Break out a new server{} config for port 444>
This also restores docker proxy stuff with recursive enabled
This commit is contained in:
parent
b7d6d42317
commit
0f8aad9ef1
2 changed files with 22 additions and 8 deletions
|
@ -13,7 +13,6 @@ http {
|
||||||
include server-base.conf;
|
include server-base.conf;
|
||||||
|
|
||||||
listen 443 default proxy_protocol;
|
listen 443 default proxy_protocol;
|
||||||
listen 444 default;
|
|
||||||
|
|
||||||
ssl on;
|
ssl on;
|
||||||
ssl_certificate ./stack/ssl.cert;
|
ssl_certificate ./stack/ssl.cert;
|
||||||
|
@ -23,4 +22,18 @@ http {
|
||||||
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
|
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
include server-base.conf
|
||||||
|
|
||||||
|
listen 444 default;
|
||||||
|
|
||||||
|
ssl on;
|
||||||
|
ssl_certificate ./stack/ssl.cert;
|
||||||
|
ssl_certificate_key ./stack/ssl.key;
|
||||||
|
ssl_session_timeout 5m;
|
||||||
|
ssl_protocols SSLv3 TLSv1;
|
||||||
|
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,8 +3,9 @@
|
||||||
client_body_temp_path /var/log/nginx/client_body 1 2;
|
client_body_temp_path /var/log/nginx/client_body 1 2;
|
||||||
server_name _;
|
server_name _;
|
||||||
|
|
||||||
#set_real_ip_from 172.17.0.0/16;
|
set_real_ip_from 172.17.0.0/16;
|
||||||
#real_ip_header X-Forwarded-For;
|
real_ip_header X-Forwarded-For;
|
||||||
|
real_ip_recursive on;
|
||||||
|
|
||||||
keepalive_timeout 5;
|
keepalive_timeout 5;
|
||||||
|
|
||||||
|
@ -12,12 +13,12 @@ if ($args ~ "_escaped_fragment_") {
|
||||||
rewrite ^ /snapshot$uri;
|
rewrite ^ /snapshot$uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
#proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
#proxy_set_header Host $http_host;
|
proxy_set_header Host $http_host;
|
||||||
#proxy_redirect off;
|
proxy_redirect off;
|
||||||
|
|
||||||
#proxy_set_header Transfer-Encoding $http_transfer_encoding;
|
proxy_set_header Transfer-Encoding $http_transfer_encoding;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://web_app_server;
|
proxy_pass http://web_app_server;
|
||||||
|
|
Reference in a new issue