mirror of
https://github.com/mainflux/mainflux.git
synced 2025-05-02 22:17:10 +08:00
3255f32a9c
* Initial commit Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add user create form Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add Makefile and README Signed-off-by: Ivan Milošević <iva@blokovi.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Remove elm-stuff Signed-off-by: Ivan Milošević <iva@blokovi.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add url parsing Signed-off-by: Ivan Milošević <iva@blokovi.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add channels retrive and remove Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Refactor request f and add f annotations Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add things provision Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add thing retrieve and remove Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Rename Channel.elm methods Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Fix trailing slash and add url constants Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add module User with separate model, view and update Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Modularize channels Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Modularize version and things Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Refactor module methods Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Modularize messaging Signed-off-by: Ivan Milošević <iva@blokovi.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add channel pagination Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Fix initial channel model Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add access control (connect and disconnect things from channel) Signed-off-by: Ivan Milošević <iva@blokovi.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add pagination to Things Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Using Url.Builder in connection and messaging Rename Acces module to Connection Rename attribute in Bootstrap code Remove debug logging Signed-off-by: Ivan Milošević <iva@blokovi.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add login Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add dynamic menu Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Fix empty name channel/thing bug Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Remove menu from login screen and add response helper Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add version, channels, things direct display Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add channels table Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Change var names and add refreshChannelList helper Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add Things list Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Fix response behavior Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Remove version page button Signed-off-by: drasko <drasko.draskovic@gmail.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Move everything to ui folder Signed-off-by: drasko <drasko.draskovic@gmail.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Remove dashflux Signed-off-by: drasko <drasko.draskovic@gmail.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * MF-571 Add things and channels lists to Connection module (#580) * Add thing and channel lists to Connection module Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Fix form reset bug & remember checkbox status in Connection module Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * MF-571 - Add batch things-channels connection modification (#588) * Add batch things-channels connection modification Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Remove unused token arg and reposition buttons Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * NOISSUE - messaging in UI (#578) * Add thing and channel lists to Connection module Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * init commit Signed-off-by: Ivan Milošević <iva@blokovi.com> * list channels and things Signed-off-by: Ivan Milošević <iva@blokovi.com> * list channels with radio buttons Signed-off-by: Ivan Milošević <iva@blokovi.com> * Listing channels for selected thing Signed-off-by: Ivan Milošević <iva@blokovi.com> * fix list channels for selected thing Signed-off-by: Ivan Milošević <iva@blokovi.com> * Use records instead of hardcode values Use genFormField from Helpers Remove dead comments Signed-off-by: Ivan Milošević <iva@blokovi.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * NOISSUE - Add Docker build for UI (#582) * Add Docker build for UI Signed-off-by: Drasko DRASKOVIC <drasko.draskovic@gmail.com> * Fix entrypoint and ports Signed-off-by: Drasko DRASKOVIC <drasko.draskovic@gmail.com> * Add NginX server. Fix port. Signed-off-by: Drasko DRASKOVIC <drasko.draskovic@gmail.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * NOISSUE - Fix layout and add custom CSS (#593) * Fix layout and add custom CSS Signed-off-by: Drasko DRASKOVIC <drasko.draskovic@gmail.com> * Remove comments, add copyright headers Signed-off-by: Drasko DRASKOVIC <drasko.draskovic@gmail.com> * Add newline at the end of the css file Signed-off-by: Drasko DRASKOVIC <drasko.draskovic@gmail.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * NOISSUE -update message module (#599) * Update message module Sending message as selected thing to multiple channels Signed-off-by: Ivan Milošević <iva@blokovi.com> * Rename token to thingkey Signed-off-by: Ivan Milošević <iva@blokovi.com> * Reset model on send message and reset list of channels on selecting thing Signed-off-by: Ivan Milošević <iva@blokovi.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Remove logout button and add logout header (#604) * Remove logout button and add logout header * Removed dead code. Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * MF-571 - Pagination (#606) * Add total # things to Thing model Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add basic pagination for Thing Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add pagination helper function & Channel pagination Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * NOISSUE - Add bootstrap cards in version view (#607) * Add total # things to Thing model Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add basic pagination for Thing Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add bootstrap cards in version view Signed-off-by: Ivan Milošević <iva@blokovi.com> * Add pagination helper function & Channel pagination Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * modify styling Signed-off-by: Ivan Milošević <iva@blokovi.com> * Styling Signed-off-by: Ivan Milošević <iva@blokovi.com> * Mainflux logo Signed-off-by: Ivan Milošević <iva@blokovi.