diff --git a/nginx.conf b/nginx.conf index 03d95e1..5b18d66 100644 --- a/nginx.conf +++ b/nginx.conf @@ -41,7 +41,8 @@ http { # SSL Settings ## - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + # Restrict to modern TLS to avoid handshake issues + ssl_protocols TLSv1.2 TLSv1.3; # Drop TLSv1.0/1.1 ssl_prefer_server_ciphers on; ## diff --git a/server-nginx-default b/server-nginx-default index 0df2779..e8f022c 100644 --- a/server-nginx-default +++ b/server-nginx-default @@ -51,18 +51,18 @@ server { try_files $uri $uri/ /index.html; } - # API endpoints + # API endpoints -> route to gateway (host 8100 -> container 8000) location /api/ { - proxy_pass http://localhost:8000; + proxy_pass http://localhost:8100; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } - # Admin dashboard + # Admin dashboard -> route to gateway (host 8100 -> container 8000) location /admin { - proxy_pass http://localhost:8000; + proxy_pass http://localhost:8100; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -187,18 +187,18 @@ server { try_files $uri $uri/ /index.html; } - # API endpoints + # API endpoints -> route to gateway (host 8100 -> container 8000) location /api/ { - proxy_pass http://localhost:8000; + proxy_pass http://localhost:8100; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } - # Admin dashboard + # Admin dashboard -> route to gateway (host 8100 -> container 8000) location /admin { - proxy_pass http://localhost:8000; + proxy_pass http://localhost:8100; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;