Configuration NGINX (proxy)

server {
        listen 80;
        server_name mon-wiki.fr;
        return 301 http://www.mon-wiki.fr$request_uri;
}

server {
        listen 80;
        server_name "~^(?!www\.).*-mon-site.*$";
        return 301 http://www.$host$request_uri;
}

server {
        listen 80;
        server_name www.mon-wiki.fr "~^w.*mon-site.*$";

        location /phpmyadmin {
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                proxy_pass http://192.168.XX.XXX/phpmyadmin;
        }

        location / {
                # Deny by IP
                # deny 11.22.33.44;
                # deny 55.66.77.88;

                # Allow One IP & Deny All
                # allow 11.66.33.88;
                # deny all;

                # HTTP Basic Authentication
                # auth_basic "Vous devez vous authentifier";
                # auth_basic_user_file /etc/nginx/htpasswd/auth_user;

                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                client_max_body_size    50M;
                client_body_buffer_size 50M;
                proxy_connect_timeout   600;
                proxy_send_timeout      600;
                proxy_read_timeout      600;
                send_timeout            600;
                proxy_buffering off;

                proxy_pass http://192.168.XX.XXX;
        }
        access_log /var/log/nginx/mon_site-access.log combined;
        error_log  /var/log/nginx/mon_site-error.log;
}

server {
        listen       443 ssl;
        server_name  mon-site.com;

        ssl                  on;
        ssl_certificate      ssl-bundle.crt;
        ssl_certificate_key  mon-site.com.key;

        ssl_session_timeout  5m;

        ssl_protocols TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';

        #ssl_dhparam dhparams.pem;
        ssl_session_cache shared:SSL:10m;

        location / {
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                client_max_body_size    50M;
                client_body_buffer_size 50M;
                proxy_connect_timeout   600;
                proxy_send_timeout      600;
                proxy_read_timeout      600;
                send_timeout            600;
                proxy_buffering off;

                proxy_pass http://192.168.XX.XXX;
        }
        access_log /var/log/nginx/ssl_mon_site-access.log combined;
        error_log  /var/log/nginx/ssl_mon_site-error.log;
}

 

Tags