upstream redash {
server redash:5000;
}
server {
listen 80;
listen [::]:80;
server_name redash.adachin.me;
location ^~ /ping {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://redash;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
location ^~ /.well-known {
allow all;
root /data/letsencrypt/;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name redash.adachin.me;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
ssl_certificate /etc/letsencrypt/live/redash.adachin.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/redash.adachin.me/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/redash.adachin.me/chain.pem;
access_log /dev/stdout;
error_log /dev/stderr info;
# other configs
location / {
auth_basic "Basic Authentication";
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_pass http://redash;
}
}