Minecraft/WebNationsGlory_ServeurBuild_Red
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
WebNationsGlory_ServeurBuil…/nginx.conf.example

119 lines
3.9 KiB
Plaintext
Raw Permalink Blame History

# ====================================
# Configuration Nginx - NationsGlory Web Admin
# ====================================
#
# Ce fichier fournit une configuration exemple pour utiliser nginx
# comme reverse proxy devant l'application web admin.
#
# Avantages :
# - Support HTTPS/SSL
# - Cache des assets statiques
# - Compression gzip
# - Sécurité renforcée
#
# Installation :
# 1. Copiez ce fichier dans /etc/nginx/sites-available/nationsglory
# 2. Modifiez les domaines et chemins SSL
# 3. Créez le lien symbolique : ln -s /etc/nginx/sites-available/nationsglory /etc/nginx/sites-enabled/
# 4. Testez : nginx -t
# 5. Rechargez : systemctl reload nginx
# Redirection HTTP vers HTTPS
server {
listen 80;
listen [::]:80;
server_name votre-domaine.com www.votre-domaine.com;
# Redirection vers HTTPS
return 301 https://$server_name$request_uri;
}
# Configuration HTTPS
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name votre-domaine.com www.votre-domaine.com;
# Certificats SSL (Let's Encrypt ou autre)
ssl_certificate /etc/letsencrypt/live/votre-domaine.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/votre-domaine.com/privkey.pem;
# Configuration SSL moderne et sécurisée
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# HSTS (optionnel mais recommandé)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# Sécurité supplémentaire
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# Logs
access_log /var/log/nginx/nationsglory-access.log;
error_log /var/log/nginx/nationsglory-error.log;
# Taille maximale des uploads (pour les backups)
client_max_body_size 500M;
# Proxy vers l'application Node.js
location / {
proxy_pass http://localhost:4001;
proxy_http_version 1.1;
# Headers pour le proxy
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# Support WebSocket (si nécessaire dans le futur)
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# Cache des assets statiques
location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot)$ {
proxy_pass http://localhost:4001;
proxy_cache_valid 200 7d;
expires 7d;
add_header Cache-Control "public, immutable";
}
# Compression gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
}
# Configuration alternative : Accès par sous-domaine
# Décommentez si vous voulez utiliser admin.votre-domaine.com
#
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name admin.votre-domaine.com;
#
# ssl_certificate /etc/letsencrypt/live/votre-domaine.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/votre-domaine.com/privkey.pem;
#
# # Même configuration que ci-dessus
# location / {
# proxy_pass http://localhost:4001;
# # ... (même configuration proxy)
# }
# }
Reference in New Issue View Git Blame Copy Permalink