11adafed16
- Régénération de tous les fichiers dans storage/dev/ avec variables remplacées - Mise à jour des dashboards Grafana avec variables d'environnement - Configuration Promtail mise à jour avec paths et services - Configurations logrotate mises à jour pour tous les services - Configurations Nginx (upstreams, ports internes, HTTPS) mises à jour - bitcoin.conf avec ZMQ host:port correctement résolus - .env.auto et docker-compose.yml.auto avec toutes les variables - Templates nginx mis à jour avec dernières modifications
712 lines
20 KiB
Plaintext
712 lines
20 KiB
Plaintext
# Configuration Nginx consolidée pour dev4._4NKweb.com
|
|
# Générée automatiquement le $(date)
|
|
|
|
# Inclusion du format de log JSON et des upstreams
|
|
include upstreams.conf;
|
|
|
|
|
|
# Redirection globale HTTP→HTTPS
|
|
server {
|
|
listen 80;
|
|
server_name dev4._4NKweb.com *.dev4._4NKweb.com;
|
|
return 301 https://;
|
|
}
|
|
|
|
|
|
# Configuration HTTPS pour REDIS
|
|
server {
|
|
listen 80;
|
|
server_name redis..com;
|
|
# redirection HTTP→HTTPS pour l'externe
|
|
return 301 https://;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name redis..com;
|
|
|
|
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
|
|
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
|
|
|
|
# réglages TLS minimaux (adapter selon politique)
|
|
ssl_session_timeout 1d;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# HSTS (activer seulement si tout le domaine est en HTTPS)
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
|
|
|
|
location / {
|
|
proxy_pass http://redis;
|
|
include $/proxy_headers.conf;
|
|
}
|
|
|
|
location /ws/ {
|
|
proxy_pass http://redis;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade ;
|
|
proxy_set_header Connection "upgrade";
|
|
include $/proxy_headers.conf;
|
|
proxy_read_timeout 3600s;
|
|
}
|
|
}
|
|
|
|
# Configuration HTTPS pour POSTGRESQL
|
|
server {
|
|
listen 80;
|
|
server_name postgresql..com;
|
|
# redirection HTTP→HTTPS pour l'externe
|
|
return 301 https://;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name postgresql..com;
|
|
|
|
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
|
|
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
|
|
|
|
# réglages TLS minimaux (adapter selon politique)
|
|
ssl_session_timeout 1d;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# HSTS (activer seulement si tout le domaine est en HTTPS)
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
|
|
|
|
location / {
|
|
proxy_pass http://postgresql;
|
|
include $/proxy_headers.conf;
|
|
}
|
|
|
|
location /ws/ {
|
|
proxy_pass http://postgresql;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade ;
|
|
proxy_set_header Connection "upgrade";
|
|
include $/proxy_headers.conf;
|
|
proxy_read_timeout 3600s;
|
|
}
|
|
}
|
|
|
|
# Configuration HTTPS pour LOKI
|
|
server {
|
|
listen 80;
|
|
server_name loki..com;
|
|
# redirection HTTP→HTTPS pour l'externe
|
|
return 301 https://;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name loki..com;
|
|
|
|
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
|
|
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
|
|
|
|
# réglages TLS minimaux (adapter selon politique)
|
|
ssl_session_timeout 1d;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# HSTS (activer seulement si tout le domaine est en HTTPS)
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
|
|
|
|
location / {
|
|
proxy_pass http://loki;
|
|
include $/proxy_headers.conf;
|
|
}
|
|
|
|
location /ws/ {
|
|
proxy_pass http://loki;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade ;
|
|
proxy_set_header Connection "upgrade";
|
|
include $/proxy_headers.conf;
|
|
proxy_read_timeout 3600s;
|
|
}
|
|
}
|
|
|
|
# Configuration HTTPS pour PROMTAIL
|
|
server {
|
|
listen 80;
|
|
server_name promtail..com;
|
|
# redirection HTTP→HTTPS pour l'externe
|
|
return 301 https://;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name promtail..com;
|
|
|
|
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
|
|
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
|
|
|
|
# réglages TLS minimaux (adapter selon politique)
|
|
ssl_session_timeout 1d;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# HSTS (activer seulement si tout le domaine est en HTTPS)
