cl-deck-builder2/doc/web/nginx/deck-builder-tls
2024-03-05 22:11:33 -05:00

123 lines
2.9 KiB
Plaintext

server {
listen [::]:443 default_server ssl;
listen 443 default_server ssl;
server_name phntsm.ddns.net;
ssl_certificate "/etc/ssl/nginx/phntsm.ddns.net.crt";
ssl_certificate_key "/etc/ssl/nginx/phntsm.ddns.net.key";
ssl_dhparam "/etc/ssl/nginx/phntsm.ddns.net.dhparam";
ssl_session_timeout 5m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
root /var/www/html;
index index.html;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
set_real_ip_from unix:;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
client_max_body_size 8m;
#auth_basic "Restricted Content";
#auth_basic_user_file /etc/nginx/.htpasswd;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
fastcgi_read_timeout 300;
proxy_pass http://127.0.0.1:5005;
include /etc/nginx/fastcgi_params;
include /etc/nginx/proxy_params;
}
# /~user web directories
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/www$2;
index index.html index.htm;
autoindex on;
}
# location /_/static/assets/ {
# alias /home/git/public/;
# }
location /git/ {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
fastcgi_read_timeout 300;
client_max_body_size 512M;
# make nginx use unescaped URI, keep "%2F" as is
rewrite ^ $request_uri;
rewrite ^/git(/.*) $1 break;
proxy_pass http://127.0.0.1:3000$uri;
include /etc/nginx/fastcgi_params;
include /etc/nginx/proxy_params;
}
location ~ /collectd/ {
gzip off;
root /home/user/code/alpine-collectd-web;
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
fastcgi_read_timeout 300;
#proxy_http_version 1.1;
rewrite ^/collectd/(.*) /$1 break;
proxy_pass http://127.0.0.1:8888;
}
location ~ /psy/ {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
fastcgi_read_timeout 300;
#proxy_http_version 1.1;
# rewrite ^/psy/(.*) /$1 break;
include /etc/nginx/proxy_params;
proxy_pass http://127.0.0.1:9292;
}
# location ~ \.php$ {
# include /etc/nginx/fastcgi_params;
# include /etc/nginx/proxy_params;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# # fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# fastcgi_pass unix:/var/run/php/php-fpm.sock;
# }
# location ~ /phpmyadmin/ {
# auth_basic "Restricted Content";
# auth_basic_user_file /etc/nginx/.htpasswd;
# index index.php;
# }
location ~ /\.ht {
deny all;
}
}