Viyurz/vps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
vps/nginx-rp/nginx.conf
Viyurz 8b7e1fa475
Ajout SearXNG
2023-11-22 16:55:29 +00:00

195 lines
4 KiB
Nginx Configuration File
Raw Blame History

worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 2048;
events {
worker_connections 1024;
}
http {
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
gzip off;
# Hide NGINX version in error messages.
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logging
log_not_found on;
# access_log /var/log/nginx/access.log;
# error_log /var/log/nginx/error.log warn;
keepalive_timeout 65;
ssl_certificate /etc/letsencrypt/live/viyurz.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/viyurz.fr/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/viyurz.fr/chain.pem;
# modern configuration
ssl_protocols TLSv1.3;
# intermediate configuration
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
# ssl_dhparam /path/to/dhparam;
ssl_prefer_server_ciphers off;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
# HSTS (ngx_http_headers_module is required)
add_header Strict-Transport-Security "max-age=31536000" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header Set-Cookie "Path=/; HttpOnly; Secure";
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header Accept-Encoding "";
# Websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# The `upstream` directives ensure that you have a http/1.1 connection
# This enables the keepalive option and better performance
#
# Define the server IP and ports here.
upstream vaultwarden-default {
zone vaultwarden-default 64k;
server 127.0.0.1:8081;
keepalive 2;
}
# Needed to support websocket connections
# See: https://nginx.org/en/docs/http/websocket.html
# Instead of "close" as stated in the above link we send an empty value.
# Else all keepalive connections will not work.
map $http_upgrade $connection_upgrade {
default upgrade;
'' "";
}
# Redirect HTTP to HTTPS
server {
listen 80 default_server;
listen [::]:80 default_server;
http2 on;
server_name _;
return 308 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
http2 on;
server_name _;
server_name_in_redirect off;
return 404;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
# http3 on;
# quic_retry on;
# add_header Alt-Svc 'h3=":$server_port"; ma=86400';
# listen 443 quic reuseport;
# listen [::]:443 quic reuseport;
server_name nc.viyurz.fr;
location / {
proxy_pass http://127.0.0.1:11000;
add_header Set-Cookie "Path=/; HttpOnly; Secure";
client_body_buffer_size 512k;
proxy_read_timeout 86400s;
client_max_body_size 0;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name vw.viyurz.fr;
location / {
proxy_pass http://vaultwarden-default;
client_max_body_size 525M;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name sx.viyurz.fr;
location / {
proxy_pass http://127.0.0.1:8083;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name www.viyurz.fr;
location / {
proxy_pass http://127.0.0.1:8082;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name viyurz.fr;
return 308 https://www.viyurz.fr$request_uri;
}
}
Reference in a new issue View git blame Copy permalink