From 8b20efc0e63d5d43f1a4e45ea7b88d1fa3aa425f Mon Sep 17 00:00:00 2001 From: Jester Date: Mon, 19 Jan 2026 10:15:29 +0300 Subject: [PATCH] nginx conf in NAS --- nginx_T.txt | 1786 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1786 insertions(+) create mode 100644 nginx_T.txt diff --git a/nginx_T.txt b/nginx_T.txt new file mode 100644 index 0000000..d30b2c5 --- /dev/null +++ b/nginx_T.txt @@ -0,0 +1,1786 @@ +# configuration file /etc/nginx/nginx.conf: +# Copyright (c) 2000-2017 Synology Inc. All rights reserved. + +worker_processes auto; +#worker_cpu_affinity auto; +worker_rlimit_nofile 65535; + +include conf.d/main.*.conf; + +events { + use epoll; + multi_accept on; + accept_mutex off; + worker_connections 1024; + + include conf.d/events.*.conf; +} + +http { + include mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log off; + #access_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_access,nohostname main; + error_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_error,nohostname error; + + tcp_nopush on; + tcp_nodelay on; + + sendfile on; + server_tokens off; + + proxy_request_buffering off; + fastcgi_request_buffering off; + scgi_request_buffering off; + + proxy_buffering off; + fastcgi_buffering off; + scgi_buffering off; + + resolver_timeout 5s; + client_header_timeout 10s; + client_body_timeout 60s; + send_timeout 60s; + keepalive_timeout 65s 20s; + client_max_body_size 0; + http2_max_client_body_buffer_size 8m; + server_names_hash_max_size 8192; + server_names_hash_bucket_size 128; + + include /usr/syno/etc/www/certificate/system_default/cert.conf*; + include /usr/syno/etc/security-profile/tls-profile/config/dsm.conf*; + ssl_prefer_server_ciphers on; + + ssl_session_tickets off; + ssl_session_cache shared:SSL:1m; + ssl_session_timeout 3600s; + + ssl_early_data off; + + real_ip_header X-Forwarded-For; + real_ip_recursive on; + set_real_ip_from 127.0.0.1; + + include /var/tmp/nginx/trusted_proxy/*.conf; + + default_listen_option ssl_http2; + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + server_tag "nginx"; + + gzip_disable "msie6"; + gzip_min_length 1000; + gzip_types text/plain text/css application/javascript application/json; + gzip_vary on; + gzip_static on; + + open_file_cache max=1000 inactive=60s; + open_file_cache_valid 3s; + open_file_cache_min_uses 2; + open_file_cache_errors on; + + upstream synoscgi { + server unix:/run/synoscgi.sock; + } + + upstream synoscgi.sock { + server unix:/run/synoscgi_socket.sock; + } + + upstream synoscgi_restfulapi { + server unix:/run/synoscgi_restfulapi.sock; + } + + index index.html index.htm index.php; + + server { + listen 5000 default_server; + listen [::]:5000 default_server; + + server_name _; + + gzip on; + + include conf.d/alias.*.conf; + root /usr/syno/synoman; + index index.cgi; + + ignore_invalid_headers off; + + include /usr/syno/share/nginx/conf.d/dsm.*.conf; + include conf.d/dsm.*.conf; + + location = / { + try_files $uri /index.cgi$is_args$query_string; + } + + location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { + internal; + + root /; + + open_file_cache off; + + include conf.d/x-accel.*.conf; + } + + location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ { + alias /usr/syno/share/OAuth/index_ds.php; + default_type text/html; + } + + location ~ \.cgi { + include scgi_params; + scgi_pass synoscgi; + + scgi_read_timeout 3600s; + } + + location ~ /synoscgi.sock/socket.io/ { + proxy_read_timeout 3600s; + include proxy.conf; + rewrite /synoscgi.sock/(.*)$ /$1 break; + proxy_set_header Connection $connection_upgrade; + proxy_pass http://synoscgi.sock; + + } + + location ~ /api/ { + include scgi_params; + scgi_pass synoscgi_restfulapi; + + scgi_read_timeout 3600s; + } + + error_page 403 404 500 502 503 504 /dsm_error_page; + + location /dsm_error_page { + internal; + root /usr/syno/share/nginx; + rewrite (.