server { listen 80; server_name pan.uenpay.com; server_tokens off; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name pan.uenpay.com; client_max_body_size 8192m; ssl_certificate /etc/nginx/ssl/uenpay.com.pem; ssl_certificate_key /etc/nginx/ssl/uenpay.com.key; # server_tokens off; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_timeout 1d; ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; #add_header Referrer-Policy "no-referrer" always; #add_header X-Content-Type-Options "nosniff" always; #add_header X-Download-Options "noopen" always; #add_header X-Frame-Options "SAMEORIGIN" always; #add_header X-Permitted-Cross-Domain-Policies "none" always; #add_header X-Robots-Tag "none" always; #add_header X-XSS-Protection "1; mode=block" always; #fastcgi_hide_header X-Powered-By; add_header Strict-Transport-Security 'max-age=15552000'; location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } # fastcgi_buffers 64K; gzip on; gzip_vary on; gzip_comp_level 3; gzip_min_length 1024; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:8180; } }