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Revert "NOISSUE - Add bootstrap cards in version view (#607)" This reverts commit a9a4dd7c730de453c45b64b51712c81e9befbeec. Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Pagination (#613) Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * MF-571 - Add dashboard (#614) * Add Dashboard module and simplify Main module Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Remove unused code and Version module Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add helper funcs to Main.elm update method Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Improve Main and Message module organization Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add dashboard Things and Channels buttons Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add Modal to edit thing Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add RemoveThing msg and AwesomeFont Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Unify provision and retrieve request Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Reorganize code by making funcs and code repositioning Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add fon-awesome 5.* support Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add metadata edit Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Remove table header add thing and removed dead code Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * MF-571 - UI modal buttons (#617) * Add Dashboard module and simplify Main module Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Remove unused code and Version module Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add helper funcs to Main.elm update method Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Improve Main and Message module organization Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add dashboard Things and Channels buttons Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add Modal to edit thing Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add RemoveThing msg and AwesomeFont Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Unify provision and retrieve request Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Reorganize code by making funcs and code repositioning Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add fon-awesome 5.* support Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add metadata edit Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Remove table header add thing and removed dead code Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add complete Thing edit modal buttons Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add card style to channels (#618) Add dropdown user menu Add font awesome to main menu Signed-off-by: Ivan Milošević <iva@blokovi.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * MF-571 - UI Thing module with modals (#620) * Add Thing provision modal Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add app/dev dropdown to Thing provision modal Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Refactor Thing to have separate Update and Provision msg handling Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Remove fontAwesome import and fix Dict import Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * MF-571 - UI channel modals (#621) * Add Thing provision modal Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add app/dev dropdown to Thing provision modal Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Refactor Thing to have separate Update and Provision msg handling Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Remove fontAwesome import and fix Dict import Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add provision and edit modals to Channel Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add HttpMF http custom library Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add ModalMF Bootstrap modal custom library Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Moved all http funcs to HttpMF Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Moved expect funcs from Connection and Message to HttpMF Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add cards and change tables (#622) * Change type of tables Add tables to cards Colorize buttons Signed-off-by: Ivan Milošević <iva@blokovi.com> * remove comments Signed-off-by: Ivan Milošević <iva@blokovi.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * MF-571 - Fix user login and refactor User (#623) * Fix user login and refactor User Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Remove redundant Grid.row nesting Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Fix links in README (#624) Signed-off-by: Ivan Milošević <iva@blokovi.com> Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Fix ui/Makefile and ui/README.md Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add copyright header to .elm files Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Fix missing README.md after migration Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Fix typo Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Add install options to README.md Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com> * Rename Url to URL and Id to ID Signed-off-by: Darko Draskovic <darko.draskovic@gmail.com>
272 lines
8.3 KiB
Nginx Configuration File
272 lines
8.3 KiB
Nginx Configuration File
###
|
|
# Mainflux NGINX Conf
|
|
#
|
|
# Taken for /etc/nginx/nginx.conf on Debian machine
|
|
# and https://github.com/nginxinc/docker-nginx/blob/master/mainline/alpine/nginx.conf
|
|
###
|
|
|
|
##
|
|
# User:
|
|
# - 'www-data' on Debian
|
|
# - 'nginx' on Alpine
|
|
##
|
|
#user www-data;
|
|
user nginx;
|
|
worker_processes auto;
|
|
pid /run/nginx.pid;
|
|
include /etc/nginx/modules-enabled/*.conf;
|
|
|
|
events {
|
|
worker_connections 768;
|
|
# multi_accept on;
|
|
}
|
|
|
|
###
|
|
# HTTP
|
|
###
|
|
http {
|
|
|
|
##
|
|
# Basic Settings
|
|
##
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 65;
|
|
types_hash_max_size 2048;
|
|
# server_tokens off;
|
|
|
|
# server_names_hash_bucket_size 64;
|
|
# server_name_in_redirect off;
|
|
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
##
|
|
# SSL Settings
|
|
##
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
##
|
|
# Logging Settings
|
|
##
|
|
access_log /var/log/nginx/access.log;
|
|
error_log /var/log/nginx/error.log;
|
|
|
|
##
|
|
# Virtual Host Configs
|
|
##
|
|
|
|
# HTTPS
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
# SSL configuration
|
|
#
|
|
listen 443 ssl http2 default_server;
|
|
listen [::]:443 ssl http2 default_server;