*) /error.html break; + allow all; + } + + location ~ ^/webman/modules/Indexer/ { + deny all; + } + + location ~ ^/webapi/lib/ { + deny all; + } + + location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { + deny all; + } + + location ~ /\. { access_log off; log_not_found off; deny all; } + + location ~* \.(?:js|css|png|jpg|gif|ico)$ { + access_log off; + log_not_found off; + } + + location = /favicon.ico { + access_log off; + log_not_found off; + } + + location = /robots.txt { + allow all; + access_log off; + log_not_found off; + } + + } + + server { + listen 5001 default_server ssl; + listen [::]:5001 default_server ssl; + + server_name _; + + include conf.d/ssl.*.conf; + + include conf.d/alias.*.conf; + root /usr/syno/synoman; + index index.cgi; + + ignore_invalid_headers off; + + include /usr/syno/share/nginx/conf.d/dsm.*.conf; + include conf.d/dsm.*.conf; + + location = / { + try_files $uri /index.cgi$is_args$query_string; + } + + location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { + internal; + + root /; + + open_file_cache off; + + include conf.d/x-accel.*.conf; + } + + location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ { + alias /usr/syno/share/OAuth/index_ds.php; + default_type text/html; + } + + location ~ \.cgi { + include scgi_params; + scgi_pass synoscgi; + + scgi_read_timeout 3600s; + } + + location ~ /synoscgi.sock/socket.io/ { + proxy_read_timeout 3600s; + include proxy.conf; + rewrite /synoscgi.sock/(.*)$ /$1 break; + proxy_set_header Connection $connection_upgrade; + proxy_pass http://synoscgi.sock; + + } + + location ~ /api/ { + include scgi_params; + scgi_pass synoscgi_restfulapi; + + scgi_read_timeout 3600s; + } + + error_page 403 404 500 502 503 504 /dsm_error_page; + + location /dsm_error_page { + internal; + root /usr/syno/share/nginx; + rewrite (.*) /error.html break; + allow all; + } + + location ~ ^/webman/modules/Indexer/ { + deny all; + } + + location ~ ^/webapi/lib/ { + deny all; + } + + location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { + deny all; + } + + location ~ /\. { access_log off; log_not_found off; deny all; } + + location ~* \.(?:js|css|png|jpg|gif|ico)$ { + access_log off; + log_not_found off; + } + + location = /favicon.ico { + access_log off; + log_not_found off; + } + + location = /robots.txt { + allow all; + access_log off; + log_not_found off; + } + + } + + server { + listen 5000; + listen [::]:5000; + + server_name ntc3-nas.direct.quickconnect.to *.ntc3-nas.direct.quickconnect.to; + set $fqdn $server_name; + + gzip on; + + include conf.d/alias.*.conf; + root /usr/syno/synoman; + index index.cgi; + + ignore_invalid_headers off; + + include /usr/syno/share/nginx/conf.d/dsm.*.conf; + include conf.d/dsm.*.conf; + + location = / { + try_files $uri /index.cgi$is_args$query_string; + } + + location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { + internal; + + root /; + + open_file_cache off; + + include conf.d/x-accel.*.conf; + } + + location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ { + alias /usr/syno/share/OAuth/index_ds.php; + default_type text/html; + } + + location ~ \.cgi { + include scgi_params; + scgi_pass synoscgi; + + scgi_read_timeout 3600s; + } + + location ~ /synoscgi.sock/socket.io/ { + proxy_read_timeout 3600s; + include proxy.conf; + rewrite /synoscgi.sock/(.*)$ /$1 break; + proxy_set_header Connection $connection_upgrade; + proxy_pass http://synoscgi.sock; + + } + + location ~ /api/ { + include scgi_params; + scgi_pass synoscgi_restfulapi; + + scgi_read_timeout 3600s; + } + + error_page 403 404 500 502 503 504 /dsm_error_page; + + location /dsm_error_page { + internal; + root /usr/syno/share/nginx; + rewrite (.