~dricottone/container-images

32f443368d189c439c74844d2af2e8804eb540ce — Dominic Ricottone 1 year, 4 months ago e93c6cc
Proxy and TLS updates

Include configuration for proxying on HTTP 1.1, which enabled keepalive.
Also adding configuration for automatic connection upgrading as needed.

Update configuration for TLS ciphers.

Include a simple configuration file for enabling encryption.
3 files changed, 13 insertions(+), 0 deletions(-)

M nginx/nginx.conf
M nginx/proxy.conf
A nginx/tls.conf
M nginx/nginx.conf => nginx/nginx.conf +6 -0
@@ 13,11 13,17 @@ http {
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	map $http_upgrade $connection_upgrade {
		default upgrade;
		''      close;
	}

	server_tokens off;
	client_max_body_size 1m;
	sendfile on;
	tcp_nopush on;
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:2m;
	ssl_session_timeout 1h;

M nginx/proxy.conf => nginx/proxy.conf +5 -0
@@ 1,5 1,10 @@
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;

real_ip_header X-Forwarded-For;
real_ip_recursive on;

proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

A nginx/tls.conf => nginx/tls.conf +2 -0
@@ 0,0 1,2 @@
ssl_certificate /var/lets-encrypt/fullchain.cert;
ssl_certificate_key /var/lets-encrypt/private.key;