tradewind/nginx-conf
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nginx-conf/sites-available/bitwarden

65 lines
2.0 KiB
Plaintext
Raw Blame History

# generated 2024-06-16, Mozilla Guideline v5.7, nginx 1.18.0, OpenSSL 3.0.2, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=modern&openssl=3.0.2&guideline=5.7
server {
listen 80;
listen [::]:80;
server_name bitwarden.tradewind.vip;
location / {
return 301 https://$host$request_uri;
}
}
# 配置上游服务列表
upstream backend_servers {
# 下面的 server 可以是你的多个后端服务,比如负载均衡后的几个实例
server router.tradewind.vip:10060;
# 可以添加更多的服务以实现更健壮的容错和负载均衡
# 设置健康检查参数
health_check;
health_check_port 10060; #需要确保健康检查的端口与访问端口相同
health_check_interval 2s; # 检查间隔
health_check_timeout 1s; # 超时时间,一般可以做得比较短
health_check_max_fails 1; # 失败多少次才认为服务不健康,可根据实际情况调整
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name bitwarden.tradewind.vip;
# Allow large attachments
client_max_body_size 128M;
location / {
set $router "backend_servers";
proxy_set_header Host $host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 现在使用upstream定义的后端服务
proxy_pass http://$router;
}
ssl_certificate /etc/letsencrypt/live/tradewind.vip/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tradewind.vip/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# replace with the IP address of your resolver
resolver 223.5.5.5;
}
Reference in New Issue View Git Blame Copy Permalink