*) /error.html break; + allow all; + } + + location ~ ^/webman/modules/Indexer/ { + deny all; + } + + location ~ ^/webapi/lib/ { + deny all; + } + + location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { + deny all; + } + + location ~ /\. { access_log off; log_not_found off; deny all; } + + location ~* \.(?:js|css|png|jpg|gif|ico)$ { + access_log off; + log_not_found off; + } + + location = /favicon.ico { + access_log off; + log_not_found off; + } + + location = /robots.txt { + allow all; + access_log off; + log_not_found off; + } + + } + + server { + listen 5001 ssl; + listen [::]:5001 ssl; + + server_name ntc3-nas.direct.quickconnect.to *.ntc3-nas.direct.quickconnect.to; + set $fqdn $server_name; + + location ^~ /.well-known/acme-challenge { + root /var/lib/letsencrypt; + default_type text/plain; + } + + include /usr/syno/etc/www/certificate/system_quickconnect/cert.conf*; + + include /usr/syno/etc/security-profile/tls-profile/config/system_quickconnect.conf*; + + include conf.d/ssl.*.conf; + + include conf.d/alias.*.conf; + root /usr/syno/synoman; + index index.cgi; + + ignore_invalid_headers off; + + include /usr/syno/share/nginx/conf.d/dsm.*.conf; + include conf.d/dsm.*.conf; + + location = / { + try_files $uri /index.cgi$is_args$query_string; + } + + location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { + internal; + + root /; + + open_file_cache off; + + include conf.d/x-accel.*.conf; + } + + location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ { + alias /usr/syno/share/OAuth/index_ds.php; + default_type text/html; + } + + location ~ \.cgi { + include scgi_params; + scgi_pass synoscgi; + + scgi_read_timeout 3600s; + } + + location ~ /synoscgi.sock/socket.io/ { + proxy_read_timeout 3600s; + include proxy.conf; + rewrite /synoscgi.sock/(.*)$ /$1 break; + proxy_set_header Connection $connection_upgrade; + proxy_pass http://synoscgi.sock; + + } + + location ~ /api/ { + include scgi_params; + scgi_pass synoscgi_restfulapi; + + scgi_read_timeout 3600s; + } + + error_page 403 404 500 502 503 504 /dsm_error_page; + + location /dsm_error_page { + internal; + root /usr/syno/share/nginx; + rewrite (.*) /error.html break; + allow all; + } + + location ~ ^/webman/modules/Indexer/ { + deny all; + } + + location ~ ^/webapi/lib/ { + deny all; + } + + location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { + deny all; + } + + location ~ /\. { access_log off; log_not_found off; deny all; } + + location ~* \.(?:js|css|png|jpg|gif|ico)$ { + access_log off; + log_not_found off; + } + + location = /favicon.ico { + access_log off; + log_not_found off; + } + + location = /robots.txt { + allow all; + access_log off; + log_not_found off; + } + + } + + server { + listen 80 default_server; + listen [::]:80 default_server; + + server_name _; + gzip on; + + location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { + internal; + + root /; + + open_file_cache off; + + include conf.d/x-accel.*.conf; + } + + include conf.d/alias.*.conf; + include /usr/syno/share/nginx/conf.d/www.*.conf; + include conf.d/www.*.conf; + + location = /webdefault/images/logo.jpg { + alias /usr/syno/share/nginx/logo.jpg; + } + + error_page 403 404 500 502 503 504 /dsm_error_page; + + location /dsm_error_page { + internal; + root /usr/syno/share/nginx; + rewrite (.*) /error.html break; + allow all; + } + + location ^~ /.well-known/acme-challenge { + root /var/lib/letsencrypt; + default_type text/plain; + } + + include conf.d/.location.webstation.conf*; + + location / { + root /var/tmp/nginx/html; + add_header Cache-Control 'no-cache'; + rewrite (.