4nk/4NK_vault
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4NK_vault/storage/dev/nginx/nginx_dev4.4NKweb.com-https.conf
4NK Dev 5ff468bc84 feat: Système de templates automatisé v2.0.0 
- Introduction du système de templates avec séparation templates/storage
- Scripts de génération automatisée pour toutes les configurations
- Résolution multi-passes des variables imbriquées
- API simplifiée qui lit uniquement storage/ (plus de traitement de variables)
- Documentation complète du nouveau système
- Support des services externes (BOOTSTRAP, LECOFFRE_BACK_MINI)
- Protection des templates sources et isolation des environnements
2025-10-05 13:53:38 +00:00

712 lines
20 KiB
Plaintext
Raw Blame History

# Configuration Nginx consolidée pour dev4._4NKweb.com
# Générée automatiquement le $(date)
# Inclusion du format de log JSON et des upstreams
include upstreams.conf;
# Redirection globale HTTP→HTTPS
server {
listen 80;
server_name dev4._4NKweb.com *.dev4._4NKweb.com;
return 301 https://;
}
# Configuration HTTPS pour REDIS
server {
listen 80;
server_name redis..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour POSTGRESQL
server {
listen 80;
server_name postgresql..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour LOKI
server {
listen 80;
server_name loki..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour PROMTAIL
server {
listen 80;
server_name promtail..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour GRAFANA
server {
listen 80;
server_name grafana..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour NGNIX
server {
listen 80;
server_name ..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour TOR
server {
listen 80;
server_name tor-proxy..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_VAULT
server {
listen 80;
server_name _4NK_vault..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour BITCOIN
server {
listen 80;
server_name bitcoin..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour BLINDBIT_ORACLE
server {
listen 80;
server_name blindbit-oracle..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour SDK_RELAY
server {
listen 80;
server_name sdk_relay..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour SDK_STORAGE
server {
listen 80;
server_name sdk_storage..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour IHM_CLIENT
server {
listen 80;
server_name ihm_client..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_CERTIFICATOR
server {
listen 80;
server_name _4NK_certificator..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_MINER
server {
listen 80;
server_name _4NK_miner..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour LECOFFRE_FRONT
server {
listen 80;
server_name lecoffre-front..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_WEB_STATUS
server {
listen 80;
server_name _4NK_web_status..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
Reference in New Issue View Git Blame Copy Permalink