admin/38789-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Finalized Nginx HTTPS config with shared SSL settings and security headers

Browse Source
This commit is contained in:
gamvo74 2026-02-25 10:17:36 -05:00
parent fb7b179b1c
commit f4fe919fa4
5 changed files with 19 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docker-compose.yml
View File

@ -55,6 +55,7 @@ services:
- "443:443" - "443:443"
volumes: volumes:
- ./infrastructure/nginx/conf.d:/etc/nginx/conf.d - ./infrastructure/nginx/conf.d:/etc/nginx/conf.d
- ./infrastructure/nginx/ssl.conf:/etc/nginx/ssl.conf:ro
- /etc/letsencrypt:/etc/letsencrypt:ro - /etc/letsencrypt:/etc/letsencrypt:ro
depends_on: depends_on:
- api - api

5
infrastructure/nginx/conf.d/api.conf
View File

@ -1,7 +1,9 @@
server { server {
listen 80; listen 80;
server_name api.proselitigant.tech; server_name api.proselitigant.tech;
return 301 https://$host$request_uri; location / {
return 301 https://$host$request_uri;
}
} }
server { server {
@ -10,6 +12,7 @@ server {
ssl_certificate /etc/letsencrypt/live/proselitigant.tech/fullchain.pem; ssl_certificate /etc/letsencrypt/live/proselitigant.tech/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/proselitigant.tech/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/proselitigant.tech/privkey.pem;
include /etc/nginx/ssl.conf;
# Security headers # Security headers
add_header X-Frame-Options DENY; add_header X-Frame-Options DENY;

23
infrastructure/nginx/conf.d/default.conf
View File

@ -1,23 +0,0 @@
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://web:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /api {
rewrite ^/api/(.*) /$1 break;
proxy_pass http://api:4000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}

5
infrastructure/nginx/conf.d/web.conf
View File

@ -1,7 +1,9 @@
server { server {
listen 80; listen 80;
server_name proselitigant.tech; server_name proselitigant.tech;
return 301 https://$host$request_uri; location / {
return 301 https://$host$request_uri;
}
} }
server { server {
@ -10,6 +12,7 @@ server {
ssl_certificate /etc/letsencrypt/live/proselitigant.tech/fullchain.pem; ssl_certificate /etc/letsencrypt/live/proselitigant.tech/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/proselitigant.tech/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/proselitigant.tech/privkey.pem;
include /etc/nginx/ssl.conf;
# Security headers # Security headers
add_header X-Frame-Options SAMEORIGIN; add_header X-Frame-Options SAMEORIGIN;

10
infrastructure/nginx/ssl.conf Normal file
View File

@ -0,0 +1,10 @@
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (6 months)
add_header Strict-Transport-Security "max-age=15768000" always;