*) /redirect.html break; + } + + } + + server { + listen 443 default_server ssl; + listen [::]:443 default_server ssl; + server_name _; + + location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { + internal; + + root /; + + open_file_cache off; + + include conf.d/x-accel.*.conf; + } + + include conf.d/alias.*.conf; + include /usr/syno/share/nginx/conf.d/www.*.conf; + include conf.d/www.*.conf; + + location = /webdefault/images/logo.jpg { + alias /usr/syno/share/nginx/logo.jpg; + } + + error_page 403 404 500 502 503 504 /dsm_error_page; + + location /dsm_error_page { + internal; + root /usr/syno/share/nginx; + rewrite (.*) /error.html break; + allow all; + } + + location ^~ /.well-known/acme-challenge { + root /var/lib/letsencrypt; + default_type text/plain; + } + + include conf.d/.location.webstation.conf*; + + location / { + root /var/tmp/nginx/html; + add_header Cache-Control 'no-cache'; + rewrite (.*) /redirect.html break; + } + + } + + server { + listen 80; + listen [::]:80; + + server_name ntc3-nas.direct.quickconnect.to *.ntc3-nas.direct.quickconnect.to; + set $fqdn $server_name; + + gzip on; + + location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { + internal; + + root /; + + open_file_cache off; + + include conf.d/x-accel.*.conf; + } + + include conf.d/alias.*.conf; + include /usr/syno/share/nginx/conf.d/www.*.conf; + include conf.d/www.*.conf; + + location = /webdefault/images/logo.jpg { + alias /usr/syno/share/nginx/logo.jpg; + } + + error_page 403 404 500 502 503 504 /dsm_error_page; + + location /dsm_error_page { + internal; + root /usr/syno/share/nginx; + rewrite (.*) /error.html break; + allow all; + } + + location ^~ /.well-known/acme-challenge { + root /var/lib/letsencrypt; + default_type text/plain; + } + + include conf.d/.location.webstation.conf*; + + location / { + root /var/tmp/nginx/html; + add_header Cache-Control 'no-cache'; + rewrite (.*) /redirect.html break; + } + + } + + server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name ntc3-nas.direct.quickconnect.to *.ntc3-nas.direct.quickconnect.to; + set $fqdn $server_name; + + include /usr/syno/etc/www/certificate/system_quickconnect/cert.conf*; + + include /usr/syno/etc/security-profile/tls-profile/config/system_quickconnect.conf*; + + location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ { + internal; + + root /; + + open_file_cache off; + + include conf.d/x-accel.*.conf; + } + + include conf.d/alias.*.conf; + include /usr/syno/share/nginx/conf.d/www.*.conf; + include conf.d/www.*.conf; + + location = /webdefault/images/logo.jpg { + alias /usr/syno/share/nginx/logo.jpg; + } + + error_page 403 404 500 502 503 504 /dsm_error_page; + + location /dsm_error_page { + internal; + root /usr/syno/share/nginx; + rewrite (.*) /error.html break; + allow all; + } + + location ^~ /.well-known/acme-challenge { + root /var/lib/letsencrypt; + default_type text/plain; + } + + include conf.d/.location.webstation.conf*; + + location / { + root /var/tmp/nginx/html; + add_header Cache-Control 'no-cache'; + rewrite (.*) /redirect.html break; + } + + } + + include conf.d/http.*.conf; + include sites-enabled/*; +} + +# configuration file /etc/nginx/conf.d/main.login_rate_limit.conf: + +# configuration file /etc/nginx/mime.types: + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/avif avif; + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/wasm wasm; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; + +# Synology added mime type + application/wasm wasm; +} + +# configuration file /usr/syno/etc/www/certificate/system_default/cert.conf: +ssl_certificate /usr/syno/etc/www/certificate/system_default/03ed964b-e07d-4b55-9581-d4e274f27b7e.pem; +ssl_certificate_key /usr/syno/etc/www/certificate/system_default/bb4c1379-b658-4d7e-a3af-066a6171c339.pem; + +# configuration file /usr/syno/etc/security-profile/tls-profile/config/dsm.conf: + + +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; +ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; + + +# configuration file /usr/syno/share/nginx/conf.d/dsm.PackageCenter.conf: +location ^~ /pkgimage { + internal; + alias /var/cache/synopkg/lfs/image; +} + +# configuration file /usr/syno/share/nginx/conf.d/dsm.SecurityAdvisor.conf: +location ~ ^/sar/(.