kimjayney/nginx.conf

## nginx.conf
server {
        listen      80;
        server_name _;
        return      444; # "Connection closed without response"
    }
    server {
        listen      443 ssl http2 default_server;
        server_name _;
        ssl     on;
        ssl_certificate /etc/nginx/cert/server.crt;
        ssl_certificate_key     /etc/nginx/cert/server.key;
        # ssl_session_timeout  5m;
        # server_tokens off;
        # ssl_protocols SSLv2 SSLv3  TLSv1.3 ;


         ssl_session_cache shared:SSL:1m;
         ssl_session_timeout 10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

        return      444; # "Connection closed without response"
    }
    server {
        listen 443 ssl http2  ;
        server_name my.domain.com ;
        ssl     on;
        ssl_certificate /etc/nginx/cert/server.crt;
        ssl_certificate_key     /etc/nginx/cert/server.key;
        ssl_session_timeout  5m;
        server_tokens off;
        ssl_protocols SSLv2 SSLv3  TLSv1.3 ;
        #ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers    TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;
        ssl_ecdh_curve              secp384r1;

        #ssl_session_cache shared:SSL:1m;
        #ssl_session_timeout 10m;
        #ssl_ciphers HIGH:!aNULL:!MD5;
        #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


        location / {
            add_header X-my-header $ssl_session_id;
            root /usr/share/nginx/html;
        }

        location /guacamole/ {
            #allow 106.246.238.107 ;
            #allow 221.142.133.33; # Allow a single remote host
            #deny all; # Deny everyone else

            auth_basic "_";
            auth_basic_user_file    /etc/nginx/cert/.htpasswd;
            proxy_pass http://some-guacamole:8080/guacamole/;
            proxy_buffering off;
            proxy_http_version 1.1;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $http_connection;
            proxy_cookie_path /guacamole/ /;
            access_log off;
            # allow large uploads (default=1m)
            # 4096m = 4GByte
            client_max_body_size 4096m;
        }
}
	server {
	listen 80;
	server_name _;
	return 444; # "Connection closed without response"
	}
	server {
	listen 443 ssl http2 default_server;
	server_name _;
	ssl on;
	ssl_certificate /etc/nginx/cert/server.crt;
	ssl_certificate_key /etc/nginx/cert/server.key;
	# ssl_session_timeout 5m;
	# server_tokens off;
	# ssl_protocols SSLv2 SSLv3 TLSv1.3 ;


	ssl_session_cache shared:SSL:1m;
	ssl_session_timeout 10m;
	ssl_ciphers HIGH:!aNULL:!MD5;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

	return 444; # "Connection closed without response"
	}
	server {
	listen 443 ssl http2 ;
	server_name my.domain.com ;
	ssl on;
	ssl_certificate /etc/nginx/cert/server.crt;
	ssl_certificate_key /etc/nginx/cert/server.key;
	ssl_session_timeout 5m;
	server_tokens off;
	ssl_protocols SSLv2 SSLv3 TLSv1.3 ;
	#ssl_protocols SSLv2 SSLv3 TLSv1;
	ssl_ciphers TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers on;
	ssl_ecdh_curve secp384r1;

	#ssl_session_cache shared:SSL:1m;
	#ssl_session_timeout 10m;
	#ssl_ciphers HIGH:!aNULL:!MD5;
	#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


	location / {
	add_header X-my-header $ssl_session_id;
	root /usr/share/nginx/html;
	}

	location /guacamole/ {
	#allow 106.246.238.107 ;
	#allow 221.142.133.33; # Allow a single remote host
	#deny all; # Deny everyone else

	auth_basic "_";
	auth_basic_user_file /etc/nginx/cert/.htpasswd;
	proxy_pass http://some-guacamole:8080/guacamole/;
	proxy_buffering off;
	proxy_http_version 1.1;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $http_connection;
	proxy_cookie_path /guacamole/ /;
	access_log off;
	# allow large uploads (default=1m)
	# 4096m = 4GByte
	client_max_body_size 4096m;
	}
	}