39 lines
1015 B
Plaintext
39 lines
1015 B
Plaintext
Proxy
|
|
|
|
server {
|
|
server_name <domain name>;
|
|
listen 80;
|
|
listen [::]:80;
|
|
location / {
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
}
|
|
|
|
server {
|
|
server_name <domain name>;
|
|
listen 443 ssl http2;
|
|
#listen [::]:443 ssl http2;
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
add_header X-Content-Type-Options "nosniff";
|
|
add_header X-Robots-Tag "none";
|
|
add_header X-Download-Options "noopen";
|
|
add_header X-Permitted-Cross-Domain-Policies "none";
|
|
add_header X-XSS-Protection "1;mode=block";
|
|
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
|
|
add_header Referrer-Policy "no-referrer";
|
|
client_max_body_size 1G;
|
|
|
|
location / {
|
|
proxy_http_version 1.1;
|
|
proxy_pass_request_headers on;
|
|
proxy_set_header Connection "keep-alive";
|
|
proxy_store off;
|
|
proxy_pass http://localhost:<service port>;
|
|
gzip on;
|
|
gzip_proxied any;
|
|
gzip_types *;
|
|
}
|
|
|
|
#ssl_certificate /etc/letsencrypt/live/<domain name>/fullchain.pem;
|
|
#ssl_certificate_key /etc/letsencrypt/live/<domain name>/privkey.pem;
|
|
} |