martinrusev/amon.conf

## amon.conf
{
"host": "https://subdomain.amon:9001"
}

## nginx.conf
worker_processes 4;
user nobody nogroup;
error_log /var/log/nginx.error.log ;

events {
	worker_connections 1024;
	accept_mutex off;
}

http {
	include mime.types;
	default_type application/octet-stream;
	access_log off;
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 15;
	types_hash_max_size 2048;
	server_names_hash_bucket_size 64;
	client_max_body_size 4G;

	upstream app_server {
		server 127.0.0.1:8000 fail_timeout=0;
	}


	ssl_certificate   /etc/nginx/ssl/amon_cx_bundle.cer;
	ssl_certificate_key /etc/nginx/ssl/amon_cx.key;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

	 # Add perfect forward secrecy
	ssl_prefer_server_ciphers on;


upstream subdomain {
    server 127.0.0.1:9001 fail_timeout=10;
}

server {
        listen 80;
        server_name subdomain.amon;
        return 301 https://subdomain.amon$request_uri;
    }


server {
    listen 443 ssl;
    server_name  subdomain.amon;

     location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_intercept_errors off;
        proxy_pass   http://subdomain;
    }

}

	}


}
	worker_processes 4;
	user nobody nogroup;
	error_log /var/log/nginx.error.log ;

	events {
	worker_connections 1024;
	accept_mutex off;
	}

	http {
	include mime.types;
	default_type application/octet-stream;
	access_log off;
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 15;
	types_hash_max_size 2048;
	server_names_hash_bucket_size 64;
	client_max_body_size 4G;

	upstream app_server {
	server 127.0.0.1:8000 fail_timeout=0;
	}


	ssl_certificate /etc/nginx/ssl/amon_cx_bundle.cer;
	ssl_certificate_key /etc/nginx/ssl/amon_cx.key;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

	# Add perfect forward secrecy
	ssl_prefer_server_ciphers on;


	upstream subdomain {
	server 127.0.0.1:9001 fail_timeout=10;
	}

	server {
	listen 80;
	server_name subdomain.amon;
	return 301 https://subdomain.amon$request_uri;
	}


	server {
	listen 443 ssl;
	server_name subdomain.amon;

	location / {
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_redirect off;
	proxy_intercept_errors off;
	proxy_pass http://subdomain;
	}

	}

	}


	}