59 lines
1.9 KiB
Plaintext
59 lines
1.9 KiB
Plaintext
# Configuration HTTPS pour $HOST
|
|
server {
|
|
listen 443 ssl;
|
|
http2 on;
|
|
server_name $HOST;
|
|
|
|
# Certificats SSL
|
|
ssl_certificate $CERT_PATH/fullchain.pem;
|
|
ssl_certificate_key $CERT_PATH/privkey.pem;
|
|
|
|
# Configuration SSL
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
|
|
ssl_prefer_server_ciphers off;
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_timeout 10m;
|
|
|
|
# Headers de sécurité
|
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
|
add_header X-Frame-Options DENY always;
|
|
add_header X-Content-Type-Options nosniff always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
|
|
# Grafana - Interface de monitoring (DOIT être avant location /)
|
|
include $NGINX_CONF_DIR/route_grafana.conf;
|
|
|
|
# Loki API - API de logs (DOIT être avant location /)
|
|
include $NGINX_CONF_DIR/route_loki.conf;
|
|
|
|
# Page de statut des services (DOIT être avant location /)
|
|
include $NGINX_CONF_DIR/route_status.conf;
|
|
include $NGINX_CONF_DIR/route_status_redirect.conf;
|
|
include $NGINX_CONF_DIR/route_status_api.conf;
|
|
|
|
# API backend - route /back/ vers /api/ du backend
|
|
include $NGINX_CONF_DIR/route_back_proxy.conf;
|
|
|
|
# WebSocket relay (sdk_relay)
|
|
include $NGINX_CONF_DIR/route_ws.conf;
|
|
|
|
# favicon
|
|
include $NGINX_CONF_DIR/route_favicon.conf;
|
|
|
|
# blindbit
|
|
include $NGINX_CONF_DIR/route_blindbit.conf;
|
|
|
|
# lecoffre-front - Application LeCoffre
|
|
include $NGINX_CONF_DIR/route_lecoffre_redirect.conf;
|
|
include $NGINX_CONF_DIR/route_lecoffre.conf;
|
|
include $NGINX_CONF_DIR/route_lecoffre_hmr.conf;
|
|
include $NGINX_CONF_DIR/route_next_assets.conf;
|
|
|
|
include $NGINX_CONF_DIR/route_routes.conf;
|
|
|
|
# ihm_client (root) - DOIT être en dernier
|
|
|
|
include $NGINX_CONF_DIR/route_ihm_client.conf;
|
|
}
|