*)$ { + rewrite ^/sar/(.*)$ /webapi/_______________________________________________________entry.cgi?path="$1"&api=SYNO.SecurityAdvisor.Report.HTML&method=open&version=1; +} + +# configuration file /usr/syno/share/nginx/conf.d/dsm.synosharing.conf: +location ~ ^/sharing/([-_\w\d]+)$ { + root /usr/syno/synoman; + rewrite /sharing/([^\/\.]+) /sharing.cgi?_sharing_id=$1 break; + + include scgi_params; + scgi_read_timeout 3600s; + scgi_param IS_SHARING 1; + scgi_pass synoscgi; +} + +location ~ ^/sharing/(.+)\.cgi { + root /usr/syno/synoman; + rewrite /sharing/(.+) /$1 break; + + include scgi_params; + scgi_read_timeout 3600s; + scgi_param IS_SHARING 1; + scgi_pass synoscgi; +} + +location ~ ^/sharing/$ { + root /usr/syno/synoman; + rewrite /sharing/ /sharing.cgi break; + + include scgi_params; + scgi_read_timeout 3600s; + scgi_param IS_SHARING 1; + scgi_pass synoscgi; +} + +location ~ ^/sharing/errors$ { + root /usr/syno/synoman; + rewrite /sharing/errors /sharing.cgi break; + + include scgi_params; + scgi_read_timeout 3600s; + scgi_param IS_SHARING 1; + scgi_pass synoscgi; +} + +location ~ ^/sharing/webman/modules/Indexer/ { + deny all; +} + +location ~ ^/sharing/webapi/lib/ { + deny all; +} + +location ~ ^/sharing/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { + deny all; +} + +location ~ ^/sharing/(.+)$ { + root /usr/syno/synoman; + rewrite /sharing/(.+) /$1 break; +} + +# configuration file /etc/nginx/scgi_params: +scgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +scgi_param CONTENT_LENGTH $content_length; +scgi_param SCRIPT_NAME $fastcgi_script_name; + +scgi_param REQUEST_METHOD $request_method; +scgi_param REQUEST_URI $request_uri; +scgi_param QUERY_STRING $query_string; +scgi_param CONTENT_TYPE $content_type; + +scgi_param DOCUMENT_URI $document_uri; +scgi_param DOCUMENT_ROOT $document_root; +scgi_param SCGI 1; +scgi_param SERVER_PROTOCOL $server_protocol; +scgi_param REQUEST_SCHEME $scheme; +scgi_param HTTPS $https if_not_empty; + +scgi_param GATEWAY_INTERFACE CGI/1.1; +scgi_param SERVER_SOFTWARE nginx/$nginx_version; + +scgi_param REMOTE_ADDR $remote_addr; +scgi_param REMOTE_PORT $remote_port; +scgi_param SERVER_ADDR $server_addr; +scgi_param SERVER_PORT $server_port; +scgi_param SERVER_NAME $host; + +fastcgi_split_path_info ^(.+?\.cgi)(.*)$; +scgi_param PATH_INFO $fastcgi_path_info; + +uninitialized_variable_warn off; + +if ($fqdn = false) { + set $fqdn ""; +} + +scgi_param HOST $fqdn if_not_empty; + +scgi_intercept_errors on; + +# configuration file /etc/nginx/conf.d/dsm.pkg-static.ContainerManager-70163528.conf: +location ~ ^/docker/ws { + proxy_set_header X-Server-IP $server_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Real-HTTPS $https; + proxy_set_header X-Server-Port $server_port; + proxy_set_header X-Real-Port $remote_port; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-Host $http_host; + proxy_http_version 1.1; + proxy_read_timeout 3600s; + + proxy_pass http://127.0.0.1:512; +} + +# configuration file /etc/nginx/conf.d/dsm.pkg-static.SynologyApplicationService-1255611987.conf: +location ~ /webman/3rdparty/SynologyApplicationService/browser_pair/service-worker.js$ { + add_header 'Service-Worker-Allowed' '/'; +} + +# configuration file /etc/nginx/conf.d/dsm.pkg-static.SynologyDrive-1350404196.conf: +location ~ ^/cstndownload/ { + rewrite ^/cstndownload/(.