54 lines
2.3 KiB
Nginx Configuration File
Executable File
54 lines
2.3 KiB
Nginx Configuration File
Executable File
events {}
|
||
|
||
http {
|
||
# 增加上传文件大小限制
|
||
client_max_body_size 0; # 0表示无限制
|
||
|
||
map $http_upgrade $connection_upgrade {
|
||
default upgrade;
|
||
'' close;
|
||
}
|
||
|
||
server {
|
||
listen 443 ssl;
|
||
server_name _; # 通配符,匹配所有域名
|
||
|
||
# SSL configuration
|
||
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
|
||
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
|
||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||
ssl_prefer_server_ciphers on;
|
||
ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
||
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
|
||
ssl_session_timeout 1d;
|
||
ssl_session_cache shared:SSL:50m;
|
||
ssl_stapling on;
|
||
ssl_stapling_verify on;
|
||
add_header Strict-Transport-Security max-age=15768000;
|
||
# Add SSL configurations here...
|
||
|
||
location / {
|
||
proxy_pass http://hub:8000; # 确保这里指向JupyterHub服务
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
||
# WebSocket support
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection $connection_upgrade;
|
||
proxy_set_header X-Scheme $scheme;
|
||
|
||
proxy_buffering off;
|
||
# 增加临时文件大小限制,0表示禁止使用临时文件
|
||
proxy_max_temp_file_size 0;
|
||
}
|
||
|
||
# Managing requests to verify letsencrypt host
|
||
location ~ /.well-known {
|
||
allow all;
|
||
}
|
||
}
|
||
}
|