Histórico da Página
...
Bloco de código | ||||
---|---|---|---|---|
| ||||
upstream fluig-http { server 192.168.2.100:8080; } server { listen 443 ssl; server_name *.minhaempresa.com; server_tokens off; ssl_certificate fullchain.pem; ssl_certificate_key privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK; ssl_prefer_server_ciphers on; ssl_session_cache# Observar lista logo abaixo de chaves Ciphers suportadas ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; location / { set $CORS ""; # Lista de origens permitidas if ($http_origin ~* "^https://(www.minhaempresa.com|empresa1.com|api.empresa2.com)$") { set $CORS "O"; } if ($request_method = 'OPTIONS') { set $CORS "${CORS}O"; } if shared:SSL:10m; location / { ($CORS = "OO") { set $CORS ""add_header Access-Control-Allow-Origin $http_origin; # Lista de origens permitidas if ($http_origin ~* "^https://(www.minhaempresa.com|empresa1.com|api.empresa2.com)$") {add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS, PUT'; set $CORS "O"add_header Access-Control-Allow-Headers 'Accept,Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; } add_header if ($request_method = 'OPTIONS') {Access-Control-Allow-Credentials 'true'; set $CORS "${CORS}O"add_header Access-Control-Max-Age 3600; } add_header Content-Type if ($CORS = "OO") {'text/plain charset=UTF-8'; add_header Access-Control-Allow-Origin $http_originContent-Length 0; add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS, PUT'; return 204; } addif ($CORS = "O") { add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-HeadersMethods 'AcceptGET,Authorization POST,DNT,X-CustomHeader,Keep-Alive,User-Agent OPTIONS, PUT'; add_header Access-Control-Allow-Headers 'Accept,Authorization,Content-Type,X-Requested-With,User-Agent,If-Modified-Since,Cache-Control,Content-Type'; add_header Access-Control-Allow-Credentials 'true'; add_header Access-Control-Max-Age 3600; add_header Content-Type 'text/plain charset=UTF-8';} add_header Content-Length 0; proxy_pass http://fluig-http; proxy_ssl_verify return 204off; } if ($CORS = "O") {proxy_ssl_ciphers HIGH:!aNULL:!MD5; addproxy_set_header AccessX-ControlForwarded-Allow-Origin $http_originHost $host:443; addproxy_set_header AccessX-ControlForwarded-Allow-Methods 'GET, POST, OPTIONS, PUT'Server $host; addproxy_set_header AccessX-ControlForwarded-Allow-Headers 'Accept,Authorization,Content-Type,X-Requested-With,User-Agent,If-Modified-Since,Cache-Control'For $proxy_add_x_forwarded_for; addproxy_set_header AccessX-ControlForwarded-Allow-Credentials 'true'Proto https; addproxy_set_header AccessX-ControlReal-Max-Age 3600IP $remote_addr; } client_max_body_size proxy_pass http://fluig-http880m; proxyclient_body_sslbuffer_verifysize off256k; proxy_ssl_ciphersconnect_timeout HIGH:!aNULL:!MD5; 800; proxy_set_header X-Forwarded-Host $host:443send_timeout 800; proxy_set_header X-Forwarded-Server $host; read_timeout 800; proxy_setbuffer_header X-Forwarded-For $proxy_add_x_forwarded_for; size proxy_set_header X-Forwarded-Proto https8k; proxy_set_header X-Real-IP $remote_addr; buffers client_max_body_size 8 880m32k; clientproxy_bodybusy_bufferbuffers_size 256k64k; proxy_connect_timeout 800; proxy_send_timeout 800; proxy_read_timeout 800; proxy_buffer_size 8k; proxy_buffers 8 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } }temp_file_write_size 64k; } } |
Lista de chaves Ciphers suportadas
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK;
Aviso |
---|
Preencha o item ssl_ciphers do fluig.conf substituindo pelos valores suportados acima que estejam de acordo com sua política de segurança. As chaves podem ser validadas em https://ciphersuite.info/ |
Utilizando Apache para configurar CORS
...
Visão Geral
Import HTML Content
Conteúdo das Ferramentas
Tarefas