1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-25 12:45:18 +01:00
bitwarden-server/util/Setup/Templates/NginxConfig.hbs
2018-08-31 12:55:54 -04:00

117 lines
2.9 KiB
Handlebars

######################################################################
# WARNING: This file is generated. Do not make changes to this file. #
# They will be overwritten on update. #
######################################################################
server {
listen 8080 default_server;
listen [::]:8080 default_server;
server_name {{{Domain}}};
{{#if Ssl}}
return 301 {{{Url}}}$request_uri;
}
server {
listen 8443 ssl http2;
listen [::]:8443 ssl http2;
server_name {{{Domain}}};
ssl_certificate {{{CertificatePath}}};
ssl_certificate_key {{{KeyPath}}};
ssl_session_timeout 30m;
ssl_session_cache shared:SSL:20m;
ssl_session_tickets off;
{{#if DiffieHellmanPath}}
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam {{{DiffieHellmanPath}}};
{{/if}}
ssl_protocols {{{SslProtocols}}};
ssl_ciphers "{{{SslCiphers}}}";
# Enables server-side protection from BEAST attacks
ssl_prefer_server_ciphers on;
{{#if CaPath}}
# OCSP Stapling ---
# Fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
# Verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate {{{CaPath}}};
resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=300s;
{{/if}}
include /etc/nginx/security-headers-ssl.conf;
{{/if}}
location / {
proxy_pass http://web:5000/;
include /etc/nginx/security-headers.conf;
{{#if Ssl}}
include /etc/nginx/security-headers-ssl.conf;
{{/if}}
add_header Content-Security-Policy "{{{ContentSecurityPolicy}}}";
}
location = /app-id.json {
proxy_pass http://web:5000/app-id.json;
include /etc/nginx/security-headers.conf;
{{#if Ssl}}
include /etc/nginx/security-headers-ssl.conf;
{{/if}}
proxy_hide_header Content-Type;
add_header Content-Type $fido_content_type;
}
location = /duo-connector.html {
proxy_pass http://web:5000/duo-connector.html;
include /etc/nginx/security-headers.conf;
{{#if Ssl}}
include /etc/nginx/security-headers-ssl.conf;
{{/if}}
add_header X-Frame-Options "";
}
location = /u2f-connector.html {
proxy_pass http://web:5000/u2f-connector.html;
include /etc/nginx/security-headers.conf;
{{#if Ssl}}
include /etc/nginx/security-headers-ssl.conf;
{{/if}}
add_header X-Frame-Options "";
}
location /attachments/ {
proxy_pass http://attachments:5000/;
}
location /api/ {
proxy_pass http://api:5000/;
}
location /identity/ {
proxy_pass http://identity:5000/;
}
location /icons/ {
proxy_pass http://icons:5000/;
}
location /notifications/ {
proxy_pass http://notifications:5000/;
}
location /notifications/hub {
proxy_pass http://notifications:5000/hub;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}
location /admin {
proxy_pass http://admin:5000;
}
}