...
Code Block |
---|
server { listen 80; server_name cloud.example.com; return 301 https://$server_name$request_uri; location / { } } server { #listen 443 quic; listen 443 ssl; http2 on; server_name cloud.example.com; ssl_certificate /docker/etc/ssl/private/key-and-certificates.pem; ssl_certificate_key /docker/etc/ssl/private/key-and-certificates.pem; client_max_body_size 16G; client_body_timeout 600s; add_header Strict-Transport-Security 'max-age=15552000; includeSubDomains'; ssl_protocols TLSv1.3 TLSv1.2; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; ssl_session_cache shared:SSL:20m; ssl_session_timeout 1h; ssl_prefer_server_ciphers on; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate "/docker/etc/ssl/certs/my-certificate-authotities.ca"; resolver 1.1.1.1 8.8.4.4 valid=300s; resolver_timeout 5s; location ^~ /.well-known { location = /.well-known/carddav { return 301 /remote.php/dav/; } location = /.well-known/caldav { return 301 /remote.php/dav/; } location /.well-known/acme-challenge { try_files $uri $uri/ =404; } location /.well-known/pki-validation { try_files $uri $uri/ =404; } return 301 /index.php$request_uri; } location = /robots.txt { allow all; log_not_found off; access_log off; } location / { #add_header alt-svc 'h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400'; add_header X-protocol $server_protocol always; include /etc/nginx/mime.types; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://192.168.0.1:8880; } } |
...