summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example')
-rw-r--r--net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example78
1 files changed, 0 insertions, 78 deletions
diff --git a/net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example b/net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example
deleted file mode 100644
index b233911a2f1d..000000000000
--- a/net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example
+++ /dev/null
@@ -1,78 +0,0 @@
-upstream backend {
- server 127.0.0.1:9392;
- keepalive 64;
-}
-
-server {
- listen IP:80;
- server_name openvas.domain.tdl;
- return 301 https://openvas.domain.tdl$request_uri;
-}
-
-server {
- listen IP:443 ssl http2;
- server_name openvas.domain.tdl;
- access_log /var/log/nginx/openvas.domain.tdl.access.log;
- error_log /var/log/nginx/openvas.domain.tdl.error.log;
- # Not sourcing directly from file
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param QUERY_STRING $query_string;
- fastcgi_param REQUEST_METHOD $request_method;
- fastcgi_param CONTENT_TYPE $content_type;
- fastcgi_param CONTENT_LENGTH $content_length;
- fastcgi_param SCRIPT_NAME $fastcgi_script_name;
- fastcgi_param REQUEST_URI $request_uri;
- fastcgi_param DOCUMENT_URI $document_uri;
- fastcgi_param SERVER_PROTOCOL $server_protocol;
- fastcgi_param REQUEST_SCHEME $scheme;
- fastcgi_param HTTPS $https;
- fastcgi_param GATEWAY_INTERFACE CGI/1.1;
- fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
- fastcgi_param REMOTE_ADDR $remote_addr;
- fastcgi_param REMOTE_PORT $remote_port;
- fastcgi_param SERVER_ADDR $server_addr;
- fastcgi_param SERVER_PORT $server_port;
- fastcgi_param SERVER_NAME $server_name;
- fastcgi_param REDIRECT_STATUS 200;
- fastcgi_param HTTP_PROXY "";
- fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
- fastcgi_param DOCUMENT_ROOT $document_root;
-
- location / {
- proxy_set_header Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header REMOTE_HOST $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-FORWARDED-PROTOCOL $scheme;
- proxy_pass https://backend;
- proxy_http_version 1.1;
- proxy_pass_request_headers on;
- proxy_set_header Connection "keep-alive";
- proxy_store off;
- gzip on;
- gzip_proxied any;
- gzip_types *;
- }
-
- resolver 127.0.0.1;
- resolver_timeout 6s;
- ssl_certificate /openvas.domain.tdl/fullchain.pem;
- ssl_certificate_key /openvas.domain.tdl/privkey.pem;
- ssl_trusted_certificate /openvas.domain.tdl/chain.pem;
- ssl_dhparam /openvas.domain.tdl/dhparam.pem;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
- ssl_ecdh_curve secp384r1;
- ssl_stapling on;
- ssl_stapling_verify on;
- ssl_session_cache shared:SSL:40m;
- ssl_session_timeout 21h;
- ssl_session_tickets off;
- ssl_buffer_size 4k;
- add_header Referrer-Policy no-referrer-when-downgrade;
- add_header X-Frame-Options "SAMEORIGIN";
- add_header X-Content-Type-Options "nosniff";
- add_header X-XSS-Protection "1; mode=block";
-}