# /etc/nginx/sites-available/reverse_proxy
server {
listen [::]:443 ssl default_server http2 ipv6only=off;
server_name 'hasu0707.duckdns.org';
# These shouldn't need to be changed
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
ssl_protocols TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
proxy_buffering off;
location / {
proxy_pass http://localhost:8123/;
proxy_http_version 1.1;
proxy_redirect http:// https://;
proxy_cache_bypass $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwared-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
# self signed certificate
ssl_certificate '/etc/ssl/opizero2/certs/ssl-cert-opizero2.crt';
ssl_certificate_key '/etc/ssl/opizero2/private/ssl-cert-opizero2.key';
}
server {
# managed by Certbot
if ($host = 'hasu0707.duckdns.org') {
return 301 https://$host$request_uri;
}
listen 80;
server_name 'hasu0707.duckdns.org';
# managed by Certbot
return 404;
}
