4nk/4NK_vault
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4NK_vault/storage/dev/nginx/nginx_dev4._4NKweb.com-https.conf
4NK Dev 4834c40503 ci: docker_tag=dev-test 
Séparation des scripts de génération et amélioration de l'architecture

- Séparé generate_grafana_dashboards.sh en 3 scripts distincts :
  * generate_grafana_dashboards.sh (dashboards uniquement)
  * generate_promtail_config.sh (configuration Promtail)
  * generate_logrotate_configs.sh (configurations Logrotate)

- Supprimé generate_docker_compose.sh et generate_docker_variables.sh
- Centralisé la génération des variables dans generate_variables.sh
- Mis à jour generate.sh pour une architecture en 5 étapes
- Corrigé les chemins de sortie et les références de variables
- Ajouté la gestion d'erreurs pour les fichiers .env problématiques
- Généré toutes les configurations Nginx, Grafana, Promtail et Logrotate
- Amélioré la modularité et la maintenabilité du code
2025-10-03 17:13:19 +00:00

712 lines
22 KiB
Plaintext
Raw Permalink Blame History

# Configuration Nginx consolidée pour $HOST
# Générée automatiquement le $(date)
# Inclusion du format de log JSON et des upstreams
include upstreams.conf;
# Redirection globale HTTP→HTTPS
server {
listen 80;
server_name $HOST *.$HOST;
return 301 https://$host$request_uri;
}
# Configuration HTTPS pour REDIS
server {
listen 80;
server_name $REDIS.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $REDIS_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$REDIS_https.log app_json;
location / {
proxy_pass http://$REDIS_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$REDIS_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour POSTGRESQL
server {
listen 80;
server_name $POSTGRESQL.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $POSTGRESQL_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$POSTGRESQL_https.log app_json;
location / {
proxy_pass http://$POSTGRESQL_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$POSTGRESQL_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour LOKI
server {
listen 80;
server_name $LOKI.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $LOKI_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$LOKI_https.log app_json;
location / {
proxy_pass http://$LOKI_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$LOKI_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour PROMTAIL
server {
listen 80;
server_name $PROMTAIL.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $PROMTAIL_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$PROMTAIL_https.log app_json;
location / {
proxy_pass http://$PROMTAIL_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$PROMTAIL_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour GRAFANA
server {
listen 80;
server_name $GRAFANA.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $GRAFANA_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$GRAFANA_https.log app_json;
location / {
proxy_pass http://$GRAFANA_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$GRAFANA_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour NGNIX
server {
listen 80;
server_name $NGNIX.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $NGNIX_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$NGNIX_https.log app_json;
location / {
proxy_pass http://$NGNIX_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$NGNIX_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour TOR
server {
listen 80;
server_name $TOR.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $TOR_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$TOR_https.log app_json;
location / {
proxy_pass http://$TOR_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$TOR_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_VAULT
server {
listen 80;
server_name $_4NK_VAULT.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $_4NK_VAULT_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$_4NK_VAULT_https.log app_json;
location / {
proxy_pass http://$_4NK_VAULT_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$_4NK_VAULT_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour BITCOIN
server {
listen 80;
server_name $BITCOIN.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $BITCOIN_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$BITCOIN_https.log app_json;
location / {
proxy_pass http://$BITCOIN_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$BITCOIN_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour BLINDBIT_ORACLE
server {
listen 80;
server_name $BLINDBIT_ORACLE.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $BLINDBIT_ORACLE_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$BLINDBIT_ORACLE_https.log app_json;
location / {
proxy_pass http://$BLINDBIT_ORACLE_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$BLINDBIT_ORACLE_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour SDK_RELAY
server {
listen 80;
server_name $SDK_RELAY.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $SDK_RELAY_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$SDK_RELAY_https.log app_json;
location / {
proxy_pass http://$SDK_RELAY_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$SDK_RELAY_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour SDK_STORAGE
server {
listen 80;
server_name $SDK_STORAGE.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $SDK_STORAGE_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$SDK_STORAGE_https.log app_json;
location / {
proxy_pass http://$SDK_STORAGE_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$SDK_STORAGE_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour IHM_CLIENT
server {
listen 80;
server_name $IHM_CLIENT.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $IHM_CLIENT_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$IHM_CLIENT_https.log app_json;
location / {
proxy_pass http://$IHM_CLIENT_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$IHM_CLIENT_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_CERTIFICATOR
server {
listen 80;
server_name $_4NK_CERTIFICATOR.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $_4NK_CERTIFICATOR_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$_4NK_CERTIFICATOR_https.log app_json;
location / {
proxy_pass http://$_4NK_CERTIFICATOR_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$_4NK_CERTIFICATOR_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_MINER
server {
listen 80;
server_name $_4NK_MINER.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $_4NK_MINER_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$_4NK_MINER_https.log app_json;
location / {
proxy_pass http://$_4NK_MINER_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$_4NK_MINER_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour LECOFFRE_FRONT
server {
listen 80;
server_name $LECOFFRE_FRONT.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $LECOFFRE_FRONT_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$LECOFFRE_FRONT_https.log app_json;
location / {
proxy_pass http://$LECOFFRE_FRONT_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$LECOFFRE_FRONT_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_WEB_STATUS
server {
listen 80;
server_name $_4NK_WEB_STATUS.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $_4NK_WEB_STATUS_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$_4NK_WEB_STATUS_https.log app_json;
location / {
proxy_pass http://$_4NK_WEB_STATUS_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$_4NK_WEB_STATUS_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
Reference in New Issue View Git Blame Copy Permalink