gentoo resync : 19.03.2019

author: V3n3RiX <venerix@redcorelinux.org> 2019-03-19 11:37:34 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2019-03-19 11:37:34 +0000
commit: b7b97785ebbb2f11d24d14dab8b81ed274f4ce6a (patch)
tree: 9fd110f9fc996e8a4213eeda994a8c112491b86d /net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example
parent: 066d27181e9a797ad9f8fc43b49fc9a10ff2f707 (diff)
1 files changed, 78 insertions, 0 deletions
diff --git a/net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example b/net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example
new file mode 100644
index 000000000000..b233911a2f1d
--- /dev/null
+++ b/net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example
@@ -0,0 +1,78 @@
+upstream backend {
+    server 127.0.0.1:9392;
+    keepalive 64;
+}
+
+server {
+        listen IP:80;
+        server_name openvas.domain.tdl;
+        return 301 https://openvas.domain.tdl$request_uri;
+}
+
+server {
+        listen IP:443 ssl http2;
+        server_name openvas.domain.tdl;
+        access_log /var/log/nginx/openvas.domain.tdl.access.log;
+        error_log  /var/log/nginx/openvas.domain.tdl.error.log;
+        # Not sourcing directly from file
+        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+	fastcgi_param  QUERY_STRING       $query_string;
+	fastcgi_param  REQUEST_METHOD     $request_method;
+	fastcgi_param  CONTENT_TYPE       $content_type;
+	fastcgi_param  CONTENT_LENGTH     $content_length;
+	fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+	fastcgi_param  REQUEST_URI        $request_uri;
+	fastcgi_param  DOCUMENT_URI       $document_uri;
+	fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+	fastcgi_param  REQUEST_SCHEME     $scheme;
+	fastcgi_param  HTTPS              $https;
+	fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+	fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+	fastcgi_param  REMOTE_ADDR        $remote_addr;
+	fastcgi_param  REMOTE_PORT        $remote_port;
+	fastcgi_param  SERVER_ADDR        $server_addr;
+	fastcgi_param  SERVER_PORT        $server_port;
+	fastcgi_param  SERVER_NAME        $server_name;
+	fastcgi_param  REDIRECT_STATUS    200;
+        fastcgi_param  HTTP_PROXY "";
+        fastcgi_param  PATH_INFO          $fastcgi_path_info;
+	fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
+        fastcgi_param  DOCUMENT_ROOT	  $document_root;
+
+        location / {        
+                proxy_set_header   Host             $http_host;
+                proxy_set_header   X-Real-IP        $remote_addr;
+                proxy_set_header   REMOTE_HOST      $remote_addr;
+                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
+                proxy_set_header   X-FORWARDED-PROTOCOL $scheme;
+                proxy_pass https://backend;
+                proxy_http_version 1.1;
+                proxy_pass_request_headers on;
+                proxy_set_header Connection "keep-alive";
+                proxy_store off;
+                gzip on;
+                gzip_proxied any;
+                gzip_types *;
+        }
+
+	resolver 127.0.0.1;
+        resolver_timeout 6s;
+	ssl_certificate /openvas.domain.tdl/fullchain.pem;
+	ssl_certificate_key /openvas.domain.tdl/privkey.pem;
+        ssl_trusted_certificate /openvas.domain.tdl/chain.pem;        
+        ssl_dhparam /openvas.domain.tdl/dhparam.pem;
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_prefer_server_ciphers on;
+        ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
+        ssl_ecdh_curve  secp384r1;
+        ssl_stapling on;
+        ssl_stapling_verify on;
+        ssl_session_cache shared:SSL:40m;
+        ssl_session_timeout 21h;
+        ssl_session_tickets off;
+        ssl_buffer_size 4k;
+        add_header Referrer-Policy no-referrer-when-downgrade;
+        add_header X-Frame-Options "SAMEORIGIN";
+        add_header X-Content-Type-Options "nosniff";
+        add_header X-XSS-Protection "1; mode=block";
+}
author	V3n3RiX <venerix@redcorelinux.org>	2019-03-19 11:37:34 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2019-03-19 11:37:34 +0000
commit	b7b97785ebbb2f11d24d14dab8b81ed274f4ce6a (patch)
tree	9fd110f9fc996e8a4213eeda994a8c112491b86d /net-analyzer/greenbone-security-assistant/files/gsa.nginx.reverse.proxy.example
parent	066d27181e9a797ad9f8fc43b49fc9a10ff2f707 (diff)