permanent;
- }
- server {
- listen 443;
- server_name phosic.com;
- client_max_body_size 20M;
- ssl on;
- ssl_certificate /etc/ssl/private/phosic.com.crt;
- ssl_certificate_key /etc/ssl/private/phosic.com.key;
- ssl_session_timeout 5m;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';
- ssl_prefer_server_ciphers on;
- location /munin/ {
- auth_basic "Restricted";
- # Create the htpasswd file with the htpasswd tool.
- auth_basic_user_file /etc/nginx/admin-munin-htpasswd;
- alias /var/cache/munin/www/;
- expires modified +310s;
- }
- location / {
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Ssl on;
- proxy_set_header Host $http_host;
- proxy_redirect off;
- proxy_pass http://app_server;
- }
- }
|