*)$ /webapi/entry.cgi?api=SYNO.SynologyDrive.Node.Download&version=1&method=finish; +} + +# configuration file /etc/nginx/conf.d/dsm.ssdp.conf: +location ~ ^/ssdp/ { + allow 172.20.36.211/24; + deny all; + root /tmp; + access_log off; + log_not_found off; +} + +# configuration file /etc/nginx/conf.d/dsm.syno-app-portal.FileStation.conf: + + +location ~ ^/sharing/([-_\w\d]+)$ { + root /usr/syno/synoman; + rewrite /sharing/([^\/\.]+) /sharing.cgi?_sharing_id=$1 break; + + include scgi_params; + scgi_read_timeout 3600s; + scgi_param IS_SHARING 1; + scgi_pass synoscgi; +} + +location ~ ^/sharing/(.+)\.cgi { + root /usr/syno/synoman; + rewrite /sharing/(.+) /$1 break; + + include scgi_params; + scgi_read_timeout 3600s; + scgi_param IS_SHARING 1; + scgi_pass synoscgi; +} + +location ~ ^/sharing/$ { + root /usr/syno/synoman; + rewrite /sharing/ /sharing.cgi break; + + include scgi_params; + scgi_read_timeout 3600s; + scgi_param IS_SHARING 1; + scgi_pass synoscgi; +} + +location ~ ^/sharing/errors$ { + root /usr/syno/synoman; + rewrite /sharing/errors /sharing.cgi break; + + include scgi_params; + scgi_read_timeout 3600s; + scgi_param IS_SHARING 1; + scgi_pass synoscgi; +} + +location ~ ^/sharing/webman/modules/Indexer/ { + deny all; +} + +location ~ ^/sharing/webapi/lib/ { + deny all; +} + +location ~ ^/sharing/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ { + deny all; +} + +location ~ ^/sharing/(.+)$ { + root /usr/syno/synoman; + rewrite /sharing/(.+) /$1 break; +} + +location ~ /webman/modules/FileBrowser/index_ds.php$ { + default_type text/html; + alias /usr/syno/share/OAuth/index_ds.php; +} + +location ~ ^/wfmlogindialog.js(.*) { + root /usr/syno/synoman; + rewrite /wfmlogindialog.js(.*) /webman/3rdparty/FileBrowser/directlogin.js$1 break; +} + +location ~ ^/fbsharing/(.*)$ { + root /usr/syno/synoman; + rewrite /fbsharing/(.*)$ $scheme://$http_host/sharing/fbsharing-$1 break; +} + +location ~ ^/fsdownload/webapi/file_download\.cgi/(.*)$ { + root /usr/syno/synoman; + rewrite /fsdownload/webapi/file_download\.cgi/(.*)$ /webapi/_______________________________________________________entry.cgi?api=SYNO.FolderSharing.Download&version=2&method=download break; + scgi_param REWRITE_APP "SYNO.SDS.App.FileStation3.Instance"; + scgi_read_timeout 3600s; + include scgi_params; + scgi_pass synoscgi; + +} + +location ~ ^/fsdownload/(webman|scripts|synoSDSjslib)/(.*)$ { + root /usr/syno/synoman; + rewrite /fsdownload/(.*)$ /$1 break; +} + +location ~ ^/fsdownload/webapi/(.*)$ { + root /usr/syno/synoman; + rewrite /fsdownload/(.*)$ /$1 break; + scgi_param REWRITE_APP "SYNO.SDS.App.FileStation3.Instance"; + scgi_read_timeout 3600s; + include scgi_params; + scgi_pass synoscgi; + +} + +location ~ ^/fsdownload/([-_\w\d]+)/(.*)$ { + root /usr/syno/synoman; + rewrite /fsdownload/([-_\w\d]+)/(.*)$ /webapi/_______________________________________________________entry.cgi?api=SYNO.FileStation.Sharing.Download&version=1&method=download&_sharing_id="$1"&mode=download break; + scgi_param REWRITE_APP "SYNO.SDS.App.FileStation3.Instance"; + scgi_read_timeout 3600s; + include scgi_params; + scgi_pass synoscgi; + +} + +location ~ ^/fbdownload/(.*)$ { + root /usr/syno/synoman; + if ($args ~* "^k=(.*)") { + rewrite ^.*$ $scheme://$http_host/sharing/fbsharing-$arg_k? last; + } + rewrite /fbdownload/(.*)$ /webapi/_______________________________________________________entry.cgi?api=SYNO.FileStation.Download&version=2&method=download&mode=download&stdhtml=true break; + scgi_param REWRITE_APP "SYNO.SDS.App.FileStation3.Instance"; + scgi_read_timeout 3600s; + include scgi_params; + scgi_pass synoscgi; + +} + +location ~ ^/fbgdrivedownload/(.*)$ { + root /usr/syno/synoman; + rewrite /fbgdrivedownload/(.