user rrdtusr appgrp;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root /home/rrdtusr/app/rdt-frontend/dist;
index index.html;
}
location /api/ {
proxy_pass http://localhost:9081/;
}
}
# HTTPS server
server {
listen 10443 ssl;
server_name localhost;
location / {
root /home/rrdtusr/app/rdt-frontend/dist;
index index.html;
try_files $uri $uri/ /index.html;
}
location /api/ {
proxy_pass http://127.0.0.1:9081/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
ssl_certificate /etc/ssl/certs/rdt-sit.kasikornbank.com/server.crt;
ssl_certificate_key /etc/ssl/certs/rdt-sit.kasikornbank.com/server.key;
# Reduce clickjacking
add_header X-Frame-Options DENY;
# Disable the server from automatically resolving resource types
add_header X-Content-Type-Options nosniff;
# Preventing XSS attacks
add_header X-Xss-Protection 1;
# Take the server algorithm first
ssl_prefer_server_ciphers on;
# Use DH file
ssl_dhparam /etc/ssl/certs/rdt-sit.kasikornbank.com/dhparam.pem;
# Protocol
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Encryption
ssl_ciphers "QEECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4Q";
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
}
}