map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 443 ssl; # for nginx v1.25.1+ access_log /var/log/nginx/ns.grenu4.ru_access.log main; error_log /var/log/nginx/ns.grenu4.ru_error.log notice; http2 on; # uncomment to enable HTTP/2 - supported on nginx v1.25.1+ http3 on; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ quic_retry on; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ add_header Alt-Svc 'h3=":443"; ma=86400'; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ listen 443 quic reuseport; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport # listen [::]:443 quic reuseport; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport - keep comment to disable IPv6 server_name ns.grenu4.ru; location / { proxy_pass http://127.0.0.1:11000$request_uri; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Accept-Encoding ""; # proxy_set_header Host $host; client_body_buffer_size 512k; proxy_read_timeout 86400s; client_max_body_size 0; # Websocket proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } ssl_certificate /etc/letsencrypt/live/ns.grenu4.ru/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ns.grenu4.ru/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; ssl_prefer_server_ciphers on; } server { listen 18443 ssl; server_name ns.grenu4.ru; access_log /var/log/nginx/aio_ns.grenu4.ru_access.log main; error_log /var/log/nginx/aio_ns.grenu4.ru_error.log notice; ssl_certificate /etc/letsencrypt/live/ns.grenu4.ru/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ns.grenu4.ru/privkey.pem; allow 77.91.87.36; # vpn allow 37.18.26.66; # mrakomaks kwork allow 212.124.20.138; # mrakomaks kwork deny all; proxy_read_timeout 300; proxy_connect_timeout 300; proxy_send_timeout 300; location / { proxy_pass https://127.0.0.1:18080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Protocol $scheme; } }