server {
listen 86;
server_name box.example.com file.example.com files.example.com pan.example.com;
if ($scheme = http){
return 301 https://$server_name:88$request_uri;
}
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 88 ssl http2;
server_name box.example.com;
error_page 497 301 =307 https://$host:$server_port$request_uri;
ssl_certificate /etc/letsencrypt/live/box.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/box.example.com/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
location / {
proxy_pass http://localhost:8687;
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "";
proxy_max_temp_file_size 0;
proxy_read_timeout 500s;
proxy_connect_timeout 600;
proxy_send_timeout 240;
}
location /api/command/ {
proxy_pass http://localhost:8687;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}