server {
listen 443 ssl proxy_protocol;
set_real_ip_from 0.0.0.0/0;
real_ip_header proxy_protocol;
server_name web-alfa.infoclinica.ru;
ssl_certificate /etc/nginx/letsencrypt/live/infoclinica.ru/fullchain.pem;
ssl_certificate_key /etc/nginx/letsencrypt/live/infoclinica.ru/privkey.pem;
ssl_certificate_key engine:gostengy:*.infoclinica.ru;
ssl_certificate /etc/pki/tls/certs/gost.infoclinica.ru.pem;
ssl_prefer_server_ciphers on;
error_page 403 /403web.html;
location /
{
# Отключил из-за
https://support.sdsys.ru/issues/125506 set $result $access_cipher$access_ip;
if ($result = 00) { return 403; }
set $backend_servers nodeweb-alfa;
proxy_pass http://$backend_servers:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-SSL-Cipher $ssl_cipher;
dav_methods PUT DELETE MKCOL COPY MOVE;
create_full_put_path on;
client_max_body_size 90m;
client_body_buffer_size 256k;
proxy_connect_timeout 2s;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
}
location = /403web.html {
root /usr/share/nginx/html;
allow all;
}
}