docker-ckan/nginx/setup/default.conf.template

55 lines
2.0 KiB
Plaintext
Raw Normal View History

2022-07-13 18:36:14 +02:00
server {
listen ${NGINX_PORT};
listen [::]:${NGINX_PORT};
listen ${NGINX_SSLPORT} ssl;
listen [::]:${NGINX_SSLPORT} ssl;
server_name ${PROXY_SERVER_NAME};
2022-08-16 14:02:49 +02:00
ssl_certificate /etc/nginx/certs/ckan-local.crt;
ssl_certificate_key /etc/nginx/certs/ckan-local.key;
2023-06-02 10:34:36 +02:00
# TLS 1.2 & 1.3 only
ssl_protocols TLSv1.2 TLSv1.3;
# Disable weak ciphers
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
# SSL sessions
ssl_session_timeout 1d;
# ssl_session_cache dfine in stream and http
ssl_session_tickets off;
2022-07-13 18:36:14 +02:00
#access_log /var/log/nginx/host.access.log main;
location ${PROXY_CKAN_LOCATION} {
proxy_pass ${PROXY_CKAN_PROXY_PASS}/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_cache_bypass $cookie_auth_tkt;
proxy_no_cache $cookie_auth_tkt;
proxy_cache_valid 30m;
proxy_cache_key $host$scheme$proxy_host$request_uri;
}
location ${PROXY_PYCSW_LOCATION} {
proxy_pass ${PROXY_PYCSW_PROXY_PASS}/;
2022-07-13 18:36:14 +02:00
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_cache_bypass $cookie_auth_tkt;
proxy_no_cache $cookie_auth_tkt;
proxy_cache_valid 30m;
proxy_cache_key $host$scheme$proxy_host$request_uri;
}
2023-06-02 10:34:36 +02:00
error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error.html;
2022-07-13 18:36:14 +02:00
2023-06-02 10:34:36 +02:00
# redirect server error pages to the static page /error.html
2022-07-13 18:36:14 +02:00
#
2023-06-02 10:34:36 +02:00
location = /error.html {
ssi on;
internal;
auth_basic off;
root /usr/share/nginx/html;
2022-07-13 18:36:14 +02:00
}
}