docker-compose/authentik
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
authentik/data/nginx/default.conf.template
Philip Henning c237c41457 fix naming for dhparams.pem file
2024-11-19 11:18:46 +01:00

81 lines
2.2 KiB
Text
Raw Blame History

# Upstream where your authentik server is hosted.
upstream authentik {
server https://server:9443;
# Improve performance by keeping some connections alive.
keepalive 10;
}
# Upgrade WebSocket if requested, otherwise use keepalive
map $http_upgrade $connection_upgrade_keepalive {
default upgrade;
'' '';
}
# Server just for serving a health endpoint
server {
listen 127.0.0.1:8181;
server_name localhost;
# replace with the IP address of your resolver
resolver ${NGINX_RESOLVER};
# Handle /health separately without serving any files
location = /health {
access_log off;
default_type text/plain;
return 200 'OK';
}
}
# Redirect to HTTPS
server {
listen ${NGINX_HTTP_PORT};
listen [::]:${NGINX_HTTP_PORT};
server_name ${NGINX_SERVERNAME};
return 302 https://$host$request_uri;
}
# HTTPS Server
server {
listen ${NGINX_HTTPS_PORT} ssl http2;
listen [::]:${NGINX_HTTPS_PORT} ssl http2;
server_name ${NGINX_SERVERNAME};
ssl_certificate /etc/nginx/ssl/certs/sso-base23-de-fullchain-cert.pem;
ssl_certificate_key /etc/nginx/ssl/certs/sso-base23-de-fullchain-key.pem;
ssl_session_timeout ${NGINX_SSL_SESSION_TIMEOUT};
ssl_session_cache ${NGINX_SSL_SESSION_CACHE};
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
# intermediate configuration
ssl_protocols ${NGINX_SSL_PROTOCOLS};
ssl_ciphers ${NGINX_SSL_CIPHERS};
ssl_prefer_server_ciphers ${NGINX_SSL_PREFER_SERVER_CIPHERS};
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
#add_header Strict-Transport-Security ${NGINX_HEADER_STRICT_TRANSPORT_SECURITY};
# OCSP stapling
ssl_stapling ${NGINX_SSL_STAPLING};
ssl_stapling_verify ${NGINX_SSL_STAPLING_VERIFY};
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/nginx/ssl/certs/sso-base23-de-trustchain.pem;
# replace with the IP address of your resolver
resolver ${NGINX_RESOLVER};
client_max_body_size 50m;
location / {
proxy_pass https://authentik;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade_keepalive;
}
}
Reference in a new issue View git blame Copy permalink