46 lines
1.6 KiB
Plaintext
46 lines
1.6 KiB
Plaintext
server {
|
|
#listen 80;
|
|
#listen [::]:80;
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
server_name localhost;
|
|
ssl_certificate /etc/nginx/certs/ckan-local.crt;
|
|
ssl_certificate_key /etc/nginx/certs/ckan-local.key;
|
|
|
|
# TLS 1.2 & 1.3 only
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
|
# Disable weak ciphers
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
|
|
|
|
# SSL sessions
|
|
ssl_session_timeout 1d;
|
|
# ssl_session_cache dfine in stream and http
|
|
ssl_session_tickets off;
|
|
|
|
#access_log /var/log/nginx/host.access.log main;
|
|
|
|
location / {
|
|
proxy_pass http://ckan:5000/;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header Host $host;
|
|
#proxy_cache cache;
|
|
proxy_cache_bypass $cookie_auth_tkt;
|
|
proxy_no_cache $cookie_auth_tkt;
|
|
proxy_cache_valid 30m;
|
|
proxy_cache_key $host$scheme$proxy_host$request_uri;
|
|
}
|
|
|
|
error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error.html;
|
|
|
|
# redirect server error pages to the static page /error.html
|
|
#
|
|
location = /error.html {
|
|
ssi on;
|
|
internal;
|
|
auth_basic off;
|
|
root /usr/share/nginx/html;
|
|
}
|
|
|
|
} |