# Configuration Nginx consolidée pour dev4._4NKweb.com # Générée automatiquement le $(date) # Inclusion du format de log JSON et des upstreams include upstreams.conf; # Redirection globale HTTP→HTTPS server { listen 80; server_name dev4._4NKweb.com *.dev4._4NKweb.com; return 301 https://; } # Configuration HTTPS pour REDIS server { listen 80; server_name redis..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name redis..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://redis; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://redis; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour POSTGRESQL server { listen 80; server_name postgresql..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name postgresql..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://postgresql; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://postgresql; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour LOKI server { listen 80; server_name loki..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name loki..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://loki; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://loki; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour PROMTAIL server { listen 80; server_name promtail..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name promtail..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://promtail; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://promtail; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour GRAFANA server { listen 80; server_name grafana..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name grafana..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://grafana; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://grafana; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour NGNIX server { listen 80; server_name ..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name ngnix..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://ngnix; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://ngnix; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour TOR server { listen 80; server_name tor-proxy..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name tor..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://tor; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://tor; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour _4NK_VAULT server { listen 80; server_name _4NK_vault..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name _4nk_vault..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://_4nk_vault; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://_4nk_vault; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour BITCOIN server { listen 80; server_name bitcoin..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name bitcoin..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://bitcoin; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://bitcoin; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour BLINDBIT_ORACLE server { listen 80; server_name blindbit-oracle..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name blindbit_oracle..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://blindbit_oracle; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://blindbit_oracle; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour SDK_RELAY server { listen 80; server_name sdk_relay..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name sdk_relay..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://sdk_relay; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://sdk_relay; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour SDK_STORAGE server { listen 80; server_name sdk_storage..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name sdk_storage..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://sdk_storage; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://sdk_storage; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour IHM_CLIENT server { listen 80; server_name ihm_client..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name ihm_client..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://ihm_client; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://ihm_client; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour _4NK_CERTIFICATOR server { listen 80; server_name _4NK_certificator..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name _4nk_certificator..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://_4nk_certificator; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://_4nk_certificator; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour _4NK_MINER server { listen 80; server_name _4NK_miner..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name _4nk_miner..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://_4nk_miner; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://_4nk_miner; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour LECOFFRE_FRONT server { listen 80; server_name lecoffre-front..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name lecoffre_front..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://lecoffre_front; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://lecoffre_front; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } } # Configuration HTTPS pour _4NK_WEB_STATUS server { listen 80; server_name _4NK_web_status..com; # redirection HTTP→HTTPS pour l'externe return 301 https://; } server { listen 443 ssl http2; server_name _4nk_web_status..com; ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem; ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem; # réglages TLS minimaux (adapter selon politique) ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # HSTS (activer seulement si tout le domaine est en HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json; location / { proxy_pass http://_4nk_web_status; include $/proxy_headers.conf; } location /ws/ { proxy_pass http://_4nk_web_status; proxy_http_version 1.1; proxy_set_header Upgrade ; proxy_set_header Connection "upgrade"; include $/proxy_headers.conf; proxy_read_timeout 3600s; } }