forked from WoozyMasta/guassp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx.conf
90 lines (70 loc) · 2.71 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# /etc/nginx/conf.d/sonarqube.conf
upstream sonarqube { server 127.0.0.1:9000; }
upstream guassp {
server 127.0.0.1:8000 max_fails=1 fail_timeout=20s;
server 127.0.0.1:8001 max_fails=1 fail_timeout=20s;
}
server {
listen 80;
server_name sonarqube.tld;
server_tokens off;
set_real_ip_from 10.0.0.0/16;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
rewrite ^ https://$host$request_uri? permanent;
}
server {
listen 443 ssl http2;
server_name sonarqube.tld;
server_tokens off;
set_real_ip_from 10.0.0.0/16;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_certificate /etc/nginx/ssl/sonarqube.tld.pem;
ssl_certificate_key /etc/nginx/ssl/sonarqube.tld.key;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:RSA+AESGCM:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!AES128;
ssl_session_cache shared:TLS:2m;
ssl_buffer_size 4k;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always;
access_log /var/log/nginx/access-sonarqube.log timed buffer=16k;
error_log /var/log/nginx/error-sonarqube.log warn;
chunked_transfer_encoding on;
location / {
proxy_pass http://sonarqube/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_intercept_errors on;
proxy_redirect off;
proxy_buffering off;
proxy_request_buffering off;
}
location /api/editions/is_valid_license {
access_log off;
default_type application/json;
return 200 '{"isValidLicense": true}';
}
location /api/guassp {
proxy_pass http://guassp/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_intercept_errors off;
proxy_redirect off;
proxy_buffering off;
proxy_request_buffering off;
}
}