diff --git a/nginx/gate-content-asset.conf b/nginx/gate-content-asset.conf index ee01026..b479a71 100644 --- a/nginx/gate-content-asset.conf +++ b/nginx/gate-content-asset.conf @@ -1,19 +1,30 @@ -#origin git@github.com:ToywheelDev/gamewheel-gate.git server { - listen 80; + listen 80; + return 301 https://$server_name$request_uri; +} - server_name gate.gamewheel.local content.gamewheel.local asset.gamewheel.local; +server { + listen 443 ssl; - root /usr/share/gamewheel/gate; + include /etc/nginx/ssl.conf; - location / { - proxy_pass_request_headers on; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-NginX-Proxy true; - proxy_pass http://127.0.0.1:3115; - proxy_ssl_session_reuse off; - proxy_set_header Host $http_host; - proxy_redirect off; - } -} \ No newline at end of file + location / { + #auth_basic "Restricted"; #For Basic Auth + #auth_basic_user_file /etc/nginx/.htpasswd; #For Basic Auth + + # redirect all HTTP traffic to userInterface1 + proxy_pass http://127.0.1:3115; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # WebSocket support (nginx 1.4) + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Path rewriting + rewrite /(.*) /$1 break; + proxy_redirect off; + } +} diff --git a/nginx/ssl.conf b/nginx/ssl.conf new file mode 100644 index 0000000..1e100c3 --- /dev/null +++ b/nginx/ssl.conf @@ -0,0 +1,6 @@ + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + ssl_session_timeout 5m; + ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; + ssl_prefer_server_ciphers on;