mirror of
https://github.com/danny-avila/LibreChat.git
synced 2025-09-22 06:00:56 +02:00
81ff598eba
* Update nginx.conf Add Mozilla SSL Configuration Generator recommended options. * Update nginx.conf Remove Space
76 lines
2.7 KiB
Nginx Configuration File
76 lines
2.7 KiB
Nginx Configuration File
# Secure default configuration generated by Mozilla SSL Configuration Generator
|
|
# generated 2024-01-21, Mozilla Guideline v5.7, nginx 1.24.0, OpenSSL 3.1.4, intermediate configuration
|
|
# https://ssl-config.mozilla.org/#server=nginx&version=1.24.0&config=intermediate&openssl=3.1.4&guideline=5.7
|
|
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
|
|
# To Configure SSL, comment all lines within the Non-SSL section and uncomment all lines under the SSL section.
|
|
######################################## Non-SSL ########################################
|
|
server_name localhost;
|
|
|
|
# Increase the client_max_body_size to allow larger file uploads
|
|
# The default limits for image uploads as of 11/22/23 is 20MB/file, and 25MB/request
|
|
client_max_body_size 25M;
|
|
|
|
location /api {
|
|
proxy_pass http://api:3080/api;
|
|
}
|
|
|
|
location / {
|
|
proxy_pass http://api:3080;
|
|
}
|
|
|
|
######################################## SSL ########################################
|
|
# # Redirect all http traffic to https
|
|
# location / {
|
|
# return 301 https://$host$request_uri;
|
|
# }
|
|
}
|
|
|
|
#server {
|
|
# listen 443 ssl http2;
|
|
# listen [::]:443 ssl http2;
|
|
|
|
# ssl_certificate /etc/nginx/ssl/nginx.crt;
|
|
# ssl_certificate_key /etc/nginx/ssl/nginx.key;
|
|
# ssl_session_timeout 1d;
|
|
# ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
|
# ssl_session_tickets off;
|
|
|
|
# # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/nginx/ssl/dhparam
|
|
# ssl_dhparam /etc/nginx/ssl/dhparam;
|
|
|
|
# # intermediate configuration
|
|
# ssl_protocols TLSv1.2 TLSv1.3;
|
|
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
|
|
# ssl_prefer_server_ciphers off;
|
|
|
|
# # HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
|
# add_header Strict-Transport-Security "max-age=63072000" always;
|
|
|
|
# # OCSP stapling
|
|
# ssl_stapling on;
|
|
# ssl_stapling_verify on;
|
|
|
|
# # verify chain of trust of OCSP response using Root CA and Intermediate certs
|
|
# ssl_trusted_certificate /etc/nginx/ssl/ca.crt;
|
|
|
|
# # replace with the IP address of your resolver
|
|
# resolver 127.0.0.1;
|
|
|
|
# server_name localhost;
|
|
|
|
# # Increase the client_max_body_size to allow larger file uploads
|
|
# # The default limits for image uploads as of 11/22/23 is 20MB/file, and 25MB/request
|
|
# client_max_body_size 25M;
|
|
|
|
# location /api {
|
|
# proxy_pass http://api:3080/api;
|
|
# }
|
|
|
|
# location / {
|
|
# proxy_pass http://api:3080;
|
|
# }
|
|
#}
|