CentOS Stream 9, AlmaLinux 9
$ sudo dnf install -y nginx
$ sudo mkdir /etc/nginx/sites-available & sudo mkdir /etc/nginx/sites-enabled
$ sudo nano /etc/nginx/nginx.conf
Coller le code suivant dans le fichier dans le block http après la ligne ‘include
/etc/nginx/conf.d/*’, sauvegarder et quitter :
...
http {
...
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
# Add this new lines
include /etc/nginx/sites-enabled/*;
server_names_hash_bucket_size 64;
...
}
Créer la configuration du site en remplaçant exemple.axelor.com par votre DNS :
$ sudo nano /etc/nginx/sites-available/exemple.axelor.com
Coller le code suivant dans le fichier en pensant à remplacer “exemple.axelor.com
X.X.X.X” par votre votre DNS et l’IP de votre serveur , sauvegarder et quitter :
server {
listen 80;
server_name exemple.axelor.com X.X.X.X;
23 rue Alfred Nobel - 77420 Champs sur Marne
Tel : 01 83 64 06 50 Site : http://www.axelor.com - Email : contact@axelor.com
SAS au capital de 110 000 € - Siren : 480 879 733 - RCS de Meaux - TVA N° : FR18480879733
Page 16/20
server_tokens off;
rewrite ^(.*) https://exemple .axelor.com$1 permanent;
}
server {
listen 443 ssl;
server_name exemple.axelor.com X.X.X.X;
server_tokens off;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers
ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-
AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
#Don't index site
add_header X-Robots-Tag "noindex, nofollow";
add_header Content-Security-Policy "upgrade-insecure-requests";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
add_header Referrer-Policy "strict-origin";
add_header X-Content-Type-Options nosniff always;
add_header X-Frame-Options SAMEORIGIN;
add_header Cache-Control "no-store, no-cache, must-revalidate";
location /robots.txt {
return 200 "User-agent: *\nDisallow: /";
}
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 20m;
client_body_buffer_size 128k;
proxy_connect_timeout 60;
proxy_send_timeout 1800;
proxy_read_timeout 1800;
proxy_buffers 32 4k;
#NGINX WEBSOCKET CONF
23 rue Alfred Nobel - 77420 Champs sur Marne
Tel : 01 83 64 06 50 Site : http://www.axelor.com - Email : contact@axelor.com
SAS au capital de 110 000 € - Siren : 480 879 733 - RCS de Meaux - TVA N° : FR18480879733
Page 17/20
Unset
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
Activer le site et le service :
$ sudo ln -s /etc/nginx/sites-available/exemple.axelor.com
/etc/nginx/sites-enabled/exemple.axelor.com
$ sudo systemctl enable nginx
$ sudo systemctl start nginx
$ sudo dnf install -y policycoreutils-python-utils
$ sudo cat /var/log/audit/audit.log | grep nginx | grep denied | sudo audit2allow -M
mynginx
$ sudo semodule -i mynginx.pp