safebox/proxy-scheduler
7
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Minor bugfixes.

Browse Source
This commit is contained in:
Gyorgy Berenyi
2021-09-16 19:20:19 +00:00
parent 67945cf556
commit a8c336a16f
1 changed files with 27 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
scripts/nginx_config_create.sh
View File

@@ -45,8 +45,6 @@ rewrite_log on;"
if [[ $REDIRECT_HTTP != "" && $HTTP_PORT != "" ]]; then if [[ $REDIRECT_HTTP != "" && $HTTP_PORT != "" ]]; then
echo "return 301 $REDIRECT_HTTP;" echo "return 301 $REDIRECT_HTTP;"
elif [[ $REDIRECT_HTTPS != "" && $HTTP_PORT != "" ]]; then
echo "return 301 $REDIRECT_HTTPS;"
else else
echo "location / {" echo "location / {"
@@ -83,9 +81,14 @@ if [[ $HTTPS_PORT != "" ]]; then
echo "server { echo "server {
listen $HTTPS_PORT ssl; listen $HTTPS_PORT ssl;
server_name $DOMAIN_NAME; server_name $DOMAIN_NAME;
rewrite_log on; rewrite_log on;"
proxy_ssl_server_name on;
ssl_dhparam /etc/ssl/keys/$DOMAIN/dhparam.pem; if [[ $REDIRECT_HTTPS != "" && $HTTP_PORT != "" ]]; then
echo "return 301 $REDIRECT_HTTPS;"
else
echo "proxy_ssl_server_name on;
ssl_dhparam /etc/ssl/keys/$DOMAIN/dhparam.pem;
ssl_certificate /etc/ssl/keys/$DOMAIN/fullchain.pem; ssl_certificate /etc/ssl/keys/$DOMAIN/fullchain.pem;
ssl_certificate_key /etc/ssl/keys/$DOMAIN/key.pem; ssl_certificate_key /etc/ssl/keys/$DOMAIN/key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
@@ -93,11 +96,10 @@ ssl_dhparam /etc/ssl/keys/$DOMAIN/dhparam.pem;
ssl_ciphers "'"EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"'"; ssl_ciphers "'"EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"'";
# Hardening as-per https://gist.github.com/plentz/6737338 # Hardening as-per https://gist.github.com/plentz/6737338
ssl_session_cache shared:SSL:50m; ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m; ssl_session_timeout 5m;
ssl_stapling on;" ssl_stapling on;"
echo
if [[ $ERROR_PAGE != "" && $HTTPS_PORT != "" ]]; then if [[ $ERROR_PAGE != "" && $HTTPS_PORT != "" ]]; then
echo "error_page 404 /$ERROR_PAGE; echo "error_page 404 /$ERROR_PAGE;
@@ -109,7 +111,7 @@ location = /$ERROR_PAGE {
}" }"
fi fi
echo "location / {" echo "location / {"
if [[ $HTTP_PORT != "" ]]; then if [[ $HTTP_PORT != "" ]]; then
echo "proxy_pass http://$LOCAL_IP:$HTTP_PORT;" echo "proxy_pass http://$LOCAL_IP:$HTTP_PORT;"
@@ -117,7 +119,7 @@ echo "location / {"
echo "proxy_pass http://$LOCAL_IP:80;" echo "proxy_pass http://$LOCAL_IP:80;"
fi fi
echo "proxy_redirect off; echo "proxy_redirect off;
proxy_buffering off; proxy_buffering off;
proxy_set_header X-Forwarded-For "'$proxy_add_x_forwarded_for'"; proxy_set_header X-Forwarded-For "'$proxy_add_x_forwarded_for'";
proxy_set_header Upgrade "'$http_upgrade'"; proxy_set_header Upgrade "'$http_upgrade'";