103 lines
1.7 KiB
Plaintext
103 lines
1.7 KiB
Plaintext
# ------------------------------------------------------------
|
|
# git.np-dms.work
|
|
# ------------------------------------------------------------
|
|
|
|
|
|
|
|
map $scheme $hsts_header {
|
|
https "max-age=63072000; preload";
|
|
}
|
|
|
|
server {
|
|
set $forward_scheme http;
|
|
set $server "gitea";
|
|
set $port 3000;
|
|
|
|
listen 80;
|
|
listen [::]:80;
|
|
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
|
|
|
|
server_name git.np-dms.work;
|
|
|
|
http2 on;
|
|
|
|
|
|
# Let's Encrypt SSL
|
|
include conf.d/include/letsencrypt-acme-challenge.conf;
|
|
include conf.d/include/ssl-cache.conf;
|
|
include conf.d/include/ssl-ciphers.conf;
|
|
ssl_certificate /etc/letsencrypt/live/npm-10/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/npm-10/privkey.pem;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Block Exploits
|
|
include conf.d/include/block-exploits.conf;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Force SSL
|
|
include conf.d/include/force-ssl.conf;
|
|
|
|
|
|
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $http_connection;
|
|
proxy_http_version 1.1;
|
|
|
|
|
|
access_log /data/logs/proxy-host-5_access.log proxy;
|
|
error_log /data/logs/proxy-host-5_error.log warn;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Authorization $http_authorization;
|
|
|
|
proxy_connect_timeout 30s;
|
|
proxy_send_timeout 300s;
|
|
proxy_read_timeout 300s;
|
|
send_timeout 300s;
|
|
client_max_body_size 512m;
|
|
|
|
|
|
|
|
|
|
|
|
location / {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $http_connection;
|
|
proxy_http_version 1.1;
|
|
|
|
|
|
# Proxy!
|
|
include conf.d/include/proxy.conf;
|
|
}
|
|
|
|
|
|
# Custom
|
|
include /data/nginx/custom/server_proxy[.]conf;
|
|
}
|