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
|
|
|
|
location / {
|
|
proxy_pass http://promtail;
|
|
include $/proxy_headers.conf;
|
|
}
|
|
|
|
location /ws/ {
|
|
proxy_pass http://promtail;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade ;
|
|
proxy_set_header Connection "upgrade";
|
|
include $/proxy_headers.conf;
|
|
proxy_read_timeout 3600s;
|
|
}
|
|
}
|
|
|
|
# Configuration HTTPS pour GRAFANA
|
|
server {
|
|
listen 80;
|
|
server_name grafana..com;
|
|
# redirection HTTP→HTTPS pour l'externe
|
|
return 301 https://;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name grafana..com;
|
|
|
|
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
|
|
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
|
|
|
|
# réglages TLS minimaux (adapter selon politique)
|
|
ssl_session_timeout 1d;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# HSTS (activer seulement si tout le domaine est en HTTPS)
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
|
|
|
|
location / {
|
|
proxy_pass http://grafana;
|
|
include $/proxy_headers.conf;
|
|
}
|
|
|
|
location /ws/ {
|
|
proxy_pass http://grafana;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade ;
|
|
proxy_set_header Connection "upgrade";
|
|
include $/proxy_headers.conf;
|
|
proxy_read_timeout 3600s;
|
|
}
|
|
}
|
|
|
|
# Configuration HTTPS pour NGNIX
|
|
server {
|
|
listen 80;
|
|
server_name ..com;
|
|
# redirection HTTP→HTTPS pour l'externe
|
|
return 301 https://;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name ngnix..com;
|
|
|
|
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
|
|
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
|
|
|
|
# réglages TLS minimaux (adapter selon politique)
|
|
ssl_session_timeout 1d;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# HSTS (activer seulement si tout le domaine est en HTTPS)
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
|
|
|
|
location / {
|
|
proxy_pass http://ngnix;
|
|
include $/proxy_headers.conf;
|
|
}
|
|
|
|
location /ws/ {
|
|
proxy_pass http://ngnix;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade ;
|
|
proxy_set_header Connection "upgrade";
|
|
include $/proxy_headers.conf;
|
|
proxy_read_timeout 3600s;
|
|
}
|
|
}
|
|
|
|
# Configuration HTTPS pour TOR
|
|
server {
|
|
listen 80;
|
|
server_name tor-proxy..com;
|
|
# redirection HTTP→HTTPS pour l'externe
|
|
return 301 https://;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name tor..com;
|
|
|
|
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
|
|
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
|
|
|
|
# réglages TLS minimaux (adapter selon politique)
|
|
ssl_session_timeout 1d;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# HSTS (activer seulement si tout le domaine est en HTTPS)
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
|
|
|
|
location / {
|
|
proxy_pass http://tor;
|
|
include $/proxy_headers.conf;
|
|
}
|
|
|
|
location /ws/ {
|
|
proxy_pass http://tor;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade ;
|
|
proxy_set_header Connection "upgrade";
|
|
include $/proxy_headers.conf;
|
|
proxy_read_timeout 3600s;
|
|
}
|
|
}
|
|
|
|
# Configuration HTTPS pour _4NK_VAULT
|
|
server {
|
|
listen 80;
|
|
server_name _4NK_vault..com;
|
|
# redirection HTTP→HTTPS pour l'externe
|
|
return 301 https://;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name _4nk_vault..com;
|
|
|
|
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
|
|
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
|
|
|
|
# réglages TLS minimaux (adapter selon politique)
|
|
ssl_session_timeout 1d;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# HSTS (activer seulement si tout le domaine est en HTTPS)
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
|
|
|
|
location / {
|
|
proxy_pass http://_4nk_vault;
|
|
include $/proxy_headers.conf;
|
|
}
|
|
|
|
location /ws/ {
|
|
proxy_pass http://_4nk_vault;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade ;
|
|
proxy_set_header Connection "upgrade";
|
|
include $/proxy_headers.conf;
|
|
proxy_read_timeout 3600s;
|
|
}
|
|
}
|
|
|
|
# Configuration HTTPS pour BITCOIN
|
|
server {
|
|
listen 80;
|
|
server_name bitcoin..com;
|
|
