Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
kotnik
/
phosic-web
1
0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Strom: 8bf4df6113
Branche Tagy
phosic-web
/
conf
/
nginx
/
enabled-site

enabled-site 2.4 KB
História Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. upstream app_server {
    2. 

  2.     server unix:/home/phosic/gunicorn_flask.sock fail_timeout=0;
    3. 

  3. }
    4. 

  4. 

  5. server {
    6. 

  6.     listen 80 default;
    7. 

  7.     listen   [::]:80 default_server ipv6only=on;
    8. 

  8.     location / {
    9. 

  9.        rewrite ^(.*) https://phosic.com permanent;
    10. 

  10.     }
    11. 

  11. }
    12. 

  12. 

  13. server {
    14. 

  14.     listen 443;
    15. 

  15. 

  16.     ssl on;
    17. 

  17.     ssl_certificate /etc/ssl/private/phosic.com.crt;
    18. 

  18.     ssl_certificate_key /etc/ssl/private/phosic.com.key;
    19. 

  19. 

  20.     ssl_session_timeout 5m;
    21. 

  21.     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    22. 

  22.     ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';
    23. 

  23.     ssl_prefer_server_ciphers on;
    24. 

  24. 

  25.     server_name  www.phosic.com;
    26. 

  26.     rewrite ^(.*) https://phosic.com$1 permanent;
    27. 

  27. }
    28. 

  28. 

  29. server {
    30. 

  30.     listen 443;
    31. 

  31.     server_name phosic.com;
    32. 

  32. 

  33.     client_max_body_size 20M;
    34. 

  34. 

  35.     ssl on;
    36. 

  36.     ssl_certificate /etc/ssl/private/phosic.com.crt;
    37. 

  37.     ssl_certificate_key /etc/ssl/private/phosic.com.key;
    38. 

  38. 

  39.     ssl_session_timeout 5m;
    40. 

  40.     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    41. 

  41.     ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';
    42. 

  42.     ssl_prefer_server_ciphers on;
    43. 

  43. 

  44.     location /munin/ {
    45. 

  45.         auth_basic            "Restricted";
    46. 

  46.         # Create the htpasswd file with the htpasswd tool.
    47. 

  47.         auth_basic_user_file  /etc/nginx/admin-munin-htpasswd;
    48. 

  48. 

  49.         alias /var/cache/munin/www/;
    50. 

  50.         expires modified +310s;
    51. 

  51.     }
    52. 

  52. 

  53.     location / {
    54. 

  54.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    55. 

  55.         proxy_set_header X-Forwarded-Ssl on;
    56. 

  56.         proxy_set_header Host $http_host;
    57. 

  57.         proxy_redirect off;
    58. 

  58. 

  59.         proxy_pass http://app_server;
    60. 

  60.     }
    61. 

  61. }
    62.