kopia lustrzana https://0xacab.org/rysiek/fasada
45 wiersze
1.3 KiB
Plaintext
45 wiersze
1.3 KiB
Plaintext
# www.example.com website
|
|
server {
|
|
listen 80;
|
|
listen 443 ssl;
|
|
server_name admin.example.com;
|
|
|
|
# general vhost settings
|
|
access_log /srv/logs/nginx/admin.example.com.access.log combined;
|
|
error_log /srv/logs/nginx/admin.example.com.error.log error;
|
|
|
|
# ssl keycert
|
|
ssl_certificate /srv/data/secrets/letsencrypt/live/admin.example.com/fullchain.pem;
|
|
ssl_certificate_key /srv/data/secrets/letsencrypt/live/admin.example.com/privkey.pem;
|
|
|
|
# TLS settings
|
|
add_header Strict-Transport-Security "max-age=31536000";
|
|
|
|
# basic proxy params
|
|
import snippets/proxy_headers_general.conf;
|
|
|
|
# tls letsencrypt stateless acme config
|
|
# no need for webroot and stuff
|
|
#
|
|
# this is described for acme.sh,
|
|
# but should work with any LE client
|
|
# https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode
|
|
location ~ "^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$" {
|
|
default_type text/plain;
|
|
return 200 "$1.<ACME_THUMBPRINT>";
|
|
}
|
|
|
|
# set proxy zone to off
|
|
# we want no caching of the admin interface
|
|
proxy_cache off;
|
|
|
|
# reverse proxy to upstream
|
|
location / {
|
|
# debugging
|
|
add_header X-Proxy-Cache $upstream_cache_status;
|
|
#include snippets/security.conf;
|
|
proxy_pass http://127.0.0.1:10080;
|
|
}
|
|
|
|
}
|