# redirection HTTP→HTTPS pour l'externe
|
|
return 301 https://;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name bitcoin..com;
|
|
|
|
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
|
|
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
|
|
|
|
# réglages TLS minimaux (adapter selon politique)
|
|
ssl_session_timeout 1d;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# HSTS (activer seulement si tout le domaine est en HTTPS)
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
|
|
|
|
location / {
|
|
proxy_pass http://bitcoin;
|
|
include $/proxy_headers.conf;
|
|
}
|
|
|
|
location /ws/ {
|
|
proxy_pass http://bitcoin;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade ;
|
|
proxy_set_header Connection "upgrade";
|
|
include $/proxy_headers.conf;
|
|
proxy_read_timeout 3600s;
|
|
}
|
|
}
|
|
|
|
# Configuration HTTPS pour BLINDBIT_ORACLE
|
|
server {
|
|
listen 80;
|
|
server_name blindbit-oracle..com;
|
|
# redirection HTTP→HTTPS pour l'externe
|
|
return 301 https://;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name blindbit_oracle..com;
|
|
|
|
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
|
|
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
|
|
|
|
# réglages TLS minimaux (adapter selon politique)
|
|
ssl_session_timeout 1d;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# HSTS (activer seulement si tout le domaine est en HTTPS)
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
|
|
|
|
location / {
|
|
proxy_pass http://blindbit_oracle;
|
|
include $/proxy_headers.conf;
|
|
}
|
|
|
|
location /ws/ {
|
|
proxy_pass http://blindbit_oracle;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade ;
|
|
proxy_set_header Connection "upgrade";
|
|
include $/proxy_headers.conf;
|
|
proxy_read_timeout 3600s;
|
|
}
|
|
}
|
|
|
|
# Configuration HTTPS pour SDK_RELAY
|
|
server {
|
|
listen 80;
|
|
server_name sdk_relay..com;
|
|
# redirection HTTP→HTTPS pour l'externe
|
|
return 301 https://;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name sdk_relay..com;
|
|
|
|
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
|
|
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
|
|
|
|
# réglages TLS minimaux (adapter selon politique)
|
|
ssl_session_timeout 1d;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# HSTS (activer seulement si tout le domaine est en HTTPS)
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
|
|
|
|
location / {
|
|
proxy_pass http://sdk_relay;
|
|
include $/proxy_headers.conf;
|
|
}
|
|
|
|
location /ws/ {
|
|
proxy_pass http://sdk_relay;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade ;
|
|
proxy_set_header Connection "upgrade";
|
|
include $/proxy_headers.conf;
|
|
proxy_read_timeout 3600s;
|
|
}
|
|
}
|
|
|
|
# Configuration HTTPS pour SDK_STORAGE
|
|
server {
|
|
listen 80;
|
|
server_name sdk_storage..com;
|
|
# redirection HTTP→HTTPS pour l'externe
|
|
return 301 https://;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name sdk_storage..com;
|
|
|
|
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
|
|
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
|
|
|
|
# réglages TLS minimaux (adapter selon politique)
|
|
ssl_session_timeout 1d;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# HSTS (activer seulement si tout le domaine est en HTTPS)
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
|
|
|
|
location / {
|
|
proxy_pass http://sdk_storage;
|
|
include $/proxy_headers.conf;
|
|
}
|
|
|
|
location /ws/ {
|
|
proxy_pass http://sdk_storage;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade ;
|
|
proxy_set_header Connection "upgrade";
|
|
include $/proxy_headers.conf;
|
|
proxy_read_timeout 3600s;
|
|
}
|
|
}
|
|
|
|
# Configuration HTTPS pour IHM_CLIENT
|
|
server {
|
|
listen 80;
|
|
server_name ihm_client..com;
|
|
# redirection HTTP→HTTPS pour l'externe
|
|
return 301 https://;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name ihm_client..com;
|
|
|
|
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
|
|
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
|
|
|
|
# réglages TLS minimaux (adapter selon politique)
|
|
ssl_session_timeout 1d;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# HSTS (activer seulement si tout le domaine est en HTTPS)
