-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathserver_example.conf
41 lines (35 loc) · 1.47 KB
/
server_example.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# Simple nginx reverse-proxy configuration file to go in front of the tracker service
#
# Includes some (not all) settings from https://medium.com/@mvuksano/how-to-properly-configure-your-nginx-for-tls-564651438fe0
# TLSv1.0, v1.1 deprecated
#
# Tested with NGINX 1.16.1, built with:
# headers_more module v0.33
# openssl library version 1.02
# http2
#
#
server {
listen 80;
listen 443 default_server ssl http2;
server_name pmta-signalsdemo.trymsys.net; # put your server name here
ssl_protocols TLSv1.2; # disable older, deprecated protocols
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_certificate /etc/pki/tls/certs/trymsys.net.crt; # choose your own cert bundle & private hey
ssl_certificate_key /etc/pki/tls/private/trymsys.net.key;
ssl_dhparam /etc/pki/tls/certs/dhparam.pem; # use DH params as per above article
# Not doing OSCP stapling yet
# Not enabling HSTS - we want to be liberal in accepting http and https connections
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
keepalive_timeout 70;
# Not using session tickets yet
# SparkPost PowerMTA tracking endpoint - see https://github.com/tuck1s/sparkypmtatracking
location / {
proxy_pass http://localhost:8888;
proxy_set_header X-Real-IP $remote_addr; # This is of interest to the open & click tracker
server_tokens off;
more_set_headers 'Server: msys-http'; # Make this endpoint look like SparkPost
}
}