Skip to content

Instantly share code, notes, and snippets.

@mcrosson
Last active Apr 12, 2017
Embed
What would you like to do?
nginx reverse proxy config for CrashPlan Enterprise
user www-data;
worker_processes 4;
error_log /var/log/nginx/error.log;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
keepalive_timeout 65;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver $DNS-IP-1 $DNS-IP-2 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
server {
listen 80;
listen [::]:80;
server_name cp.domain.com domain.com;
root /srv/http;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 default_server ssl;
server_name cp.domain.com domain.com;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
client_max_body_size 4G;
location ~ /favico.*$ {
root /srv/http;
allow all;
log_not_found off;
}
location /.well-known {
root /srv/http;
allow all;
}
location / {
proxy_read_timeout 600;
proxy_pass https://[::1]:4285;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# IMPORTANT -- This turns ON WebSockets in 1.4+ -- CP uses WebSockets for a lot of requests
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment