Created
October 14, 2019 03:22
-
-
Save minardo/bd96e89fd5b830a85e8952a83341e288 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##odoo backend## | |
| upstream odooerp { | |
| server 127.0.0.1:8015 weight=1 fail_timeout=0; | |
| } | |
| upstream odooerp-im { | |
| server 127.0.0.1:8072 weight=1 fail_timeout=0; | |
| } | |
| ##https site## | |
| server { | |
| listen 443 ssl; #443 ssl http2; | |
| listen [::]:443 ssl; #[::]:443 ssl http2; | |
| server_name 125.213.128.219; | |
| # root /usr/share/nginx/html; | |
| # index index.html index.htm; | |
| ##log files## | |
| access_log /var/log/nginx/domain.com.access.log; | |
| error_log /var/log/nginx/domain.com.error.log; | |
| ##ssl files## | |
| ssl_ciphers ALL:!ADH:!MD5:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_prefer_server_ciphers on; | |
| ssl_certificate /etc/nginx/ssl/domain.com.crt; | |
| ssl_certificate_key /etc/nginx/ssl/domain.com.key; | |
| ##proxy buffers## | |
| proxy_buffers 16 64k; | |
| proxy_buffer_size 128k; | |
| ##timeouts## | |
| proxy_read_timeout 720s; | |
| proxy_connect_timeout 720s; | |
| proxy_send_timeout 720s; | |
| ##security headers# | |
| server_tokens off; | |
| add_header Strict-Transport-Security: "max-age=16070400; includeSubDomains;" always; | |
| add_header Content-Security-Policy: "default-src 'self';"; | |
| add_header X-Frame-Options "SAMEORIGIN"; | |
| add_header X-Content-Type-Options nosniff; | |
| add_header Referrer-Policy no-referrer; | |
| add_header Feature-Policy "vibrate 'none'; geolocation 'none';"; | |
| add_header X-XSS-Protection: "1; mode=block"; | |
| add_header X-Permitted-Cross-Domain-Policies: none; | |
| proxy_cookie_path / "/; HTTPOnly; Secure"; | |
| proxy_pass_header Server; | |
| ##odoo proxypass with https## | |
| location / { | |
| proxy_pass http://odooerp; | |
| ##force timeouts if the backend dies## | |
| proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; | |
| proxy_redirect off; | |
| ##set headers## | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto https; | |
| } | |
| location /longpolling/ { | |
| proxy_pass http://odooerp-im; | |
| ##force timeouts if the backend dies## | |
| proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; | |
| proxy_redirect off; | |
| ##set headers## | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto https; | |
| } | |
| ##cache some static data in memory for 60mins## | |
| location ~* /web/static/ { | |
| proxy_cache_valid 200 60m; | |
| proxy_buffering on; | |
| expires 864000; | |
| proxy_pass http://odooerp; | |
| } | |
| ##gzip## | |
| gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript; | |
| gzip on; | |
| gzip_vary on; | |
| } | |
| ##http redirects to https## | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name yourIP; | |
| return 301 https://domain.com$request_uri; | |
| # rewrite ^/.*$ https://$host$request_uri? permanent; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment