Plusieurs domaines et sous-domaines avec SSL sur un server unique avec NGINX

J'ai besoin de configurer plusieurs domaines sur le même server, tous avec SSL et certains d'entre eux étant des sous-domaines generics.

J'ai les domaines suivants qui indiquent la même IP: projects.acme.com acme.server.com *.acme.server.com

Ils devraient tous avoir SSL. J'ai deux certificates generics différents (un pour *.acme.com et un pour *.server.com – exemples d'exemples generics utilisés ici, de manière évidente).

J'utilise nginx en face et deux servers node.js distincts sur les ports 3001 et 3003 .

Il s'agit d'une nginx config valide pour projects.acme.com , et cela fonctionne parfaitement:

  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } # sx -> server de portail #  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } add_header Access-Control-Allow-Origin * .server.com;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } # limite force brute, ddos  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } limite_req_zone $ binary_remote_addr zone = one: taux 1000m = 5000r / s;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } # l'IP sur laquelle le server de noeud fonctionne  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } portail en amont {  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server localhost: 3001;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } # redirection http / s  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server_name projects.acme.com;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } return 301 https: // $ server_name $ request_uri;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server_name projects.acme.com;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } access_log /var/log/nginx/access.projects.acme.log;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } error_log /var/log/nginx/errors.projects.acme.log;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } ssl_session_cache partagé: SSL: 1m;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } ssl_certificatee /etc/ssl/projects_acme_com.pem;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } ssl_certificatee_key /etc/ssl/projects_acme_com.key;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } ssl_verify_client désactivé;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } client_max_body_size 2000m;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } ssl_ciphers 'AES128 + EECDH: AES128 + EDH';  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } add_header Ssortingct-Transport-Security "max-age = 63072000; includeSubdomains;";  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } proxy_pass http: // portail;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } Traitement # 502  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } location /502.html {  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } root /var/www/server.com/app/public/error;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } 

Cependant, lorsque vous essayez d'append l'autre domaine, acme.server.com et *.acme.server.com , j'ai des erreurs. Tout d'abord, je ne peux pas get le sous-domaine pour pointer vers un autre port. Deuxièmement, je reçois des erreurs de certificate, ERR_INSECURE_RESPONSE .

C'est ce que j'ai essayé de faire:

  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } # sx -> server de portail #  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } add_header Access-Control-Allow-Origin * .server.com;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } # limite force brute, ddos  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } limite_req_zone $ binary_remote_addr zone = one: taux 1000m = 5000r / s;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } # l'IP sur laquelle le server de noeud fonctionne  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } portail en amont {  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server localhost: 3001;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } en amont * .acme.server.com {  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server localhost: 3003;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } # redirection http / s  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server_name projects.acme.com;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } return 301 https: // $ server_name $ request_uri;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server_name projects.acme.com;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } access_log /var/log/nginx/access.projects.acme.log;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } error_log /var/log/nginx/errors.projects.acme.log;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } ssl_session_cache partagé: SSL: 1m;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } ssl_certificatee /etc/ssl/projects_acme_com.pem;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } ssl_certificatee_key /etc/ssl/projects_acme_com.key;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } ssl_verify_client désactivé;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } client_max_body_size 2000m;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } ssl_ciphers 'AES128 + EECDH: AES128 + EDH';  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } add_header Ssortingct-Transport-Security "max-age = 63072000; includeSubdomains;";  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } proxy_pass http: // portail;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } Traitement # 502  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } location /502.html {  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } root /var/www/server.com/app/public/error;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server_name server.com;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } access_log /var/log/nginx/access.acme.server.log;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } error_log /var/log/nginx/errors.acme.server.log;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } ssl_session_cache partagé: SSL: 1m;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } ssl_certificatee /etc/ssl/server_com.crt;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } ssl_certificatee_key /etc/ssl/server_com.key;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } ssl_verify_client désactivé;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } client_max_body_size 2000m;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } ssl_ciphers 'AES128 + EECDH: AES128 + EDH';  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } add_header Ssortingct-Transport-Security "max-age = 63072000; includeSubdomains;";  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } Traitement # 502  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } location /502.html {  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } root /var/www/server.com/app/public/error;  ###################################################### # sx -> portal server # ###################################################### proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header Access-Control-Allow-Origin *.server.com; proxy_redirect off; proxy_ssl_session_reuse off; # limit brute force, ddos limit_req_zone $binary_remote_addr zone=one:1000m rate=5000r/s; # the IP on which the node server is running upstream portal { server localhost:3001; } upstream *.acme.server.com { server localhost:3003; } # http/s redirect server { listn 80; server_name projects.acme.com; return 301 https://$server_name$request_uri; } # the nginx server instance server { listn 443 ssl; server_name projects.acme.com; access_log /var/log/nginx/access.projects.acme.log; error_log /var/log/nginx/errors.projects.acme.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/projects_acme_com.pem; ssl_certificatee_key /etc/ssl/projects_acme_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://portal; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } server { listn 443 ssl; server_name server.com; access_log /var/log/nginx/access.acme.server.log; error_log /var/log/nginx/errors.acme.server.log; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl on; ssl_certificatee /etc/ssl/server_com.crt; ssl_certificatee_key /etc/ssl/server_com.key; ssl_verify_client off; limit_req zone=one burst=5; client_max_body_size 2000m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'AES128+EECDH:AES128+EDH'; add_header Ssortingct-Transport-Security "max-age=63072000; includeSubdomains;"; location / { proxy_pass http://127.0.0.1:3003; } # 502 handling error_page 502 /502.html; location /502.html { root /var/www/server.com/app/public/error; } } 

Cela ne fonctionne pas. Ce qui fonctionne, cependant, est d'append un location au premier bloc de server , avec /tiles/ etc – qui envoie effectivement une requête au port correct, mais je dois utiliser les sous-domaines (et sous-sous-domaines).

Des remarques très appréciées!

Si vos clients prennent en charge SNI , vous pouvez créer plusieurs virtualhosts sur le même port 443 de la même adresse IP et l'utiliser de cette façon. Lorsque la base d'utilisation de Windows XP diminue, vos clients peuvent utiliser l'un des OS / browsers modernes.

Youb a également probablement oublié de passer l'en-tête Host vers le backend avec proxy_set_header Host $host , au cas où votre backend l'a besoin (par exemple si vos backends sont des apaches configurés sur le même port).