|
|
|
|
#
|
|
# Note: You should disable gzip for SSL traffic.
|
|
# See: https://bugs.debian.org/773332
|
|
#
|
|
# Read up on ssl_ciphers to ensure a secure configuration.
|
|
# See: https://bugs.debian.org/765782
|
|
#
|
|
# Self signed certs generated by the ssl-cert package
|
|
# Don't use them in a production server!
|
|
#
|
|
# include snippets/snakeoil.conf;
|
|
|
|
# Certificates
|
|
ssl_certificate /etc/ssl/certs/mainflux-server.crt;
|
|
ssl_certificate_key /etc/ssl/private/mainflux-server.key;
|
|
ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
|
|
|
|
|
# from https://cipherli.st/
|
|
# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
|
ssl_ecdh_curve secp384r1;
|
|
ssl_session_tickets off;
|
|
ssl_stapling off;
|
|
ssl_stapling_verify on;
|
|
resolver 8.8.8.8 8.8.4.4 valid=300s;
|
|
resolver_timeout 5s;
|
|
|
|
# Disable preloading HSTS for now. You can use the commented out header line that includes
|
|
# the "preload" directive if you understand the implications.
|
|
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
|
|
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
|
|
add_header X-Frame-Options DENY;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header Access-Control-Allow-Origin '*';
|
|
add_header Access-Control-Allow-Methods '*';
|
|
add_header Access-Control-Allow-Headers "*";
|
|
|
|
server_name localhost;
|
|
|
|
# Proxy pass to users service
|
|
location ~ ^/(users|tokens) {
|
|
proxy_redirect off;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_pass http://users:8180;
|
|
|
|
# Allow OPTIONS method CORS
|
|
if ($request_method = OPTIONS ) {
|
|
add_header Content-Length 0;
|
|
add_header Content-Type text/plain;
|
|
return 200;
|
|
}
|
|
}
|
|
|
|
# Proxy pass to things service
|
|
location ~ ^/(things|channels) {
|
|
proxy_redirect off;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
add_header Access-Control-Expose-Headers Location;
|
|
proxy_pass http://things:8182;
|
|
|
|
# Allow OPTIONS method CORS
|
|
if ($request_method = OPTIONS ) {
|
|
add_header Content-Length 0;
|
|
add_header Content-Type text/plain;
|
|
return 200;
|
|
}
|
|
}
|
|
|
|
location /version {
|
|
proxy_redirect off;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_pass http://things:8182;
|
|
|
|
# Allow OPTIONS method CORS
|
|
if ($request_method = OPTIONS ) {
|
|
add_header Content-Length 0;
|
|
add_header Content-Type text/plain;
|
|
return 200;
|
|
}
|
|
}
|
|
|
|
# Proxy pass to mainflux-http-adapter
|
|
location /http/ {
|
|
proxy_redirect off;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_pass http://http-adapter:8185/;
|
|
|
|
# Allow OPTIONS method CORS
|
|
if ($request_method = OPTIONS ) {
|
|
add_header Content-Length 0;
|
|
add_header Content-Type text/plain;
|
|
return 200;
|
|
}
|
|
}
|
|
|
|
# Proxy pass to mainflux-ws-adapter
|
|
location /ws/ {
|
|
proxy_redirect off;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
proxy_connect_timeout 7d;
|
|
proxy_send_timeout 7d;
|
|
proxy_read_timeout 7d;
|
|
proxy_pass http://ws-adapter:8186/;
|
|
|
|
# Allow OPTIONS method CORS
|
|
if ($request_method = OPTIONS ) {
|
|
add_header Content-Length 0;
|
|
add_header Content-Type text/plain;
|
|
return 200;
|
|
}
|
|
}
|
|
|
|
# Proxy pass to mainflux-mqtt-adapter
|
|
location /mqtt {
|
|
proxy_redirect off;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
proxy_connect_timeout 7d;
|
|
proxy_send_timeout 7d;
|
|
proxy_read_timeout 7d;
|
|
proxy_pass http://mqtt-adapter:8880/;
|
|
|
|
# Allow OPTIONS method CORS
|
|
if ($request_method = OPTIONS ) {
|
|
add_header Content-Length 0;
|
|
add_header Content-Type text/plain;
|
|
return 200;
|
|
}
|
|
}
|
|
|
|
location / {
|
|
proxy_redirect off;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_pass http://ui:3000/;
|
|
|
|
# Allow OPTIONS method CORS
|
|
if ($request_method = OPTIONS ) {
|
|
add_header Content-Length 0;
|
|
add_header Content-Type text/plain;
|
|
return 200;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
# MQTT
|
|
stream {
|
|
# MQTT
|
|
server {
|
|
listen 8883 ssl;
|
|
listen [::]:8883 ssl;
|
|
|
|
# Certificates
|
|
ssl_certificate /etc/ssl/certs/mainflux-server.crt;
|
|
ssl_certificate_key /etc/ssl/private/mainflux-server.key;
|
|
ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
|
|
|
|
|
# from https://cipherli.st/
|
|
# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
|
ssl_ecdh_curve secp384r1;
|
|
ssl_session_tickets off;
|
|
resolver 8.8.8.8 8.8.4.4 valid=300s;
|
|
resolver_timeout 5s;
|
|
|
|
proxy_pass mqtt-adapter:1883;
|
|
}
|
|
}
|