mirrors
/
wekan
mirror of https://github.com/wekan/wekan.git


			
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192
							user  www-data;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    map $http_host $this_host {
        "" $host;
        default $http_host;
    }

    map $http_x_forwarded_proto $the_scheme {
        default $http_x_forwarded_proto;
        "" $scheme;
    }

    map $http_x_forwarded_host $the_host {
       default $http_x_forwarded_host;
       "" $this_host;
    }

    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

    server {
   	listen 80;
	listen 443 ssl;

	if ($scheme = http) {
  	    rewrite ^ https://$host$request_uri? permanent;
	}


  ssl_certificate /etc/nginx/ssl/server.crt;
	ssl_certificate_key /etc/nginx/ssl/server.key;


	ssl_protocols TLSv1.2;	
	ssl_prefer_server_ciphers on;
	ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES;

	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 10m;

	ssl_ecdh_curve sect571r1:secp521r1:brainpoolP512r1:secp384r1;
	add_header Strict-Transport-Security "max-age=31536000; preload";

        # Add headers to serve security related headers
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;

	add_header Referrer-Policy "same-origin";

        root /var/www/html;
        client_max_body_size 10G; # 0=unlimited - set max upload size
        fastcgi_buffers 64 4K;

        gzip off;

	location / {
		proxy_pass http://wekan:8080;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $connection_upgrade;
		proxy_set_header X-Forwarded-For $remote_addr;
	}
    }
}