Alcides Magno Posted August 24, 2021 Share Posted August 24, 2021 We are using UNIGUI for some applications and we have this cenario Nginx LB -- Server Unigui -- Database NGINX LB is a CentOS 8, and we´re using Letsencrypt certificate On Nginx we ´re using SSL and Proxy to Optimize Connections proxy_cache_path /tmp/NGINX_cache/ keys_zone=backcache:10m; map $http_upgrade $connection_upgrade { default upgrade; '' close; } upstream unigui { ip_hash; server 2**.1**.**.**:8075; } server { listen 80; server_name xxxxx.xxx.xxx.br; location / { proxy_pass http://unigui; } } server { listen 443 ssl http2 default_server; server_name xxxxx.xxx.xxx.br; ssl_certificate /etc/letsencrypt/live/xxxxx.xxx.xxx.br/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/xxxxx.xxx.xxx.br/privkey.pem; #ssl_session_timeout 10m; #ssl_session_cache shared:SSL:10m; ssl_protocols TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384"; # ssl_ecdh_curve secp521r1:secp384r1; # Aditional Security Headers # ref: https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; # ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options #add_header X-Frame-Options DENY always; # ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options add_header X-Content-Type-Options nosniff always; # ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection add_header X-Xss-Protection "1; mode=block" always; add_header X-Frame-Options "SAMEORIGIN"; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/letsencrypt/live/xxxxx.xxx.xxx.br/fullchain.pem; resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; # Cloudflare resolver_timeout 5s; ssl_dhparam /etc/ssl/certs/dhparam.pem; location / { proxy_pass http://unigui; proxy_cache backcache; # http2_push_preload on; } } We are having some issue with reports, it was show a browser message erro then to improve we add on NGINX add_header X-Frame-Options "SAMEORIGIN"; If someone have more informations about could you add here to us. Let´s share our experience. 1 Link to comment Share on other sites More sharing options...
Wilton Ergon Posted December 2, 2021 Share Posted December 2, 2021 friend, because you don't use the native unigui load balancing, I used nginx, and I had a lot of problems in the user reconnection when one of the servers stopped, it takes a long time to identify that the server was no longer available. 1 Link to comment Share on other sites More sharing options...
Recommended Posts