| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114 |
- server {
- listen 80 default_server;
- listen [::]:80 default_server;
- listen 443 ssl http2 default_server;
- listen [::]:443 ssl http2 default_server;
- # SSL configuration
- # SSL cert/key files
- ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
- ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
- # For production regenerate this dhparam key by running:
- # $> openssl dhparam -out dhparam.pem 4096
- ssl_dhparam /etc/ssl/private/dhparam.pem;
- # SSL ciphers/protocols
- ssl_protocols TLSv1.3 TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_ecdh_curve secp521r1:secp384r1;
- ssl_ciphers EECDH+AESGCM:EECDH+AES256;
- # SSL misc
- ssl_session_cache shared:TLS:2m;
- ssl_buffer_size 4k;
- # OCSP stapling
- ssl_stapling on;
- ssl_stapling_verify on;
- resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001]; # Cloudflare
- # Set HSTS to 365 days
- # Note: Activate this on production usage
- #add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always;
- location /.well-known/webfinger {
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_redirect off;
- proxy_connect_timeout 90;
- proxy_send_timeout 90;
- proxy_read_timeout 90;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Proxy "";
- proxy_pass_header Server;
- proxy_buffering on;
- tcp_nodelay on;
- proxy_pass http://snac:8001;
- proxy_set_header Host $http_host;
- }
- location /.well-known/nodeinfo {
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_redirect off;
- proxy_connect_timeout 90;
- proxy_send_timeout 90;
- proxy_read_timeout 90;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Proxy "";
- proxy_pass_header Server;
- proxy_buffering on;
- tcp_nodelay on;
- proxy_pass http://snac:8001;
- proxy_set_header Host $http_host;
- }
- location / {
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_redirect off;
- proxy_connect_timeout 90;
- proxy_send_timeout 90;
- proxy_read_timeout 90;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Proxy "";
- proxy_pass_header Server;
- proxy_buffering on;
- tcp_nodelay on;
- proxy_pass http://snac:8001;
- proxy_set_header Host $http_host;
- }
- location /fedi/ {
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_redirect off;
- proxy_connect_timeout 90;
- proxy_send_timeout 90;
- proxy_read_timeout 90;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Proxy "";
- proxy_pass_header Server;
- proxy_buffering on;
- tcp_nodelay on;
- proxy_pass http://snac:8001;
- proxy_set_header Host $http_host;
- }
- }
|
