Skip to content

Instantly share code, notes, and snippets.

@nachocodexx

nachocodexx/default.conf

Created April 19, 2021 01:47
Show Gist options
  • Save nachocodexx/3601e1016918807637975ec759476635 to your computer and use it in GitHub Desktop.
Save nachocodexx/3601e1016918807637975ec759476635 to your computer and use it in GitHub Desktop.
Download ZIP
Nginx configuration file
Raw
default.conf
server {
listen 80;
listen [::]:80;
server_name api.ewixi.com;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2;
server_name api.ewixi.com;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/api.ewixi.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.ewixi.com/privkey.pem;
ssl_buffer_size 8k;
ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
location / {
proxy_pass http://app:4000;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
}
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment