bashizip · March 26, 2024 18:11
diff --git a/nginx_proxy.conf b/nginx_proxy.conf
 server {
 	listen 80;
 	listen [::]:80;
  	server_name sub.example.com;

    listen 443 ssl; # managed by Certbot
      ssl_certificate /etc/letsencrypt/live/sub.example.com/fullchain.pem; # managed by Certbot
      ssl_certificate_key /etc/letsencrypt/live/sub.example.com/privkey.pem; # managed by Certbot
      ssl_session_cache shared:le_nginx_SSL:1m; # managed by Certbot
      ssl_session_timeout 1440m; # managed by Certbot
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # managed by Certbot
      ssl_prefer_server_ciphers on; # managed by Certbot
      ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA"; # managed by Certbot

    # Redirect non-https traffic to https
    if ($scheme != "https") {
       return 301 https://$host$request_uri;
    } # managed by Certbot

 	location / {
 		proxy_pass	http://127.0.0.1:8443;
 		proxy_redirect off;
 		proxy_set_header  Host              $http_host;   # required for docker client's sake
 		proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
 		proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
 		proxy_set_header  X-Forwarded-Proto $scheme;
 		proxy_read_timeout                  900;
 	}
 }
	server {
	listen 80;
	listen [::]:80;
	server_name sub.example.com;

	listen 443 ssl; # managed by Certbot
	ssl_certificate /etc/letsencrypt/live/sub.example.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/sub.example.com/privkey.pem; # managed by Certbot
	ssl_session_cache shared:le_nginx_SSL:1m; # managed by Certbot
	ssl_session_timeout 1440m; # managed by Certbot
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # managed by Certbot
	ssl_prefer_server_ciphers on; # managed by Certbot
	ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA"; # managed by Certbot

	# Redirect non-https traffic to https
	if ($scheme != "https") {
	return 301 https://$host$request_uri;
	} # managed by Certbot

	location / {
	proxy_pass http://127.0.0.1:8443;
	proxy_redirect off;
	proxy_set_header Host $http_host; # required for docker client's sake
	proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_read_timeout 900;
	}
	}