Created
October 25, 2019 18:06
-
-
Save petrowsky/1b460e6344b5d51d6b09aa3c2f164c5d to your computer and use it in GitHub Desktop.
vhost_segfault
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@s1:~# cat /var/aegir/config/server_master/nginx/vhost.d/domain.org | |
| server { | |
| listen *:80; | |
| server_name domain.com www.domain.com www.domain.org; | |
| rewrite ^ https://domain.org$request_uri? permanent; | |
| } | |
| server { | |
| listen *:80; | |
| #root /data/sites/domain.org; | |
| server_name domain.org; | |
| #access_log /var/log/nginx/domain.org.access.log main; | |
| #error_log /var/log/nginx/domain.org.error.log error; | |
| access_log /var/log/nginx/access.log main; | |
| limit_conn limreq 5555; | |
| # | |
| # This is needed for certbot-auto and letsencrypt | |
| # | |
| location /.well-known { | |
| root /data/sites/domain.org; | |
| default_type "text/plain"; | |
| } | |
| # | |
| # Access based on specific IP - disable when live. | |
| # | |
| #allow 47.xx.xx.xx; | |
| #deny all; | |
| error_page 403 = /403.html; | |
| location ~* 403.(html|css)$ { | |
| root /data/sites/domain.org/; | |
| allow all; | |
| } | |
| location / { | |
| rewrite ^ https://domain.org$request_uri? permanent; | |
| } | |
| } | |
| server { | |
| listen *:443 ssl http2; | |
| server_name domain.org; | |
| #access_log /var/log/nginx/domain.org.access.log main; | |
| #error_log /var/log/nginx/domain.org.error.log error; | |
| limit_conn limreq 5555; | |
| ssl_certificate /etc/other_certs/live/domain.org/fullchain.pem; | |
| ssl_certificate_key /etc/other_certs/live/domain.org/privkey.pem; | |
| ssl_session_timeout 3m; | |
| ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; | |
| ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; | |
| ssl_prefer_server_ciphers on; | |
| allow 47.xx.xx.xx; | |
| deny all; | |
| error_page 403 = /403.html; | |
| location ~* 403.(html|css)$ { | |
| root /data/sites/domain.org/; | |
| allow all; | |
| } | |
| # | |
| # This is needed for certbot-auto and letsencrypt | |
| # | |
| location /.well-known { | |
| root /data/sites/domain.org; | |
| default_type "text/plain"; | |
| } | |
| # | |
| # Proxy the connection to app | |
| # | |
| location / { | |
| proxy_pass http://127.0.0.1:8090; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-for $remote_addr; | |
| port_in_redirect off; | |
| proxy_redirect off; | |
| gzip_vary off; | |
| proxy_buffering off; | |
| proxy_connect_timeout 300; | |
| proxy_read_timeout 90s; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment