# <%= domain %> proxy config # Set the max size for file uploads client_max_body_size 100M; # SNI Configuration server { listen 443 default; server_name _; ssl on; ssl_certificate /etc/ssl/certs/blank.crt; ssl_certificate_key /etc/ssl/private/blank.pem; return 403; } server { # see config tips at # http://blog.taragana.com/index.php/archive/nginx-hacking-tips/ # Don't log anything access_log /dev/null; error_log /dev/null; # simple reverse-proxy listen 80; server_name *.<%= domain %> <%= domain %> # enable HSTS header add_header Strict-Transport-Security "max-age=15768000; includeSubdomains"; # https redirection by default rewrite ^(.*) https://$host$1 redirect; # rewrite rules for backups.<%= domain %> #if ($host ~* ^backups\.<%= domain %>$) { # rewrite ^(.*) https://$host$1 redirect; # break; #} # rewrite rules for admin.<%= domain %> #if ($host ~* ^admin\.<%= domain %>$) { # rewrite ^(.*) https://$host$1 redirect; # break; #} # rewrite rules for munin.<%= domain %> #if ($host ~* ^munin\.<%= domain %>$) { # rewrite ^(.*) https://$host$1 redirect; # break; #} # rewrite rules for trac.<%= domain %> #if ($host ~* ^trac\.<%= domain %>$) { # rewrite ^(.*) https://$host$1 redirect; # break; #} # rewrite rules for nagios.<%= domain %> #if ($host ~* ^nagios\.<%= domain %>$) { # rewrite ^(.*) https://$host$1 redirect; # break; #} # rewrite rules for htpasswd.<%= domain %> #if ($host ~* ^htpasswd\.<%= domain %>$) { # rewrite ^(.*) https://$host$1 redirect; # break; #} # rewrite rules for postfixadmin.<%= domain %> #if ($host ~* ^postfixadmin\.<%= domain %>$) { # rewrite ^(.*) https://$host$1 redirect; # break; #} # rewrite rules for mail.<%= domain %> #if ($host ~* ^mail\.<%= domain %>$) { # rewrite ^(.*) https://$host$1 redirect; # break; #} # rewrite rules for lists.<%= domain %> #if ($host ~* ^lists\.<%= domain %>$) { # rewrite ^(.*) https://$host$1 redirect; # break; #} # pass requests for dynamic content location / { proxy_set_header Host $http_host; proxy_pass http://weblocal:80; } } server { # https reverse proxy listen 443; server_name *.<%= domain %> <%= domain %>; # Don't log anything access_log /dev/null; error_log /dev/null; ssl on; ssl_certificate /etc/ssl/certs/cert.crt; ssl_certificate_key /etc/ssl/private/cert.pem; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH; ssl_prefer_server_ciphers on; ssl_dhparam /etc/ssl/dhparams/dhparams_2048.pem; # Set the max size for file uploads client_max_body_size 100M; location / { # preserve http header and set forwarded proto proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto https; proxy_read_timeout 120; proxy_connect_timeout 120; # rewrite rules for admin.<%= domain %> if ($host ~* ^admin\.<%= domain %>$) { proxy_pass http://admin:80; break; } # rewrite rules for munin.<%= domain %> if ($host ~* ^munin\.<%= domain %>$) { proxy_pass http://admin:80; break; } # rewrite rules for trac.<%= domain %> if ($host ~* ^trac\.<%= domain %>$) { proxy_pass http://admin:80; break; } # rewrite rules for nagios.<%= domain %> if ($host ~* ^nagios\.<%= domain %>$) { proxy_pass http://admin:80; break; } # rewrite rules for postfixadmin.<%= domain %> if ($host ~* ^postfixadmin\.<%= domain %>$) { proxy_pass http://mail:80; break; } # rewrite rules for mail.<%= domain %> if ($host ~* ^mail\.<%= domain %>$) { proxy_pass http://mail:80; break; } # rewrite rules for lists.<%= domain %> if ($host ~* ^lists\.<%= domain %>$) { proxy_pass http://mail:80; break; } # default proxy pass proxy_pass http://weblocal:80; } }