vbmcpy · December 13, 2023 20:16
diff --git a/gistfile1.txt b/gistfile1.txt
 server {
 	listen 8081;
 	listen [::]:8081;

 	listen 443 ssl http2;
 	listen [::]:443 ssl http2;
 	ssl_certificate /etc/letsencrypt/live/dominio/fullchain.pem; # managed by Certbot
 	ssl_certificate_key /etc/letsencrypt/live/dominio/privkey.pem; # managed by Certbot
 	ssl_trusted_certificate /etc/letsencrypt/live/dominio/chain.pem;

 	# Improve HTTPS performance with session resumption
 	ssl_session_cache shared:SSL:10m;
 	ssl_session_timeout 5m;

 	# Enable server-side protection against BEAST attacks
 	ssl_prefer_server_ciphers on;
 	ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

 	# Disable SSLv3
 	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

 	# Diffie-Hellman parameter for DHE ciphersuites
 	# $ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
 	ssl_dhparam /etc/ssl/certs/dhparam.pem;

 	# Enable HSTS (https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security)
 	add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";

 	# Enable OCSP stapling (http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox)
 	ssl_stapling on;
 	ssl_stapling_verify on;
 	resolver 8.8.8.8 8.8.4.4 valid=300s;
 	resolver_timeout 5s;

 	# Add index.php to the list if you are using PHP
 	index index.html index.htm index.nginx-debian.html index.php;

 	server_name meuapp2.dominio.com;

 	location = /favicon.ico { access_log off; log_not_found off; }
 	
 	location /static/ {
                root /home/user/meuapp2;
                add_header Content-Type text/css;

        }
    location /media {
                    	alias /home/user/meuapp2/media/;
                }

 	location / {
 		include proxy_params;
 		proxy_pass http://unix:/run/gunicorn_meuapp2.sock;
 	}

 	# deny access to .htaccess files, if Apache's document root
 	# concurs with nginx's one
 	#
 	location ~ /\.ht {
 		deny all;
 	}

 	location ~ /\. {
 		access_log off;
 		log_not_found off;
 		deny all;
 	}

 	gzip on;
 	gzip_disable "msie6";

 	gzip_comp_level 6;
 	gzip_min_length 1100;
 	gzip_buffers 4 32k;
 	gzip_proxied any;
 	gzip_types
 		text/plain
 		text/css
 		text/js
 		text/xml
 		text/javascript
 		application/javascript
 		application/x-javascript
 		application/json
 		application/xml
 		application/rss+xml
 		image/svg+xml;

 	  access_log on;
 	access_log  /var/log/nginx/meuapp2.log;
 	error_log   /var/log/nginx/meuapp2-error.log;
 }
	server {
	listen 8081;
	listen [::]:8081;

	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	ssl_certificate /etc/letsencrypt/live/dominio/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/dominio/privkey.pem; # managed by Certbot
	ssl_trusted_certificate /etc/letsencrypt/live/dominio/chain.pem;

	# Improve HTTPS performance with session resumption
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 5m;

	# Enable server-side protection against BEAST attacks
	ssl_prefer_server_ciphers on;
	ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

	# Disable SSLv3
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

	# Diffie-Hellman parameter for DHE ciphersuites
	# $ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
	ssl_dhparam /etc/ssl/certs/dhparam.pem;

	# Enable HSTS (https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security)
	add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";

	# Enable OCSP stapling (http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox)
	ssl_stapling on;
	ssl_stapling_verify on;
	resolver 8.8.8.8 8.8.4.4 valid=300s;
	resolver_timeout 5s;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html index.php;

	server_name meuapp2.dominio.com;

	location = /favicon.ico { access_log off; log_not_found off; }

	location /static/ {
	root /home/user/meuapp2;
	add_header Content-Type text/css;

	}
	location /media {
	alias /home/user/meuapp2/media/;
	}

	location / {
	include proxy_params;
	proxy_pass http://unix:/run/gunicorn_meuapp2.sock;
	}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	location ~ /\.ht {
	deny all;
	}

	location ~ /\. {
	access_log off;
	log_not_found off;
	deny all;
	}

	gzip on;
	gzip_disable "msie6";

	gzip_comp_level 6;
	gzip_min_length 1100;
	gzip_buffers 4 32k;
	gzip_proxied any;
	gzip_types
	text/plain
	text/css
	text/js
	text/xml
	text/javascript
	application/javascript
	application/x-javascript
	application/json
	application/xml
	application/rss+xml
	image/svg+xml;

	access_log on;
	access_log /var/log/nginx/meuapp2.log;
	error_log /var/log/nginx/meuapp2-error.log;
	}
No results found