From 6b1d2bfb60578dabbc390a64b0f7efc74834b475 Mon Sep 17 00:00:00 2001
From: Lukas M <lukas.mrtvy@gmail.com>
Date: Mon, 31 Dec 2018 14:55:13 +0100
Subject: [PATCH] Create default-ssl.conf

---
 docker/default-ssl.conf | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 docker/default-ssl.conf

diff --git a/docker/default-ssl.conf b/docker/default-ssl.conf
new file mode 100644
index 00000000..8b791c45
--- /dev/null
+++ b/docker/default-ssl.conf
@@ -0,0 +1,31 @@
+add_header X-Frame-Options DENY;
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+
+server {
+   listen 443;
+   server_name  _;
+   access_log /dev/stdout;
+   error_log /dev/stderr;
+   ssl_certificate /etc/nginx/ssl/server.crt;
+   ssl_certificate_key /etc/nginx/ssl/server.key;
+   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+   ssl_ciphers HIGH:!aNULL:!MD5;
+
+   location /api {
+        proxy_pass  http://127.0.0.1:8000;
+        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+        proxy_redirect off;
+        proxy_buffering off;
+        proxy_set_header        Host            $host;
+        proxy_set_header        X-Real-IP       $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location / {
+        root /opt/lemur/lemur/static/dist;
+        include mime.types;
+        index index.html;
+    }
+
+}