safebox/proxy-scheduler
7
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Minor bugfixes.

Browse Source
This commit is contained in:
Gyorgy Berenyi
2021-09-16 19:20:19 +00:00
parent 67945cf556
commit a8c336a16f
1 changed files with 27 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
scripts/nginx_config_create.sh
View File

@@ -45,8 +45,6 @@ rewrite_log on;"
if [[ $REDIRECT_HTTP != "" && $HTTP_PORT != "" ]]; then if [[ $REDIRECT_HTTP != "" && $HTTP_PORT != "" ]]; then
echo "return 301 $REDIRECT_HTTP;" echo "return 301 $REDIRECT_HTTP;"
elif [[ $REDIRECT_HTTPS != "" && $HTTP_PORT != "" ]]; then
echo "return 301 $REDIRECT_HTTPS;"
else else
echo "location / {" echo "location / {"
@@ -83,33 +81,37 @@ if [[ $HTTPS_PORT != "" ]]; then
echo "server { echo "server {
listen $HTTPS_PORT ssl; listen $HTTPS_PORT ssl;
server_name $DOMAIN_NAME; server_name $DOMAIN_NAME;
rewrite_log on; rewrite_log on;"
proxy_ssl_server_name on;
ssl_dhparam /etc/ssl/keys/$DOMAIN/dhparam.pem;
ssl_certificate /etc/ssl/keys/$DOMAIN/fullchain.pem;
ssl_certificate_key /etc/ssl/keys/$DOMAIN/key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "'"EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"'";
# Hardening as-per https://gist.github.com/plentz/6737338 if [[ $REDIRECT_HTTPS != "" && $HTTP_PORT != "" ]]; then
ssl_session_cache shared:SSL:50m; echo "return 301 $REDIRECT_HTTPS;"
ssl_session_timeout 5m; else
ssl_stapling on;"
echo echo "proxy_ssl_server_name on;
ssl_dhparam /etc/ssl/keys/$DOMAIN/dhparam.pem;
ssl_certificate /etc/ssl/keys/$DOMAIN/fullchain.pem;
ssl_certificate_key /etc/ssl/keys/$DOMAIN/key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "'"EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"'";
if [[ $ERROR_PAGE != "" && $HTTPS_PORT != "" ]]; then # Hardening as-per https://gist.github.com/plentz/6737338
echo "error_page 404 /$ERROR_PAGE; ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;"
if [[ $ERROR_PAGE != "" && $HTTPS_PORT != "" ]]; then
echo "error_page 404 /$ERROR_PAGE;
location = /$ERROR_PAGE { location = /$ERROR_PAGE {
root html; root html;
allow all; allow all;
index 404.html; index 404.html;
rewrite ^ "'$scheme'":http://$ERROR_PAGE"'$request_uri'" permanent; rewrite ^ "'$scheme'":http://$ERROR_PAGE"'$request_uri'" permanent;
}" }"
fi fi
echo "location / {" echo "location / {"
if [[ $HTTP_PORT != "" ]]; then if [[ $HTTP_PORT != "" ]]; then
echo "proxy_pass http://$LOCAL_IP:$HTTP_PORT;" echo "proxy_pass http://$LOCAL_IP:$HTTP_PORT;"
@@ -117,7 +119,7 @@ echo "location / {"
echo "proxy_pass http://$LOCAL_IP:80;" echo "proxy_pass http://$LOCAL_IP:80;"
fi fi
echo "proxy_redirect off; echo "proxy_redirect off;
proxy_buffering off; proxy_buffering off;
proxy_set_header X-Forwarded-For "'$proxy_add_x_forwarded_for'"; proxy_set_header X-Forwarded-For "'$proxy_add_x_forwarded_for'";
proxy_set_header Upgrade "'$http_upgrade'"; proxy_set_header Upgrade "'$http_upgrade'";