server { listen ${NGINX_PORT}; listen [::]:${NGINX_PORT}; listen ${NGINX_SSLPORT} ssl; listen [::]:${NGINX_SSLPORT} ssl; server_name ${PROXY_SERVER_NAME}; ssl_certificate /etc/nginx/certs/ckan-local.crt; ssl_certificate_key /etc/nginx/certs/ckan-local.key; # TLS 1.2 & 1.3 only ssl_protocols TLSv1.2 TLSv1.3; # Disable weak ciphers ssl_prefer_server_ciphers on; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; # SSL sessions ssl_session_timeout 1d; # ssl_session_cache dfine in stream and http ssl_session_tickets off; #access_log /var/log/nginx/host.access.log main; # CKAN location with and without the slash appended (https://nginx.org/en/docs/http/ngx_http_core_module.html#location) location ${PROXY_CKAN_LOCATION}/ { proxy_pass ${PROXY_CKAN_PROXY_PASS}/; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; #proxy_cache cache; proxy_cache_bypass $cookie_auth_tkt; proxy_no_cache $cookie_auth_tkt; proxy_cache_valid 30m; proxy_cache_key $host$scheme$proxy_host$request_uri; } location = ${PROXY_CKAN_LOCATION} { proxy_pass ${PROXY_CKAN_PROXY_PASS}/; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; #proxy_cache cache; proxy_cache_bypass $cookie_auth_tkt; proxy_no_cache $cookie_auth_tkt; proxy_cache_valid 30m; proxy_cache_key $host$scheme$proxy_host$request_uri; } # PYCSW location with and without the slash appended location ${PROXY_PYCSW_LOCATION}/ { proxy_pass ${PROXY_PYCSW_PROXY_PASS}/; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; #proxy_cache cache; proxy_cache_bypass $cookie_auth_tkt; proxy_no_cache $cookie_auth_tkt; proxy_cache_valid 30m; proxy_cache_key $host$scheme$proxy_host$request_uri; } location = ${PROXY_PYCSW_LOCATION} { proxy_pass ${PROXY_PYCSW_PROXY_PASS}/; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; #proxy_cache cache; proxy_cache_bypass $cookie_auth_tkt; proxy_no_cache $cookie_auth_tkt; proxy_cache_valid 30m; proxy_cache_key $host$scheme$proxy_host$request_uri; } error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error.html; # redirect server error pages to the static page /error.html # location = /error.html { ssi on; internal; auth_basic off; root /usr/share/nginx/html; } }