kitoy/pywallter
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity
Page: Configuration pywallter avec Nginx
Pages
Configuration opensmtp Configuration prosody Configuration pywallter avec Nginx
3 Configuration pywallter avec Nginx
kitoy edited this page 2022-08-13 00:19:08 +02:00
Table of Contents

Configuration de pywallter avec nginx comme proxy

On assumera que vous avez préalablement créé vos certificats SSL

Dans le fichier config.py il faut régler la variable BASE_URL comme ceci

BASE_URL="https://mondomaine.net/"

Ensuite vous pouvez lancer le programme comme ceci: python3 wsgi.py

Voici un fichier d'example pour nginx :

server {
    listen 80;
    server_name mondomaine.net;

    #Ajout pour les certificats letsencrypt
    #include snippets/acme-challenge.conf;

    return 301 https://$http_host$request_uri;

    root /htdocs/;

}

server {
    listen 443 ssl http2;
    server_name mondomaine.net;


    ssl_certificate         /etc/ssl/mondomaine.net.crt;
    ssl_certificate_key     /etc/ssl/private/mondomaine.net.key;
    sl_dhparam /etc/nginx/dhparam.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
   
    ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !RC4 !EXP !PSK !SRP !CAMELLIA !SEED';
    ssl_prefer_server_ciphers on;
    # Speeds things up a little bit when resuming a session
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:5m;

    
    #Ajoute gzip mais n'enleve pas les ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # duration=365days
    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff";
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN";
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "none"          always;
    add_header X-XSS-Protection                     "1; mode=block" always;
    add_header Content-Security-Policy  "upgrade-insecure-requests";
    add_header Content-Security-Policy-Report-Only " default-src https: data: 'unsafe-inline' 'unsafe-eval'";


    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

    
    # Speeds things up a little bit when resuming a session
    # ssl_session_timeout 5m;
    # ssl_session_cache shared:SSL:5m;


    # Taille maximum pour les envoie de fichier :
    client_max_body_size 100M;

    location / {
            proxy_pass http://127.0.0.1:8000/;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Prefix /;
    }

    # Path to the root of your installation
   root /htdocs;

}