*) /webapi/_______________________________________________________entry.cgi?api=SYNO.FileStation.VFS.GDrive&method=download&version=1&mode=download&stdhtml=true break; + scgi_param REWRITE_APP "SYNO.SDS.App.FileStation3.Instance"; + scgi_read_timeout 3600s; + include scgi_params; + scgi_pass synoscgi; + +} + +location ~ ^/viewer/(.*)/(.*)/(.*)/(.*)$ { + root /usr/syno/synoman; + rewrite /viewer/(.*)/(.*)/(.*)/(.*) /webapi/_______________________________________________________entry.cgi?api=SYNO.FileStation.Download&version=2&method=download&dlink="$1"&tid="$2"&SynoToken=$3&mode=open&stdhtml=true break; + scgi_param REWRITE_APP "SYNO.SDS.App.FileStation3.Instance"; + scgi_read_timeout 3600s; + include scgi_params; + scgi_pass synoscgi; + +} + + +# configuration file /etc/nginx/conf.d/dsm.syno-app-portal.SynologyDrive.conf: +location ~ ^/d/f/ { + root /usr/syno/synoman; + index index.cgi; + + rewrite /d/f/([0-9a-zA-Z_]+\.(txt|cgi))$ /$1 last; + rewrite /d/f/(webman|scripts|synoSDSjslib|synoSDSjslib-compatible-6.x|synohdpack|oauth|webapi)/(.*)$ /$1/$2 last; + rewrite /d/f/([0-9a-zA-Z]+)$ /webapi/entry.cgi?api=SYNO.SynologyDrive.Shard&version=1&method=get&link_id="$1"&sharing_type=simple_sharing break; + + include scgi_params; + scgi_pass synoscgi; + +} + +location ~ ^/d/s/ { + root /usr/syno/synoman; + index index.cgi; + + rewrite /d/s/([0-9a-zA-Z]+)/([0-9a-zA-Z_]+\.(txt|cgi))$ /$2 last; + rewrite /d/s/([0-9a-zA-Z]+)/(webman|scripts|synoSDSjslib|synoSDSjslib-compatible-6.x|synohdpack|oauth|webapi|oo|sc)/(.*)$ /$2/$3 last; + rewrite /d/s/([0-9a-zA-Z]+)/([^/]+)$ /webapi/entry.cgi?api=SYNO.SynologyDrive.Shard&version=1&method=get&link_id="$1"&sharing_link="$2"&sharing_type=public_sharing break; + + include scgi_params; + scgi_pass synoscgi; + +} + +location ~ ^/d/r/ { + root /usr/syno/synoman; + index index.cgi; + + rewrite /d/r/([0-9a-zA-Z]+)/([0-9a-zA-Z_]+\.(txt|cgi))$ /$2 last; + rewrite /d/r/([0-9a-zA-Z]+)/(webman|scripts|synoSDSjslib|synoSDSjslib-compatible-6.x|synohdpack|oauth|webapi|oo|sc)/(.*)$ /$2/$3 last; + rewrite /d/r/([0-9a-zA-Z]+)/([^/]+)$ /webapi/entry.cgi?api=SYNO.SynologyDrive.Shard&version=1&method=get&link_id="$1"&sharing_link="$2"&sharing_type=file_request break; + + include scgi_params; + scgi_pass synoscgi; + +} + + +# configuration file /etc/nginx/conf.d/dsm.synorelayd.conf: +location ~ ^/webman/pingpong.cgi { + default_type text/plain; + root /usr/syno/synoman; + if ($arg_quickconnect) { + add_header Access-Control-Allow-Origin *; + return 200 '{"success": true, "ezid": "7a392a5bf75f985997202aff4ba36a52"}'; + } + include scgi_params; + scgi_pass synoscgi; +} + +# configuration file /etc/nginx/proxy.conf: +proxy_set_header X-Forwarded-By $server_addr; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-Forwarded-Port $server_port; +proxy_set_header Host $http_host; +proxy_set_header Upgrade $http_upgrade; +proxy_http_version 1.1; + +# configuration file /etc/nginx/conf.d/ssl.compress.conf: +gzip off; + +# configuration file /usr/syno/etc/www/certificate/system_quickconnect/cert.conf: +ssl_certificate /usr/syno/etc/www/certificate/system_quickconnect/d3efac81-5201-430a-b1e1-889a54749cc2.pem; +ssl_certificate_key /usr/syno/etc/www/certificate/system_quickconnect/5aa70095-d40d-4c78-a844-5e8b213263f7.pem; +ssl_certificate /usr/syno/etc/www/certificate/system_quickconnect/75f7d883-2982-40cc-aaa1-dff3a6384c39.pem; +ssl_certificate_key /usr/syno/etc/www/certificate/system_quickconnect/d65137ec-841c-442d-8938-0f7fb7649778.pem; + +# configuration file /usr/syno/etc/security-profile/tls-profile/config/system_quickconnect.conf: + + +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; +ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; + + +# configuration file /etc/nginx/conf.d/www.webservice_portal_6ba05a28-ac75-407d-8d06-a6df656d49c4.conf: + +location = /phpmyadmin { + rewrite ^/(.