92 lines
1.4 KiB
Plaintext
92 lines
1.4 KiB
Plaintext
# ------------------------------------------------------------
|
|
# hanmocnn.co.kr, www.hanmocnn.co.kr
|
|
# ------------------------------------------------------------
|
|
|
|
|
|
|
|
map $scheme $hsts_header {
|
|
https "max-age=63072000; preload";
|
|
}
|
|
|
|
server {
|
|
set $forward_scheme http;
|
|
set $server "192.168.0.250";
|
|
set $port 8081;
|
|
|
|
listen 80;
|
|
listen [::]:80;
|
|
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
|
|
|
|
server_name hanmocnn.co.kr www.hanmocnn.co.kr;
|
|
|
|
http2 on;
|
|
|
|
|
|
# Let's Encrypt SSL
|
|
include conf.d/include/letsencrypt-acme-challenge.conf;
|
|
include conf.d/include/ssl-cache.conf;
|
|
include conf.d/include/ssl-ciphers.conf;
|
|
ssl_certificate /etc/letsencrypt/live/npm-1/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/npm-1/privkey.pem;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Block Exploits
|
|
include conf.d/include/block-exploits.conf;
|
|
|
|
|
|
|
|
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
|
|
add_header Strict-Transport-Security $hsts_header always;
|
|
|
|
|
|
|
|
|
|
|
|
# Force SSL
|
|
include conf.d/include/force-ssl.conf;
|
|
|
|
|
|
|
|
|
|
|
|
access_log /data/logs/proxy-host-1_access.log proxy;
|
|
error_log /data/logs/proxy-host-1_error.log warn;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
location / {
|
|
|
|
|
|
|
|
|
|
|
|
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
|
|
add_header Strict-Transport-Security $hsts_header always;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Proxy!
|
|
include conf.d/include/proxy.conf;
|
|
}
|
|
|
|
|
|
# Custom
|
|
include /data/nginx/custom/server_proxy[.]conf;
|
|
}
|
|
|