M nginx/nginx.conf => nginx/nginx.conf +6 -0
@@ 13,11 13,17 @@ http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
+ map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+ }
+
server_tokens off;
client_max_body_size 1m;
sendfile on;
tcp_nopush on;
ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:2m;
ssl_session_timeout 1h;
M nginx/proxy.conf => nginx/proxy.conf +5 -0
@@ 1,5 1,10 @@
+proxy_http_version 1.1;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection $connection_upgrade;
+
real_ip_header X-Forwarded-For;
real_ip_recursive on;
+
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
A nginx/tls.conf => nginx/tls.conf +2 -0
@@ 0,0 1,2 @@
+ssl_certificate /var/lets-encrypt/fullchain.cert;
+ssl_certificate_key /var/lets-encrypt/private.key;