server {
listen 80;
# <url_externe_bluemind> désigne l'url externe à laquelle les utilisateurs se connectent
server_name <url_externe_bluemind>;
location / {
return 301 https://<url_externe_bluemind>$request_uri;
}
}
server {
listen 443 ssl http2;
server_name <url_externe_bluemind>;
ssl_certificate /etc/ssl/certs/bm_cert.pem;
ssl_certificate_key /etc/ssl/certs/bm_cert.pem;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2;
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
add_header Strict-Transport-Security max-age=15768000; # six months
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
# <srv_interne> est le serveur BlueMind principal
proxy_pass https://<srv_interne>;
}
location /webmail/ {
client_max_body_size 0m;
proxy_pass https://<srv_interne>/webmail/;
}
location /Microsoft-Server-ActiveSync {
proxy_pass https://<srv_interne>/Microsoft-Server-ActiveSync;
proxy_read_timeout 1200s;
proxy_headers_hash_bucket_size 128;
proxy_headers_hash_max_size 2048;
client_max_body_size 0m;
proxy_pass_header Server;
}
location /eventbus {
proxy_pass https://<srv_interne>;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/filehosting/ {
client_max_body_size 0m;
proxy_pass https://<srv_interne>$request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_buffering off;
}
location /api/attachment/ {
client_max_body_size 0m;
proxy_pass https://<srv_interne>$request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_buffering off;
}
location /fh/ {
proxy_pass https://<srv_interne>/fh/;
proxy_http_version 1.1;
proxy_buffering off;
}
}
|