# Configuration Nginx consolidée pour $HOST # Générée automatiquement le $(date) # Inclusion du format de log JSON et des upstreams include upstreams.conf; # Redirection globale HTTP→HTTPS server { listen 80; server_name $HOST *.$HOST; return 301 https://$host$request_uri; } # Configuration HTTPS pour REDIS server { listen 80; server_name $REDIS.$_4NKweb.com; # redirection HTTP→HTTPS pour l'externe return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name $REDIS_DOCKER_NAME.$_4NKweb.com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$REDIS_https.log app_json; location / { proxy_pass http://$REDIS_DOCKER_NAME; include $/etc/nginx/conf.d/proxy_headers.conf; } location /ws/ { proxy_pass http://$REDIS_DOCKER_NAME; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; include $/etc/nginx/conf.d/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour POSTGRESQL server { listen 80; server_name $POSTGRESQL.$_4NKweb.com; # redirection HTTP→HTTPS pour l'externe return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name $POSTGRESQL_DOCKER_NAME.$_4NKweb.com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$POSTGRESQL_https.log app_json; location / { proxy_pass http://$POSTGRESQL_DOCKER_NAME; include $/etc/nginx/conf.d/proxy_headers.conf; } location /ws/ { proxy_pass http://$POSTGRESQL_DOCKER_NAME; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; include $/etc/nginx/conf.d/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour LOKI server { listen 80; server_name $LOKI.$_4NKweb.com; # redirection HTTP→HTTPS pour l'externe return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name $LOKI_DOCKER_NAME.$_4NKweb.com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$LOKI_https.log app_json; location / { proxy_pass http://$LOKI_DOCKER_NAME; include $/etc/nginx/conf.d/proxy_headers.conf; } location /ws/ { proxy_pass http://$LOKI_DOCKER_NAME; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; include $/etc/nginx/conf.d/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour PROMTAIL server { listen 80; server_name $PROMTAIL.$_4NKweb.com; # redirection HTTP→HTTPS pour l'externe return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name $PROMTAIL_DOCKER_NAME.$_4NKweb.com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$PROMTAIL_https.log app_json; location / { proxy_pass http://$PROMTAIL_DOCKER_NAME; include $/etc/nginx/conf.d/proxy_headers.conf; } location /ws/ { proxy_pass http://$PROMTAIL_DOCKER_NAME; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; include $/etc/nginx/conf.d/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour GRAFANA server { listen 80; server_name $GRAFANA.$_4NKweb.com; # redirection HTTP→HTTPS pour l'externe return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name $GRAFANA_DOCKER_NAME.$_4NKweb.com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$GRAFANA_https.log app_json; location / { proxy_pass http://$GRAFANA_DOCKER_NAME; include $/etc/nginx/conf.d/proxy_headers.conf; } location /ws/ { proxy_pass http://$GRAFANA_DOCKER_NAME; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; include $/etc/nginx/conf.d/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour NGNIX server { listen 80; server_name $NGNIX.$_4NKweb.com; # redirection HTTP→HTTPS pour l'externe return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name $NGNIX_DOCKER_NAME.$_4NKweb.com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$NGNIX_https.log app_json; location / { proxy_pass http://$NGNIX_DOCKER_NAME; include $/etc/nginx/conf.d/proxy_headers.conf; } location /ws/ { proxy_pass http://$NGNIX_DOCKER_NAME; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; include $/etc/nginx/conf.d/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour TOR server { listen 80; server_name $TOR.$_4NKweb.com; # redirection HTTP→HTTPS pour l'externe return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name $TOR_DOCKER_NAME.$_4NKweb.com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$TOR_https.log app_json; location / { proxy_pass http://$TOR_DOCKER_NAME; include $/etc/nginx/conf.d/proxy_headers.conf; } location /ws/ { proxy_pass http://$TOR_DOCKER_NAME; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; include $/etc/nginx/conf.d/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour _4NK_VAULT server { listen 80; server_name $_4NK_VAULT.$_4NKweb.com; # redirection HTTP→HTTPS pour l'externe return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name $_4NK_VAULT_DOCKER_NAME.$_4NKweb.com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$_4NK_VAULT_https.log app_json; location / { proxy_pass http://$_4NK_VAULT_DOCKER_NAME; include $/etc/nginx/conf.d/proxy_headers.conf; } location /ws/ { proxy_pass http://$_4NK_VAULT_DOCKER_NAME; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; include $/etc/nginx/conf.d/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour BITCOIN server { listen 80; server_name $BITCOIN.$_4NKweb.com; # redirection HTTP→HTTPS pour l'externe return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name $BITCOIN_DOCKER_NAME.