Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Vuelta atras

Browse source
This commit is contained in:
mulonemartin 2015-07-08 10:41:19 -03:00
parent f812fa45ed
commit 3b7fe48ce0
1 changed files with 20 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
nginx.tmpl
View file

@ -18,20 +18,18 @@ log_format vhost '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent ' '"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"'; '"$http_referer" "$http_user_agent"';
#access_log /proc/self/fd/1 vhost; access_log /proc/self/fd/1 vhost;
#error_log /proc/self/fd/2; error_log /proc/self/fd/2;
access_log /var/log/nginx/access_log.log;
error_log /var/log/nginx/error_log.log;
# HTTP 1.1 support # HTTP 1.1 support
proxy_http_version 1.1; #proxy_http_version 1.1;
proxy_buffering off; #proxy_buffering off;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade; #proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection; #proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; #proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
server { server {
listen 80; listen 80;
@ -94,17 +92,20 @@ server {
} }
server { server {
listen 443;
server_name {{ $host }}; server_name {{ $host }};
ssl on; listen 443 ssl spdy;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }}; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }}; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_certificate /etc/nginx/certs/server.crt; ssl_prefer_server_ciphers on;
ssl_certificate_key /etc/nginx/certs/server.key; ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
add_header Strict-Transport-Security "max-age=31536000";
client_max_body_size 1m; client_max_body_size 1m;
@ -113,8 +114,8 @@ server {
{{ end }} {{ end }}
location / { location / {
proxy_pass http://{{ $host }}; proxy_pass {{ $proto }}://{{ $host }};
proxy_redirect http://{{ $host }}/ /; proxy_redirect {{ $proto }}://{{ $host }}/ /;
proxy_read_timeout 60s; proxy_read_timeout 60s;
{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }} {{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}