diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..aa74bb1 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,27 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; + +include /etc/nginx/modules-enabled/*.conf; +# HIER ENTFERNEN! + +events { + worker_connections 4096; + multi_accept on; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + proxy_hide_header Upgrade; + sendfile on; + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + server_names_hash_bucket_size 128; + include /etc/nginx/conf.d/*.conf; + + # HIER EINFÜGEN: + include /etc/nginx/conf.d/proxy_generated/*.conf; + + # IPv4-Port 80: globaler Redirect auf HTTPS +} diff --git a/sync-ispconfig-proxy.sh b/sync-ispconfig-proxy.sh index cc54ebc..0db9303 100755 --- a/sync-ispconfig-proxy.sh +++ b/sync-ispconfig-proxy.sh @@ -65,7 +65,7 @@ write_nginx_config() { if [ -f "$cert_dir/fullchain.cer" ]; then if_ssl="if (\$scheme != \"https\") { return 301 https://\$host\$request_uri; }" - ssl_block="listen 443 ssl http2; listen [::]:443 ssl http2; + ssl_block="listen 443 ssl; listen [::]:443 ssl; ssl_certificate $cert_dir/fullchain.cer; ssl_certificate_key $cert_dir/${domain}.key; ssl_protocols TLSv1.2 TLSv1.3; @@ -78,6 +78,7 @@ write_nginx_config() { proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \$scheme; + proxy_hide_header Upgrade; proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; @@ -87,8 +88,7 @@ write_nginx_config() { [ -d "/var/www/${domain}/web" ] && local_root="root /var/www/${domain}/web/; index index.php index.html;" local path_block="" - [[ "$redirect_path" == /* && "$redirect_path" != "/urldummy/" ]] && path_block="location ${redirect_path} { $if_ssl proxy_pass http://[$target_ip]:80${redirect_path}; $proxy_settings proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection \"upgrade\"; }" - +[[ "$redirect_path" == /* && "$redirect_path" != "/urldummy/" ]] && path_block="location ${redirect_path} { $if_ssl proxy_pass http://[$target_ip]:80${redirect_path}; $proxy_settings proxy_http_version 1.1;}" cat < "$config_path" server { $ssl_block