From 36160cefca032c43bbe9de27bb5f5a02e6cc839c Mon Sep 17 00:00:00 2001 From: Eric Date: Fri, 25 Oct 2024 11:48:37 -0400 Subject: [PATCH] Update nginx.conf --- INSTALL/conf/nginx.conf | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/INSTALL/conf/nginx.conf b/INSTALL/conf/nginx.conf index a75e66b..d74bfcb 100644 --- a/INSTALL/conf/nginx.conf +++ b/INSTALL/conf/nginx.conf @@ -1,18 +1,18 @@ server { listen 80; - server_name reform.bio.nyu.edu; - rewrite ^ https://$host$request_uri? permanent; + server_name reform.bio.nyu.edu; + rewrite ^ https://$host$request_uri? permanent; } server { listen 443 ssl; server_name reform.bio.nyu.edu; - ssl_certificate certs/bundle.cer; - ssl_certificate_key certs/reform.bio.nyu.edu.key; + ssl_certificate /etc/pki/tls/certs/reform_bio_nyu_edu_cert.cer; + ssl_certificate_key /etc/pki/tls/private/reform.bio.nyu.edu.key; ssl_protocols TLSv1.2 TLSv1.3;# Requires nginx >= 1.13.0 else use TLSv1.2 ssl_prefer_server_ciphers on; - ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096 + #ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096 ssl_ciphers EECDH+AESGCM:EDH+AESGCM; ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 ssl_session_timeout 10m; @@ -28,6 +28,19 @@ server { add_header X-XSS-Protection "1; mode=block"; location / { - proxy_pass http://127.0.0.1:8000; + proxy_pass http://127.0.0.1:8000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /dev { + rewrite ^/dev/?(.*)$ /$1 break; + proxy_pass http://127.0.0.1:9000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; } }