jyio/docker-nginx-auto
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

First!

Browse Source
This commit is contained in:
Jiang Yio
2021-08-20 11:28:41 -04:00
parent 7fc11199a6
commit 10de617be5
16 changed files with 241 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/default/snippets/gzip.conf Normal file
View File

@ -0,0 +1,6 @@
gzip on;
gzip_vary on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";

6
app/default/snippets/proxycache.conf Normal file
View File

@ -0,0 +1,6 @@
proxy_cache proxycache;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
proxy_cache_background_update on;
proxy_cache_lock on;

7
app/default/snippets/reverse-proxy.conf Normal file
View File

@ -0,0 +1,7 @@
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Scheme $scheme;

26
app/default/snippets/ssl.conf Normal file
View File

@ -0,0 +1,26 @@
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
if ($scheme != "https") {
return 302 https://$host$request_uri;
}
# https://wiki.mozilla.org/Security/Server_Side_TLS
# https://ssl-config.mozilla.org/
ssl_certificate ssl.cer;
ssl_certificate_key ssl.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always; # HSTS (needs ngx_http_headers_module)
ssl_stapling on; # OCSP stapling
ssl_stapling_verify on;
location /.well-known/ {
root /var/www;
}

3
app/default/snippets/websocket-proxy.conf Normal file
View File

@ -0,0 +1,3 @@
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;