vasantm · January 20, 2021 19:45
diff --git a/nginx.conf b/nginx.conf
 #Here's the updated config, 
 #I put it all in /etc/nginx/nginx.conf. 
 #Earlier I had the http directive in nginx.conf and a sites.conf under /etc/nginx/conf.d.

 http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;
    error_log /var/log/nginx/error.log warn;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;



  map $http_upgrade $connection_upgrade {
      default upgrade;
      ''      close;
    }
 server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name kristallab.bwh.harvard.edu;
        return 301 https://$server_name$request_uri;

 location / {
        #rewrite ^/shiny/(.*)$ /$1 break;
        proxy_pass http://127.0.0.1:3838;
        proxy_redirect http://127.0.0.1:3838/ $scheme://$server_name/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_read_timeout 20d;
    }
 }# Settings for a TLS enabled server.
 #
    server {
        #SSL config
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;

        ssl_certificate /etc/pki/tls/certs/kristallab.bwh.harvard.edu_bundle.crt;
        ssl_certificate_key /etc/pki/tls/private/kristallab.bwh.harvard.edu.key;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout  10m;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK';
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_stapling on; # Requires nginx >= 1.3.7
        ssl_stapling_verify on; # Requires nginx => 1.3.7
        add_header Strict-Transport-Security max-age=15768000;

        #Server name is our external domain name
        server_name  kristallab.bwh.harvard.edu;
        # Root location
        root         /usr/share/nginx/html;
        # files to serve
        index index.html index.htm

        #Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        access_log /var/log/nginx/our_site_443.log main;
        error_log /var/log/nginx/our_site_443_err.log warn;

        # Open shiny server - for public apps
 location / {
        #rewrite ^/shiny/(.*)$ /$1 break;
        proxy_set_header    Host $server_name;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto $scheme;

        proxy_pass http://127.0.0.1:3838;

         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;

        proxy_read_timeout 90;
        proxy_redirect http://127.0.0.1:3838/ $scheme://$server_name/;

        }
	#Here's the updated config,
	#I put it all in /etc/nginx/nginx.conf.
	#Earlier I had the http directive in nginx.conf and a sites.conf under /etc/nginx/conf.d.

	http {
	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	access_log /var/log/nginx/access.log main;
	error_log /var/log/nginx/error.log warn;

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	# Load modular configuration files from the /etc/nginx/conf.d directory.
	# See http://nginx.org/en/docs/ngx_core_module.html#include
	# for more information.
	include /etc/nginx/conf.d/*.conf;



	map $http_upgrade $connection_upgrade {
	default upgrade;
	'' close;
	}
	server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name kristallab.bwh.harvard.edu;
	return 301 https://$server_name$request_uri;

	location / {
	#rewrite ^/shiny/(.*)$ /$1 break;
	proxy_pass http://127.0.0.1:3838;
	proxy_redirect http://127.0.0.1:3838/ $scheme://$server_name/;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;
	proxy_read_timeout 20d;
	}
	}# Settings for a TLS enabled server.
	#
	server {
	#SSL config
	listen 443 ssl http2 default_server;
	listen [::]:443 ssl http2 default_server;

	ssl_certificate /etc/pki/tls/certs/kristallab.bwh.harvard.edu_bundle.crt;
	ssl_certificate_key /etc/pki/tls/private/kristallab.bwh.harvard.edu.key;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 10m;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK';
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_stapling on; # Requires nginx >= 1.3.7
	ssl_stapling_verify on; # Requires nginx => 1.3.7
	add_header Strict-Transport-Security max-age=15768000;

	#Server name is our external domain name
	server_name kristallab.bwh.harvard.edu;
	# Root location
	root /usr/share/nginx/html;
	# files to serve
	index index.html index.htm

	#Load configuration files for the default server block.
	include /etc/nginx/default.d/*.conf;

	access_log /var/log/nginx/our_site_443.log main;
	error_log /var/log/nginx/our_site_443_err.log warn;

	# Open shiny server - for public apps
	location / {
	#rewrite ^/shiny/(.*)$ /$1 break;
	proxy_set_header Host $server_name;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;

	proxy_pass http://127.0.0.1:3838;

	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;

	proxy_read_timeout 90;
	proxy_redirect http://127.0.0.1:3838/ $scheme://$server_name/;

	}