infrastructure:nginx
Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
infrastructure:nginx [2019/03/05 03:56] – sgariepy | infrastructure:nginx [2022/02/02 00:42] (Version actuelle) – modification externe 127.0.0.1 | ||
---|---|---|---|
Ligne 25: | Ligne 25: | ||
$ sudo nginx -s reload | $ sudo nginx -s reload | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | sudo ufw allow 'Nginx HTTP' | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ====== Configuration d'un proxy pour HTTPS ====== | ||
+ | |||
+ | Exemple: | ||
+ | |||
+ | < | ||
+ | server { | ||
+ | listen 443 ssl; | ||
+ | server_name vault.YOURDOMAIN.COM; | ||
+ | |||
+ | ssl_certificate YOUR_SSL_CERTIFICATE.crt; | ||
+ | ssl_certificate_key YOUR_SSL_CERTIFICATE_KEY.key; | ||
+ | |||
+ | location / { | ||
+ | proxy_pass http:// | ||
+ | proxy_set_header Host $host; | ||
+ | expires -1; | ||
+ | } | ||
+ | |||
+ | #ssl config per https:// | ||
+ | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | ||
+ | |||
+ | ssl_ciphers " | ||
+ | ssl_prefer_server_ciphers on; | ||
+ | |||
+ | ssl_dhparam dhparam.pem; | ||
+ | |||
+ | #only supported since 1.3.7 | ||
+ | ssl_stapling on; | ||
+ | ssl_stapling_verify on; | ||
+ | |||
+ | # Optimize SSL by caching session parameters for 10 minutes. This cuts down on the number of expensive SSL handshakes. | ||
+ | # The handshake is the most CPU-intensive operation, and by default it is re-negotiated on every new/ | ||
+ | # By enabling a cache (of type " | ||
+ | # Further optimization can be achieved by raising keepalive_timeout, | ||
+ | ssl_session_cache | ||
+ | ssl_session_timeout | ||
+ | |||
+ | add_header Strict-Transport-Security max-age=63072000; | ||
+ | add_header X-Frame-Options DENY; | ||
+ | add_header X-Content-Type-Options nosniff; | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | |||
infrastructure/nginx.1551754576.txt.gz · Dernière modification : 2022/02/02 00:42 (modification externe)