1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69
|
events {
}
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Listen on port 80 and redirect all requests to the
# TLS enabled server (https, port 443)
server {
listen *:80;
# Your hostname should go here
server_name localhost;
access_log off;
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}
# TLS enabled server
server {
listen 443 ssl;
# Your hostname should go here
server_name localhost;
# TLS/SSL certificates for your secure server should go here.
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
# To enhance security, as long as you don't need to support older browsers
# (and you probably don't), you should only enable the most secure
# ciphers and algorithms. This is a sane selection.
ssl_ciphers ""EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
# This proxies requests to our shiny-auth0 authentication proxy.
# Requests are passed in plain HTTP, so TLS termination
# is applied at this point.
location / {
proxy_set_header Host $host;
# This points to our shiny-auth0 authentication proxy,
# change localhost:3000 to suit the configuration of
# your shiny-auth0 config
proxy_pass http://127.0.0.1:3000;
proxy_redirect http://127.0.0.1:3000/ $scheme://$host/;
proxy_http_version 1.1;
# The following lines enable WebSockets proxying, do not remove them
# as they are used by Shiny Server to improve user experience
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_connect_timeout 3h;
proxy_send_timeout 3h;
proxy_read_timeout 3h;
}
}
} |
Partager