exchange-nginx.conf.j2 (1311B)
1 server { 2 3 listen 443 ssl; 4 listen [::]:443 ssl; 5 6 # Do not identify as nginx 7 server_tokens off; 8 server_name {{ exchange_domain }}; 9 10 {%if exchange_use_letsencrypt %} 11 ssl_certificate /etc/letsencrypt/live/exchange/fullchain.pem; 12 ssl_certificate_key /etc/letsencrypt/live/exchange/privkey.pem; 13 ssl_trusted_certificate /etc/letsencrypt/live/exchange/chain.pem; 14 {% else %} 15 ssl_certificate /etc/nginx/ssl/taler-exchange.crt; 16 ssl_certificate_key /etc/nginx/ssl/taler-exchange.key; 17 {% endif %} 18 19 20 ssl_prefer_server_ciphers on; 21 ssl_session_cache shared:SSL:10m; 22 ssl_dhparam /etc/ssl/private/dhparam.pem; 23 ssl_protocols TLSv1.3 TLSv1.2; 24 ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; 25 26 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; 27 28 # Bigger than default timeout to support long polling 29 proxy_read_timeout 6500s; 30 keepalive_requests 1000000; 31 keepalive_timeout 6500s; 32 33 error_log /var/log/nginx/{{ exchange_domain }}.err; 34 access_log /var/log/nginx/{{ exchange_domain }}.log; 35 36 access_log /var/log/nginx/{{ exchange_domain }}.tal taler if=$log_perf; 37 38 location / { 39 proxy_pass http://unix:/var/run/taler-exchange/httpd/exchange-http.sock; 40 } 41 42 location /downloads/ { 43 alias /var/www/downloads/; 44 autoindex off; 45 } 46 }