Site Tools


nginx

installer nginx, préparer le certificat et rajouter le saut de ligne au milieu :

 apt install nginx
 cd /etc/ssl
 mkdir nginx
 cd /etc/ssl/nginx/
 cat artisan-solution.fr_ssl_certificate.cer _.artisan-solution.fr_ssl_certificate_INTERMEDIATE.cer >> artisan-solution.fr_ssl_certificate.pem
 vi artisan-solution.fr_ssl_certificate.pem

dans /etc/nginx/sites-available :

root@localhost:/etc/nginx/sites-available# cat artisan-solution.com
upstream www.artisan-solution.com {
    server 127.0.0.1:8069;
}

server {
        server_name artisan-solution.com www.artisan-solution.com;
        return 301 https://www.artisan-solution.com$request_uri;
}

server {
    listen 443 ssl;
    server_name artisan-solution.com;
    ssl_certificate  /etc/ssl/nginx/artisan-solution.com_ssl_certificate.pem;
    ssl_certificate_key /etc/ssl/nginx/_.artisan-solution.com_private_key.key;
    return 301 https://www.artisan-solution.com$request_uri;
}

server {
        listen 443 ssl;
        server_name www.artisan-solution.com;
        proxy_read_timeout 720s;
        proxy_connect_timeout 720s;
        proxy_send_timeout 720s;

# Add Headers for proxy mode
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;

# SSL parameters
        ssl on;
        ssl_certificate /etc/ssl/nginx/artisan-solution.com_ssl_certificate.pem;
        ssl_certificate_key /etc/ssl/nginx/_.artisan-solution.com_private_key.key;
        ssl_session_timeout 30m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;

# log
        access_log  /var/log/nginx/artisan-solution.com.access.log;
        error_log   /var/log/nginx/artisan-solution.com.error.log;
    
        add_header Strict-Transport-Security "max-age=4838400; includeSubDomains";

location / {
        proxy_redirect off;
        proxy_pass http://www.artisan-solution.com;
        }

# gzip compression - added by olivier on 2019 Dec 6
        gzip on;
        gzip_types      text/css text/less text/plain text/xml application/xml application/json application/javascript image/svg+xml;
        gzip_proxied    no-cache no-store private expired auth;
        gzip_min_length 1000;
}
nginx.txt · Last modified: 2020/01/14 13:12 by 89.95.221.183