45 lines
1.0 KiB
Plaintext
45 lines
1.0 KiB
Plaintext
server {
|
|
listen 443 ssl;
|
|
server_name arpita.site;
|
|
|
|
ssl_certificate /etc/nginx/certs/arpita_site/fullchain.pem;
|
|
ssl_certificate_key /etc/nginx/certs/arpita_site/privkey.pem;
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
|
|
|
|
proxy_set_header X-Real-IP $remote_addr; # pass on real client IP
|
|
|
|
location ~ .(aspx|php|jsp|cgi)$ {
|
|
deny all;
|
|
}
|
|
|
|
location / {
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Host $http_host;
|
|
proxy_pass http://arpita_site:2368;
|
|
}
|
|
|
|
# Block Bad Bots
|
|
if ($bad_bot) { return 403; }
|
|
|
|
# Block Bad Referers
|
|
if ($bad_referer) { return 403; }
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
server_name arpita.site;
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
# remove 'www'
|
|
server {
|
|
listen 80;
|
|
listen 443 ssl;
|
|
server_name www.arpita.site;
|
|
return 301 https://arpita.site$request_uri;
|
|
}
|