centos_nginx_backuppc4.x
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revision Both sides next revision | ||
|
centos_nginx_backuppc4.x [2018/02/15 18:17] k2patel [Configuration] |
centos_nginx_backuppc4.x [2018/02/15 18:20] k2patel [Configuration] |
||
|---|---|---|---|
| Line 117: | Line 117: | ||
| === Nginx Configuration === | === Nginx Configuration === | ||
| + | <code bash | /etc/nginx/nginx.conf> | ||
| + | worker_processes 1; | ||
| + | |||
| + | events { | ||
| + | worker_connections 1024; | ||
| + | } | ||
| + | |||
| + | http { | ||
| + | include mime.types; | ||
| + | default_type application/octet-stream; | ||
| + | |||
| + | sendfile on; | ||
| + | |||
| + | keepalive_timeout 65; | ||
| + | |||
| + | gzip on; | ||
| + | |||
| + | server { | ||
| + | listen 80; | ||
| + | server_name ngee-vm2.ornl.gov; | ||
| + | |||
| + | return 302 https://ngee-vm2.ornl.gov$request_uri; | ||
| + | |||
| + | } | ||
| + | |||
| + | server { | ||
| + | listen 443 ssl http2; | ||
| + | server_name ngee-vm2.ornl.gov; | ||
| + | |||
| + | ssl on; | ||
| + | ssl_certificate /etc/pki/tls/certs/ornl.gov.crt; | ||
| + | ssl_certificate_key /etc/pki/tls/private/ornl.gov.key; | ||
| + | ssl_trusted_certificate /etc/pki/tls/certs/ornl.gov.int.ca; | ||
| + | |||
| + | # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) | ||
| + | add_header Strict-Transport-Security max-age=63072000; | ||
| + | |||
| + | # OCSP Stapling --- | ||
| + | # fetch OCSP records from URL in ssl_certificate and cache them | ||
| + | ssl_stapling on; | ||
| + | ssl_stapling_verify off; | ||
| + | # modern configuration. tweak to your needs. | ||
| + | ssl_protocols TLSv1.2; | ||
| + | ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; | ||
| + | ssl_prefer_server_ciphers on; | ||
| + | |||
| + | ssl_session_timeout 1d; | ||
| + | ssl_session_cache shared:SSL:50m; | ||
| + | ssl_session_tickets off; | ||
| + | |||
| + | add_header Strict-Transport-Security max-age=63072000; | ||
| + | add_header X-Frame-Options DENY; | ||
| + | add_header X-Content-Type-Options nosniff; | ||
| + | |||
| + | error_page 500 502 503 504 /50x.html; | ||
| + | location = /50x.html { | ||
| + | root /usr/share/nginx/html; | ||
| + | } | ||
| + | |||
| + | access_log /var/log/nginx/backuppc.access.log; | ||
| + | error_log /var/log/nginx/backuppc.error.log; | ||
| + | |||
| + | location / { | ||
| + | auth_basic "Backup"; | ||
| + | auth_basic_user_file /usr/local/etc/nginx/backuppc.users; | ||
| + | root /usr/share/BackupPC/html; | ||
| + | return 302 http://ngee-vm2.ornl.gov/cgi-bin/BackupPC_Admin; | ||
| + | index BackupPC.html; | ||
| + | } | ||
| + | |||
| + | location /BackupPC { | ||
| + | alias /usr/share/BackupPC/html; | ||
| + | index BackupPC.html; | ||
| + | } | ||
| + | |||
| + | #location ~\.cgi$ { | ||
| + | location ~ ^/cgi-bin/BackupPC_Admin(/|$) { | ||
| + | auth_basic "Backup"; | ||
| + | auth_basic_user_file /etc/nginx/backuppc.users; | ||
| + | gzip off; | ||
| + | include /etc/nginx/fastcgi_params; | ||
| + | fastcgi_pass localhost:8999; | ||
| + | |||
| + | fastcgi_param REMOTE_ADDR $remote_addr; | ||
| + | fastcgi_param REMOTE_USER $remote_user; | ||
| + | fastcgi_param SCRIPT_FILENAME /usr/share/BackupPC/sbin/BackupPC_Admin; | ||
| + | } | ||
| + | |||
| + | location ~ /\.ht { | ||
| + | deny all; | ||
| + | } | ||
| + | } | ||
| + | } | ||
| + | </code> | ||
| ==== Required Third party scripts ==== | ==== Required Third party scripts ==== | ||
centos_nginx_backuppc4.x.txt ยท Last modified: 2020/08/10 02:35 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
