# Configuration Nginx consolidée pour dev4._4NKweb.com # Générée automatiquement le $(date) # Inclusion du format de log JSON et des upstreams include upstreams.conf; # Redirection globale HTTP→HTTPS server { listen 80; server_name dev4._4NKweb.com *.dev4._4NKweb.com; return 301 https://; } # Configuration HTTPS pour REDIS server { listen 80; server_name redis..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name ..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour POSTGRESQL server { listen 80; server_name postgresql..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name ..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour LOKI server { listen 80; server_name loki..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name ..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour PROMTAIL server { listen 80; server_name promtail..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name ..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour GRAFANA server { listen 80; server_name grafana..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name ..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour NGNIX server { listen 80; server_name ..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name ..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour TOR server { listen 80; server_name tor-proxy..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name ..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour _4NK_VAULT server { listen 80; server_name _4NK_vault..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name ..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour BITCOIN server { listen 80; server_name bitcoin..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name ..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour BLINDBIT_ORACLE server { listen 80; server_name blindbit-oracle..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name ..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour SDK_RELAY server { listen 80; server_name sdk_relay..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name ..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour SDK_STORAGE server { listen 80; server_name sdk_storage..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name ..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour IHM_CLIENT server { listen 80; server_name ihm_client..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name ..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour _4NK_CERTIFICATOR server { listen 80; server_name _4NK_certificator..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name ..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour _4NK_MINER server { listen 80; server_name _4NK_miner..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name ..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour LECOFFRE_FRONT server { listen 80; server_name lecoffre-front..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name ..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour _4NK_WEB_STATUS server { listen 80; server_name _4NK_web_status..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name ..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } }