This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
centos_nginx_backuppc4.x [2018/02/15 18:17] k2patel [Configuration] |
centos_nginx_backuppc4.x [2018/02/15 18:22] k2patel [Configuration] |
||
---|---|---|---|
Line 117: | Line 117: | ||
=== Nginx Configuration === | === Nginx Configuration === | ||
+ | <code bash | /etc/nginx/nginx.conf> | ||
+ | worker_processes 1; | ||
+ | |||
+ | events { | ||
+ | worker_connections 1024; | ||
+ | } | ||
+ | |||
+ | http { | ||
+ | include mime.types; | ||
+ | default_type application/octet-stream; | ||
+ | |||
+ | sendfile on; | ||
+ | |||
+ | keepalive_timeout 65; | ||
+ | |||
+ | gzip on; | ||
+ | |||
+ | server { | ||
+ | listen 80; | ||
+ | server_name backup.k2patel.in; | ||
+ | |||
+ | return 302 https://backup.k2patel.in$request_uri; | ||
+ | |||
+ | } | ||
+ | |||
+ | server { | ||
+ | listen 443 ssl http2; | ||
+ | server_name backup.k2patel.in; | ||
+ | |||
+ | ssl on; | ||
+ | ssl_certificate /etc/pki/tls/certs/k2patel.in.crt; | ||
+ | ssl_certificate_key /etc/pki/tls/private/k2patel.in.key; | ||
+ | ssl_trusted_certificate /etc/pki/tls/certs/k2patel.in.int.ca; | ||
+ | |||
+ | # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) | ||
+ | add_header Strict-Transport-Security max-age=63072000; | ||
+ | |||
+ | # OCSP Stapling --- | ||
+ | # fetch OCSP records from URL in ssl_certificate and cache them | ||
+ | ssl_stapling on; | ||
+ | ssl_stapling_verify off; | ||
+ | # modern configuration. tweak to your needs. | ||
+ | ssl_protocols TLSv1.2; | ||
+ | ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; | ||
+ | ssl_prefer_server_ciphers on; | ||
+ | |||
+ | ssl_session_timeout 1d; | ||
+ | ssl_session_cache shared:SSL:50m; | ||
+ | ssl_session_tickets off; | ||
+ | |||
+ | add_header Strict-Transport-Security max-age=63072000; | ||
+ | add_header X-Frame-Options DENY; | ||
+ | add_header X-Content-Type-Options nosniff; | ||
+ | |||
+ | error_page 500 502 503 504 /50x.html; | ||
+ | location = /50x.html { | ||
+ | root /usr/share/nginx/html; | ||
+ | } | ||
+ | |||
+ | access_log /var/log/nginx/backuppc.access.log; | ||
+ | error_log /var/log/nginx/backuppc.error.log; | ||
+ | |||
+ | location / { | ||
+ | auth_basic "Backup"; | ||
+ | auth_basic_user_file /usr/local/etc/nginx/backuppc.users; | ||
+ | root /usr/share/BackupPC/html; | ||
+ | return 302 http://backup.k2patel.in/cgi-bin/BackupPC_Admin; | ||
+ | index BackupPC.html; | ||
+ | } | ||
+ | |||
+ | location /BackupPC { | ||
+ | alias /usr/share/BackupPC/html; | ||
+ | index BackupPC.html; | ||
+ | } | ||
+ | |||
+ | #location ~\.cgi$ { | ||
+ | location ~ ^/cgi-bin/BackupPC_Admin(/|$) { | ||
+ | auth_basic "Backup"; | ||
+ | auth_basic_user_file /etc/nginx/backuppc.users; | ||
+ | gzip off; | ||
+ | include /etc/nginx/fastcgi_params; | ||
+ | fastcgi_pass localhost:8999; | ||
+ | |||
+ | fastcgi_param REMOTE_ADDR $remote_addr; | ||
+ | fastcgi_param REMOTE_USER $remote_user; | ||
+ | fastcgi_param SCRIPT_FILENAME /usr/share/BackupPC/sbin/BackupPC_Admin; | ||
+ | } | ||
+ | |||
+ | location ~ /\.ht { | ||
+ | deny all; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | </code> | ||
==== Required Third party scripts ==== | ==== Required Third party scripts ==== |