$_4NKweb.com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$BITCOIN_https.log app_json; location / { proxy_pass http://$BITCOIN_DOCKER_NAME; include $/etc/nginx/conf.d/proxy_headers.conf; } location /ws/ { proxy_pass http://$BITCOIN_DOCKER_NAME; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; include $/etc/nginx/conf.d/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour BLINDBIT_ORACLE server { listen 80; server_name $BLINDBIT_ORACLE.$_4NKweb.com; # redirection HTTP→HTTPS pour l'externe return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name $BLINDBIT_ORACLE_DOCKER_NAME.$_4NKweb.com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$BLINDBIT_ORACLE_https.log app_json; location / { proxy_pass http://$BLINDBIT_ORACLE_DOCKER_NAME; include $/etc/nginx/conf.d/proxy_headers.conf; } location /ws/ { proxy_pass http://$BLINDBIT_ORACLE_DOCKER_NAME; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; include $/etc/nginx/conf.d/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour SDK_RELAY server { listen 80; server_name $SDK_RELAY.$_4NKweb.com; # redirection HTTP→HTTPS pour l'externe return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name $SDK_RELAY_DOCKER_NAME.$_4NKweb.com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$SDK_RELAY_https.log app_json; location / { proxy_pass http://$SDK_RELAY_DOCKER_NAME; include $/etc/nginx/conf.d/proxy_headers.conf; } location /ws/ { proxy_pass http://$SDK_RELAY_DOCKER_NAME; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; include $/etc/nginx/conf.d/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour SDK_STORAGE server { listen 80; server_name $SDK_STORAGE.$_4NKweb.com; # redirection HTTP→HTTPS pour l'externe return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name $SDK_STORAGE_DOCKER_NAME.$_4NKweb.com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$SDK_STORAGE_https.log app_json; location / { proxy_pass http://$SDK_STORAGE_DOCKER_NAME; include $/etc/nginx/conf.d/proxy_headers.conf; } location /ws/ { proxy_pass http://$SDK_STORAGE_DOCKER_NAME; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; include $/etc/nginx/conf.d/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour IHM_CLIENT server { listen 80; server_name $IHM_CLIENT.$_4NKweb.com; # redirection HTTP→HTTPS pour l'externe return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name $IHM_CLIENT_DOCKER_NAME.$_4NKweb.com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$IHM_CLIENT_https.log app_json; location / { proxy_pass http://$IHM_CLIENT_DOCKER_NAME; include $/etc/nginx/conf.d/proxy_headers.conf; } location /ws/ { proxy_pass http://$IHM_CLIENT_DOCKER_NAME; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; include $/etc/nginx/conf.d/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour _4NK_CERTIFICATOR server { listen 80; server_name $_4NK_CERTIFICATOR.$_4NKweb.com; # redirection HTTP→HTTPS pour l'externe return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name $_4NK_CERTIFICATOR_DOCKER_NAME.$_4NKweb.com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$_4NK_CERTIFICATOR_https.log app_json; location / { proxy_pass http://$_4NK_CERTIFICATOR_DOCKER_NAME; include $/etc/nginx/conf.d/proxy_headers.conf; } location /ws/ { proxy_pass http://$_4NK_CERTIFICATOR_DOCKER_NAME; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; include $/etc/nginx/conf.d/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour _4NK_MINER server { listen 80; server_name $_4NK_MINER.$_4NKweb.com; # redirection HTTP→HTTPS pour l'externe return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name $_4NK_MINER_DOCKER_NAME.$_4NKweb.com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$_4NK_MINER_https.log app_json; location / { proxy_pass http://$_4NK_MINER_DOCKER_NAME; include $/etc/nginx/conf.d/proxy_headers.conf; } location /ws/ { proxy_pass http://$_4NK_MINER_DOCKER_NAME; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; include $/etc/nginx/conf.d/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour LECOFFRE_FRONT server { listen 80; server_name $LECOFFRE_FRONT.$_4NKweb.com; # redirection HTTP→HTTPS pour l'externe return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name $LECOFFRE_FRONT_DOCKER_NAME.$_4NKweb.com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$LECOFFRE_FRONT_https.log app_json; location / { proxy_pass http://$LECOFFRE_FRONT_DOCKER_NAME; include $/etc/nginx/conf.d/proxy_headers.conf; } location /ws/ { proxy_pass http://$LECOFFRE_FRONT_DOCKER_NAME; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; include $/etc/nginx/conf.d/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour _4NK_WEB_STATUS server { listen 80; server_name $_4NK_WEB_STATUS.$_4NKweb.com; # redirection HTTP→HTTPS pour l'externe return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name $_4NK_WEB_STATUS_DOCKER_NAME.$_4NKweb.com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$_4NK_WEB_STATUS_https.log app_json; location / { proxy_pass http://$_4NK_WEB_STATUS_DOCKER_NAME; include $/etc/nginx/conf.d/proxy_headers.conf; } location /ws/ { proxy_pass http://$_4NK_WEB_STATUS_DOCKER_NAME; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; include $/etc/nginx/conf.d/proxy_headers.conf; proxy_read_timeout 3600s; } }