stargate-cluster/vm-ansible
1
0
Fork 0
Code Pull Requests Releases Activity

improve nginx security

Browse Source
This commit is contained in:
Torma Kristóf
2022-05-28 19:07:15 +02:00
parent b7d81dc75e
commit ca1aa3dc5e
6 changed files with 29 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
roles/webgateway/templates/nginx.conf
View File

@ -47,7 +47,6 @@ http {
proxy_set_header Connection $http_connection;
proxy_set_header X-Forwarded-Proto https;
proxy_ssl_server_name on;
client_max_body_size 8G;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 120;
@ -57,6 +56,7 @@ http {
proxy_busy_buffers_size 256k;
proxy_buffering off;
proxy_request_buffering off;
server_tokens off;
server {
@ -74,6 +74,11 @@ http {
proxy_ssl_name {{ proxysite.domain}};
ssl_certificate /etc/letsencrypt/live/{{ proxysite.domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ proxysite.domain }}/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
{%- if proxysite.bigrequests %}
client_max_body_size 8G;
{%- endif %}
location /{
proxy_pass https://{{ proxysite.ip }};
proxy_ssl_verify off;