default.conf (4174B)
1 server { 2 listen 80 default_server; 3 listen [::]:80 default_server; 4 listen 443 ssl http2 default_server; 5 listen [::]:443 ssl http2 default_server; 6 7 # SSL configuration 8 # SSL cert/key files 9 ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; 10 ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; 11 # For production regenerate this dhparam key by running: 12 # $> openssl dhparam -out dhparam.pem 4096 13 ssl_dhparam /etc/ssl/private/dhparam.pem; 14 15 # SSL ciphers/protocols 16 ssl_protocols TLSv1.3 TLSv1.2; 17 ssl_prefer_server_ciphers on; 18 ssl_ecdh_curve secp521r1:secp384r1; 19 ssl_ciphers EECDH+AESGCM:EECDH+AES256; 20 21 # SSL misc 22 ssl_session_cache shared:TLS:2m; 23 ssl_buffer_size 4k; 24 25 # OCSP stapling 26 ssl_stapling on; 27 ssl_stapling_verify on; 28 resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001]; # Cloudflare 29 30 # Set HSTS to 365 days 31 # Note: Activate this on production usage 32 #add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always; 33 34 location /.well-known/webfinger { 35 proxy_http_version 1.1; 36 proxy_set_header Upgrade $http_upgrade; 37 proxy_set_header Connection "upgrade"; 38 proxy_redirect off; 39 proxy_connect_timeout 90; 40 proxy_send_timeout 90; 41 proxy_read_timeout 90; 42 proxy_set_header Host $host; 43 proxy_set_header X-Real-IP $remote_addr; 44 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 45 proxy_set_header X-Forwarded-Proto $scheme; 46 proxy_set_header Proxy ""; 47 proxy_pass_header Server; 48 proxy_buffering on; 49 tcp_nodelay on; 50 proxy_pass http://snac:8001; 51 proxy_set_header Host $http_host; 52 } 53 54 location /.well-known/nodeinfo { 55 proxy_http_version 1.1; 56 proxy_set_header Upgrade $http_upgrade; 57 proxy_set_header Connection "upgrade"; 58 proxy_redirect off; 59 proxy_connect_timeout 90; 60 proxy_send_timeout 90; 61 proxy_read_timeout 90; 62 proxy_set_header Host $host; 63 proxy_set_header X-Real-IP $remote_addr; 64 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 65 proxy_set_header X-Forwarded-Proto $scheme; 66 proxy_set_header Proxy ""; 67 proxy_pass_header Server; 68 proxy_buffering on; 69 tcp_nodelay on; 70 proxy_pass http://snac:8001; 71 proxy_set_header Host $http_host; 72 } 73 74 location / { 75 proxy_http_version 1.1; 76 proxy_set_header Upgrade $http_upgrade; 77 proxy_set_header Connection "upgrade"; 78 proxy_redirect off; 79 proxy_connect_timeout 90; 80 proxy_send_timeout 90; 81 proxy_read_timeout 90; 82 proxy_set_header Host $host; 83 proxy_set_header X-Real-IP $remote_addr; 84 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 85 proxy_set_header X-Forwarded-Proto $scheme; 86 proxy_set_header Proxy ""; 87 proxy_pass_header Server; 88 proxy_buffering on; 89 tcp_nodelay on; 90 proxy_pass http://snac:8001; 91 proxy_set_header Host $http_host; 92 } 93 94 location /fedi/ { 95 proxy_http_version 1.1; 96 proxy_set_header Upgrade $http_upgrade; 97 proxy_set_header Connection "upgrade"; 98 proxy_redirect off; 99 proxy_connect_timeout 90; 100 proxy_send_timeout 90; 101 proxy_read_timeout 90; 102 proxy_set_header Host $host; 103 proxy_set_header X-Real-IP $remote_addr; 104 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 105 proxy_set_header X-Forwarded-Proto $scheme; 106 proxy_set_header Proxy ""; 107 proxy_pass_header Server; 108 proxy_buffering on; 109 tcp_nodelay on; 110 proxy_pass http://snac:8001; 111 proxy_set_header Host $http_host; 112 } 113 } 114