webserver/conf/stage.conf
server { listen 80 default_server; listen [::]:80 default_server; server_name _; return 301 https://synapse.ksu.edu$request_uri;} server { listen 443 ssl default_server; listen [::]:443 ssl default_server; server_name synapse.ksu.edu; ssl_certificate /etc/nginx/stage.crt; ssl_certificate_key /etc/nginx/stage.key; ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096 ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; # Requires nginx >= 1.5.9 ssl_stapling on; # Requires nginx >= 1.3.7 ssl_stapling_verify on; # Requires nginx => 1.3.7 resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; location /static/ { alias /frontend/; autoindex on; } location /dj-static/ { autoindex on; alias /static/; } location / { proxy_pass http://backend:3002/; proxy_set_header Host synapse.ksu.edu; proxy_set_header X-Forwarded-For $remote_addr; client_max_body_size 150M; }}