proxy_cache_path /var/www/cache levels=1:2 keys_zone=map:8m max_size=1g inactive=24h; server { listen 80; server_name map.gpoc.konpeki.solutions; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name map.gpoc.konpeki.solutions; http2 on; # allow larger file uploads and longer script runtimes #client_max_body_size 100m; #client_body_timeout 120s; #sendfile off; ssl_certificate /etc/letsencrypt/live/map.gpoc.konpeki.solutions/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/map.gpoc.konpeki.solutions/privkey.pem; #ssl_protocols TLSv1.2 TLSv1.3; #ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES2> #ssl_prefer_server_ciphers on; # See https://hstspreload.org/ before uncommenting the line below. # add_header Strict-Transport-Security "max-age=15768000; preload;"; #add_header X-Content-Type-Options nosniff; #add_header X-XSS-Protection "1; mode=block"; #add_header X-Robots-Tag none; #add_header Content-Security-Policy "frame-ancestors 'self'"; #add_header X-Frame-Options DENY; #add_header Referrer-Policy same-origin; #add_header Access-Control-Allow-Origin *; #proxy_set_header Content-Security-Policy upgrade-insecure-requests; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect off; proxy_buffering off; proxy_request_buffering off; location / { proxy_pass http://100.64.4.100:8123/; proxy_set_header Host $host; proxy_cache map; proxy_cache_key "$host$uri"; proxy_cache_valid 200 302 60m; proxy_cache_valid 404 10m; proxy_cache_use_stale error timeout invalid_header updating http_500 http_503 http_504; proxy_connect_timeout 10; } }