Skip to content

Instantly share code, notes, and snippets.

@albertogviana

albertogviana/www.cliente2.com.br

Created March 22, 2017 13:56
Show Gist options
  • Save albertogviana/091871af6631577dd46815337f0475ae to your computer and use it in GitHub Desktop.
Save albertogviana/091871af6631577dd46815337f0475ae to your computer and use it in GitHub Desktop.
Download ZIP
Raw
www.cliente2.com.br
upstream @admin {
server my-ip1:8081;
server my-ip2:8081;
}
server {
listen 80;
listen [::]:80;
server_name www.cliente2.com.br;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443;
server_name www.cliente2.com.br;
# Perfect forward secrecy
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/dhparams.pem;
ssl_ciphers HIGH:!aNULL:!MD5;
# HSTS
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
ssl_certificate /etc/ssl/dominio.com.chained.crt;
ssl_certificate_key /etc/ssl/dominio.com.key;
access_log /var/log/nginx/admin/access.log;
error_log /var/log/nginx/admin/error.log;
location ~ ^/(autoconfig|beans|configprops|dump|env|health|info|metrics|mappings|shutdown|trace) {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd_metrics;
proxy_pass http://@admin;
}
location / {
gzip_types *;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://@admin;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment