yunohost-oli.ovh-proxy
yunohost-oli.ovh-proxy
yunohost-oli.ovh-proxy
oli.ovh
Ajout domaine oli.ovh (DNS OVH) + certificat letsencrypt
Modification fichier de configuration /etc/nginx/conf.d/oli.ovh.conf pour un accès direct à la maquette A20-Olinuxino-Micro via proxy
Cette maquette peut ne pas être accessible (pas sous tension en permanence)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name oli.ovh;
ssl_certificate /etc/yunohost/certs/oli.ovh/crt.pem;
ssl_certificate_key /etc/yunohost/certs/oli.ovh/key.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
# Ciphers with modern compatibility
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1t&hsts=yes&profile=modern
# Uncomment the following to use modern ciphers, but remove compatibility with some old clients (android < 5.0, Internet Explorer < 10, ...)
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
# Uncomment the following directive after DH generation
# > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
ssl_dhparam /etc/ssl/private/dh4096.pem;
add_header Strict-Transport-Security "max-age=31536000;";
location / {
proxy_pass http://192.168.0.43;
}
location /netdata {
proxy_pass http://192.168.0.43:19999;
}
access_log /var/log/nginx/oli.ovh-access.log;
error_log /var/log/nginx/oli.ovh-error.log;
}
Cet article est sous licence
CC BY 4.0
par l'auteur.