edit nginx default config code example

Example: default nginx config

server {
    listen 80;
    listen [::]:80;
    index index.html index.htm;
    root /usr/share/nginx/html;
    server_name restuwahyu-tech.com www.restuwahyu-tech.com;
    return 301 https://$host$request_uri;
 
    location / {
       proxy_pass http://nodejs:8080;
    }
 
    location ~ /.well-known/acme-challenge{
      allow all;
      root /usr/share/nginx/html;
    }
}
 
server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2;
     server_name restuwahyu-tech.com;
     index index.html index.htm;
     root /usr/share/nginx/html;
 
     access_log /var/logs/nginx/access;
     error_log /var/logs/nginx/error;
 
     ssl_certificate /etc/nginx/ssl/live/restuwahyu-tech.com/fullchain.pem;
     ssl_certificate_key /etc/nginx/ssl/live/restuwahyu-tech.com/privkey.pem;
     ssl_session_timeout 1d;
     ssl_session_cache shared:SSL:10m;
     ssl_session_tickets off;
     ssl_dhparam /etc/nginx/dhparam/dhparam-2048.pem;
     ssl_buffer_size 8k;
     ssl_protocols TLSv1.2 TLSv1.3;
     ssl_prefer_server_ciphers off;
     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
     ssl_stapling on;
     ssl_stapling_verify on;
 
     add_header X-Frame-Options           "SAMEORIGIN" always;
     add_header X-XSS-Protection          "1; mode=block" always;
     add_header X-Content-Type-Options    "nosniff" always;
     add_header Referrer-Policy           "no-referrer-when-downgrade" always;
     add_header Content-Security-Policy   "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
     add_header Strict-Transport-Security "max-age=63072000" always;
 
     resolver 9.9.9.9;
     resolver_timeout 2s;
 
     location / {
      proxy_pass http://nodejs:8080;
    }

Tags:

Misc Example