4nk/4NK_vault
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4NK_vault/templates/dev/_4NK_modules/nginx/nginx_dev4.4NKweb.com-https.conf
4NK Dev d02a183abb fix: nginx maintenant dans _4NK_modules/nginx/ comme module 4NK 
- Correction complète du script generate_nginx_configs.sh
- Tous les fichiers nginx sont maintenant générés dans _4NK_modules/nginx/
- Désactivation du traitement du répertoire nginx/ dans replace_variables_and_copy.sh
- Mise à jour des messages d'affichage dans generate.sh
- Cohérence avec la structure des modules 4NK
- Nginx traité comme un module 4NK standard dans _4NK_modules/
2025-10-05 22:29:17 +00:00

712 lines
22 KiB
Plaintext
Raw Blame History

# Configuration Nginx consolidée pour $HOST
# Générée automatiquement le $(date)
# Inclusion du format de log JSON et des upstreams
include upstreams.conf;
# Redirection globale HTTP→HTTPS
server {
listen 80;
server_name $HOST *.$HOST;
return 301 https://$host$request_uri;
}
# Configuration HTTPS pour REDIS
server {
listen 80;
server_name $REDIS.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $REDIS_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$REDIS_https.log app_json;
location / {
proxy_pass http://$REDIS_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$REDIS_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour POSTGRESQL
server {
listen 80;
server_name $POSTGRESQL.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $POSTGRESQL_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$POSTGRESQL_https.log app_json;
location / {
proxy_pass http://$POSTGRESQL_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$POSTGRESQL_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour LOKI
server {
listen 80;
server_name $LOKI.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $LOKI_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$LOKI_https.log app_json;
location / {
proxy_pass http://$LOKI_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$LOKI_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour PROMTAIL
server {
listen 80;
server_name $PROMTAIL.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $PROMTAIL_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$PROMTAIL_https.log app_json;
location / {
proxy_pass http://$PROMTAIL_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$PROMTAIL_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour GRAFANA
server {
listen 80;
server_name $GRAFANA.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $GRAFANA_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$GRAFANA_https.log app_json;
location / {
proxy_pass http://$GRAFANA_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$GRAFANA_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour NGNIX
server {
listen 80;
server_name $NGNIX.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $NGNIX_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$NGNIX_https.log app_json;
location / {
proxy_pass http://$NGNIX_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$NGNIX_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour TOR
server {
listen 80;
server_name $TOR.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $TOR_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$TOR_https.log app_json;
location / {
proxy_pass http://$TOR_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$TOR_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_VAULT
server {
listen 80;
server_name $_4NK_VAULT.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $_4NK_VAULT_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$_4NK_VAULT_https.log app_json;
location / {
proxy_pass http://$_4NK_VAULT_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$_4NK_VAULT_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour BITCOIN
server {
listen 80;
server_name $BITCOIN.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $BITCOIN_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$BITCOIN_https.log app_json;
location / {
proxy_pass http://$BITCOIN_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$BITCOIN_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour BLINDBIT_ORACLE
server {
listen 80;
server_name $BLINDBIT_ORACLE.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $BLINDBIT_ORACLE_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$BLINDBIT_ORACLE_https.log app_json;
location / {
proxy_pass http://$BLINDBIT_ORACLE_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$BLINDBIT_ORACLE_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour SDK_RELAY
server {
listen 80;
server_name $SDK_RELAY.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $SDK_RELAY_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$SDK_RELAY_https.log app_json;
location / {
proxy_pass http://$SDK_RELAY_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$SDK_RELAY_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour SDK_STORAGE
server {
listen 80;
server_name $SDK_STORAGE.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $SDK_STORAGE_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$SDK_STORAGE_https.log app_json;
location / {
proxy_pass http://$SDK_STORAGE_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$SDK_STORAGE_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour IHM_CLIENT
server {
listen 80;
server_name $IHM_CLIENT.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $IHM_CLIENT_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$IHM_CLIENT_https.log app_json;
location / {
proxy_pass http://$IHM_CLIENT_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$IHM_CLIENT_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_CERTIFICATOR
server {
listen 80;
server_name $_4NK_CERTIFICATOR.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $_4NK_CERTIFICATOR_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$_4NK_CERTIFICATOR_https.log app_json;
location / {
proxy_pass http://$_4NK_CERTIFICATOR_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$_4NK_CERTIFICATOR_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_MINER
server {
listen 80;
server_name $_4NK_MINER.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $_4NK_MINER_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$_4NK_MINER_https.log app_json;
location / {
proxy_pass http://$_4NK_MINER_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$_4NK_MINER_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour LECOFFRE_FRONT
server {
listen 80;
server_name $LECOFFRE_FRONT.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $LECOFFRE_FRONT_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$LECOFFRE_FRONT_https.log app_json;
location / {
proxy_pass http://$LECOFFRE_FRONT_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$LECOFFRE_FRONT_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_WEB_STATUS
server {
listen 80;
server_name $_4NK_WEB_STATUS.$_4NKweb.com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name $_4NK_WEB_STATUS_DOCKER_NAME.$_4NKweb.com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/$_4NK_WEB_STATUS_https.log app_json;
location / {
proxy_pass http://$_4NK_WEB_STATUS_DOCKER_NAME;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://$_4NK_WEB_STATUS_DOCKER_NAME;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
Reference in New Issue View Git Blame Copy Permalink