Página inicial Explorar Ajuda
Registrar Entrar
ANALYTIKDATA
/
automated-office
4
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Tree: dca0981795
Branches Tags
automated-offic...
/
config
/
nginx
/
sites-available
/
paperless

paperless 2.1 KB
Histórico Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. upstream paperless_upstream {
    2. 

  2.     server 172.18.0.4:8000;  # SICHERSTELLEN, DASS DIES DIE KORREKTE IP UND DER PORT IST
    3. 

  3. }
    4. 

  4. 

  5. server {
    6. 

  6.     listen 80;
    7. 

  7.     server_name docs.mrx8086.com;
    8. 

  8.     return 301 https://$host$request_uri;
    9. 

  9. }
    10. 

  10. 

  11. server {
    12. 

  12.     listen 443 ssl;
    13. 

  13.     server_name docs.mrx8086.com;
    14. 

  14. 

  15.     # SSL Configuration
    16. 

  16.     ssl_certificate /etc/nginx/ssl/mrx8086.com/fullchain.pem;
    17. 

  17.     ssl_certificate_key /etc/nginx/ssl/mrx8086.com/privkey.pem;
    18. 

  18. 

  19.     ssl_protocols TLSv1.2 TLSv1.3;
    20. 

  20.     ssl_prefer_server_ciphers on;
    21. 

  21.     ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305';
    22. 

  22.     ssl_session_timeout 1d;
    23. 

  23.     ssl_session_cache shared:MozSSL:10m;
    24. 

  24.     ssl_session_tickets off;
    25. 

  25. 

  26.     # Security headers
    27. 

  27.     add_header X-Content-Type-Options nosniff always;
    28. 

  28.     add_header X-XSS-Protection "1; mode=block" always;
    29. 

  29.     add_header X-Frame-Options SAMEORIGIN always;
    30. 

  30.     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    31. 

  31.     add_header Content-Security-Policy "frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self'; media-src 'self';" always;
    32. 

  32. 

  33.     # Proxy settings
    34. 

  34.     proxy_set_header X-Real-IP $remote_addr;
    35. 

  35.     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    36. 

  36.     proxy_set_header X-Forwarded-Proto $scheme;
    37. 

  37.     proxy_set_header X-Forwarded-Host $host;
    38. 

  38.     proxy_set_header X-Forwarded-Port 443;
    39. 

  39.     proxy_set_header Host $host;
    40. 

  40.     proxy_http_version 1.1;
    41. 

  41. 

  42.     # Paperless specific settings
    43. 

  43.     client_max_body_size 512M;
    44. 

  44.     fastcgi_buffers 64 4K;
    45. 

  45. 

  46.     # Root location
    47. 

  47.     location / {
    48. 

  48.         proxy_pass http://paperless_upstream;
    49. 

  49.         proxy_set_header Upgrade $http_upgrade;
    50. 

  50.         proxy_set_header Connection "upgrade";
    51. 

  51.         proxy_connect_timeout 60s;
    52. 

  52.         proxy_send_timeout 60s;
    53. 

  53.         proxy_read_timeout 60s;
    54. 

  54.     }
    55. 

  55. 

  56.     # Deny access to hidden files
    57. 

  57.     location ~ /\. {
    58. 

  58.         deny all;
    59. 

  59.         return 404;
    60. 

  60.     }
    61. 

  61. }
    62.