From b1cf368e5b8706a2fc26d0fe0516598ed4d17c93 Mon Sep 17 00:00:00 2001 From: Alex Thomassen Date: Wed, 22 Apr 2020 12:10:09 +0200 Subject: [PATCH] [NGINX] Legg til configs for NGINX --- NGINX/grafana.conf | 48 ++++++++++++++++++++++++++++++++++++++++++++++ NGINX/zabbix.conf | 47 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 95 insertions(+) create mode 100644 NGINX/grafana.conf create mode 100644 NGINX/zabbix.conf diff --git a/NGINX/grafana.conf b/NGINX/grafana.conf new file mode 100644 index 0000000..965267e --- /dev/null +++ b/NGINX/grafana.conf @@ -0,0 +1,48 @@ +server { + listen 80; + listen [::]:80; + + # Fortell nettleseren at den skal gå til HTTPS-siden i stedet for + server_name grafana.hovedprosjekt.no; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name grafana.hovedprosjekt.no; + root /var/www/html; + + # Sertifikat for å ha gyldig HTTPS + ssl_certificate /srv/ssl/grafana/fullchain.pem; + ssl_certificate_key /srv/ssl/grafana/key.pem; + + server_tokens off; + + # Diverse HTTP headere for bedre sikkerhet + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + + index index.nginx-debian.html index.html index.htm; + + charset utf-8; + + # Fortell NGINX at den skal videresende + # forespørsler til loopback på port 3000. + location / { + proxy_pass http://127.0.0.1:3000; + include proxy_params; + } + + location = /favicon.ico { access_log off; log_not_found off; } + location = /robots.txt { access_log off; log_not_found off; } + + access_log /var/log/nginx/grafana.hovedprosjekt.no-access.log combined; + error_log /var/log/nginx/grafana.hovedprosjekt.no-error.log error; + + location ~ /\.ht { + deny all; + } +} \ No newline at end of file diff --git a/NGINX/zabbix.conf b/NGINX/zabbix.conf new file mode 100644 index 0000000..c8c587f --- /dev/null +++ b/NGINX/zabbix.conf @@ -0,0 +1,47 @@ +server { + listen 80; + listen [::]:80; + + # Fortell nettleseren at den skal gå til HTTPS-siden i stedet for + server_name zabbix.hovedprosjekt.no; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name zabbix.hovedprosjekt.no; + root /var/www/html; + + # Sertifikat for å ha gyldig HTTPS + ssl_certificate /srv/ssl/zabbix/fullchain.pem; + ssl_certificate_key /srv/ssl/zabbix/key.pem; + + server_tokens off; + # Diverse HTTP headere for bedre sikkerhet + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + + index index.nginx-debian.html index.html index.htm; + + charset utf-8; + + # Fortell NGINX at den skal videresende + # forespørsler til loopback på port 8080. + location / { + proxy_pass http://127.0.0.1:8080; + include proxy_params; + } + + location = /favicon.ico { access_log off; log_not_found off; } + location = /robots.txt { access_log off; log_not_found off; } + + access_log /var/log/nginx/zabbix.hovedprosjekt.no-access.log combined; + error_log /var/log/nginx/zabbix.hovedprosjekt.no-error.log error; + + location ~ /\.ht { + deny all; + } +} \ No newline at end of file