server { server_name region1-mob-data-point1.com; listen 443 ssl; ssl_certificate /etc/nginx/ssl/live/region1-mob-data-point1.com/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/live/region1-mob-data-point1.com/privkey.pem; ssl_session_cache shared:SSL:20m; ssl_session_timeout 180m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; add_header Accept-Ranges bytes; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Referrer-Policy 'origin-when-cross-origin'; client_max_body_size 900m; proxy_buffering off; proxy_request_buffering off; ignore_invalid_headers off; location / { # Send the request to privoxy, which forwards it via Tor to the onion. # The Host header tells privoxy WHERE to go. proxy_pass http://privoxy:8118; proxy_http_version 1.1; proxy_set_header Host c6cjjtazr5bdnnfx2g4eyovuw3s56sl5vrcrzsf75calzb45u3bwvoid.onion; #proxy_set_header Connection ""; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; # Rewrite redirects coming from the backend so they point at example.com proxy_redirect http://c6cjjtazr5bdnnfx2g4eyovuw3s56sl5vrcrzsf75calzb45u3bwvoid.onion/ https://region1-mob-data-point1.com/; # Tor is slow - raise timeouts proxy_connect_timeout 120s; proxy_send_timeout 120s; proxy_read_timeout 120s; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Uncomment if the backend uses WebSockets #proxy_set_header Upgrade $http_upgrade; #proxy_set_header Connection $connection_upgrade; } }