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
|
|
|
|
location / {
|
|
proxy_pass http://ihm_client;
|
|
include $/proxy_headers.conf;
|
|
}
|
|
|
|
location /ws/ {
|
|
proxy_pass http://ihm_client;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade ;
|
|
proxy_set_header Connection "upgrade";
|
|
include $/proxy_headers.conf;
|
|
proxy_read_timeout 3600s;
|
|
}
|
|
}
|
|
|
|
# Configuration HTTPS pour _4NK_CERTIFICATOR
|
|
server {
|
|
listen 80;
|
|
server_name _4NK_certificator..com;
|
|
# redirection HTTP→HTTPS pour l'externe
|
|
return 301 https://;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name _4nk_certificator..com;
|
|
|
|
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
|
|
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
|
|
|
|
# réglages TLS minimaux (adapter selon politique)
|
|
ssl_session_timeout 1d;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# HSTS (activer seulement si tout le domaine est en HTTPS)
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
|
|
|
|
location / {
|
|
proxy_pass http://_4nk_certificator;
|
|
include $/proxy_headers.conf;
|
|
}
|
|
|
|
location /ws/ {
|
|
proxy_pass http://_4nk_certificator;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade ;
|
|
proxy_set_header Connection "upgrade";
|
|
include $/proxy_headers.conf;
|
|
proxy_read_timeout 3600s;
|
|
}
|
|
}
|
|
|
|
# Configuration HTTPS pour _4NK_MINER
|
|
server {
|
|
listen 80;
|
|
server_name _4NK_miner..com;
|
|
# redirection HTTP→HTTPS pour l'externe
|
|
return 301 https://;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name _4nk_miner..com;
|
|
|
|
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
|
|
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
|
|
|
|
# réglages TLS minimaux (adapter selon politique)
|
|
ssl_session_timeout 1d;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# HSTS (activer seulement si tout le domaine est en HTTPS)
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
|
|
|
|
location / {
|
|
proxy_pass http://_4nk_miner;
|
|
include $/proxy_headers.conf;
|
|
}
|
|
|
|
location /ws/ {
|
|
proxy_pass http://_4nk_miner;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade ;
|
|
proxy_set_header Connection "upgrade";
|
|
include $/proxy_headers.conf;
|
|
proxy_read_timeout 3600s;
|
|
}
|
|
}
|
|
|
|
# Configuration HTTPS pour LECOFFRE_FRONT
|
|
server {
|
|
listen 80;
|
|
server_name lecoffre-front..com;
|
|
# redirection HTTP→HTTPS pour l'externe
|
|
return 301 https://;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name lecoffre_front..com;
|
|
|
|
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
|
|
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
|
|
|
|
# réglages TLS minimaux (adapter selon politique)
|
|
ssl_session_timeout 1d;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# HSTS (activer seulement si tout le domaine est en HTTPS)
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
|
|
|
|
location / {
|
|
proxy_pass http://lecoffre_front;
|
|
include $/proxy_headers.conf;
|
|
}
|
|
|
|
location /ws/ {
|
|
proxy_pass http://lecoffre_front;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade ;
|
|
proxy_set_header Connection "upgrade";
|
|
include $/proxy_headers.conf;
|
|
proxy_read_timeout 3600s;
|
|
}
|
|
}
|
|
|
|
# Configuration HTTPS pour _4NK_WEB_STATUS
|
|
server {
|
|
listen 80;
|
|
server_name _4NK_web_status..com;
|
|
# redirection HTTP→HTTPS pour l'externe
|
|
return 301 https://;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name _4nk_web_status..com;
|
|
|
|
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
|
|
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
|
|
|
|
# réglages TLS minimaux (adapter selon politique)
|
|
ssl_session_timeout 1d;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# HSTS (activer seulement si tout le domaine est en HTTPS)
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
|
|
|
|
location / {
|
|
proxy_pass http://_4nk_web_status;
|
|
include $/proxy_headers.conf;
|
|
}
|
|
|
|
location /ws/ {
|
|
proxy_pass http://_4nk_web_status;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade ;
|
|
proxy_set_header Connection "upgrade";
|
|
include $/proxy_headers.conf;
|
|
proxy_read_timeout 3600s;
|
|
}
|
|
}
|