*)$ $1/ permanent; +} + +include conf.d/.service.6ba05a28-ac75-407d-8d06-a6df656d49c4.2202361b-2b4d-44a7-b676-811dc36c570c.conf*; + +location ~ ^/phpmyadmin/ { + + include conf.d/.webstation.error_page.default.conf*; + + return 404; +} + +# configuration file /etc/nginx/conf.d/.service.6ba05a28-ac75-407d-8d06-a6df656d49c4.2202361b-2b4d-44a7-b676-811dc36c570c.conf: + +location ^~ /phpmyadmin/ { + + include conf.d/.webstation.error_page.default.conf*; + + location = /phpmyadmin/ { + alias "/var/services/web_packages/phpmyadmin/"; + } + + alias "/var/services/web_packages/phpmyadmin/"; + index index.php index.htm index.html; + + location ~* \.(php[345]?|phtml)$ { + fastcgi_pass unix:/run/php-fpm/php-2202361b-2b4d-44a7-b676-811dc36c570c.sock; + + fastcgi_connect_timeout 60s; + fastcgi_read_timeout 3600s; + fastcgi_send_timeout 60s; + + fastcgi_param SCRIPT_FILENAME $request_filename; + + fastcgi_param QUERY_STRING $query_string; + + fastcgi_param REQUEST_METHOD $request_method; + + fastcgi_param CONTENT_TYPE $content_type; + + fastcgi_param CONTENT_LENGTH $content_length; + + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + + fastcgi_param REQUEST_URI $request_uri; + + fastcgi_param DOCUMENT_URI $document_uri; + + fastcgi_param DOCUMENT_ROOT $document_root; + + fastcgi_param SERVER_PROTOCOL $server_protocol; + + fastcgi_param REQUEST_SCHEME $scheme; + + fastcgi_param HTTPS $https if_not_empty; + + fastcgi_param GATEWAY_INTERFACE CGI/1.1; + + fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + + fastcgi_param REMOTE_ADDR $remote_addr; + + fastcgi_param REMOTE_PORT $remote_port; + + fastcgi_param SERVER_ADDR $server_addr; + + fastcgi_param SERVER_PORT $server_port; + + fastcgi_param SERVER_NAME $server_name; + + fastcgi_param REDIRECT_STATUS 200; + + include /usr/local/etc/nginx/conf.d/2202361b-2b4d-44a7-b676-811dc36c570c/fastcgi.conf*; + } + + include /usr/local/etc/nginx/conf.d/2202361b-2b4d-44a7-b676-811dc36c570c/user.conf*; + +} + + +# configuration file /etc/nginx/conf.d/.webstation.error_page.default.conf: + + +error_page 400 /webstation_error_page_custom_default_400; + +error_page 401 /webstation_error_page_custom_default_401; + +error_page 402 /webstation_error_page_custom_default_402; + +error_page 403 /webstation_error_page_custom_default_403; + +error_page 404 /webstation_error_page_custom_default_404; + +error_page 405 /webstation_error_page_custom_default_405; + +error_page 406 /webstation_error_page_custom_default_406; + +error_page 407 /webstation_error_page_custom_default_407; + +error_page 408 /webstation_error_page_custom_default_408; + +error_page 500 /webstation_error_page_custom_default_500; + +error_page 501 /webstation_error_page_custom_default_501; + +error_page 502 /webstation_error_page_custom_default_502; + +error_page 503 /webstation_error_page_custom_default_503; + +error_page 504 /webstation_error_page_custom_default_504; + +error_page 505 /webstation_error_page_custom_default_505; + +error_page 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 /webstation_error_page_custom_default_default; + +# configuration file /etc/nginx/conf.d/.location.webstation.conf: +location ~ ^/~([^\/]*)/ { + proxy_ignore_headers X-Accel-Redirect; + proxy_read_timeout 3600s; + proxy_set_header X-Forwarded-By $server_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-HTTPS $https; + proxy_set_header X-Port $server_port; + proxy_set_header X-Real-Port $remote_port; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_http_version 1.1; + proxy_intercept_errors off; + + error_page 404 /_webstation_/404.html; + return 404; + +} + +location ^~ /_webstation_/ { + alias /var/packages/WebStation/target/error_page/; +} + +include conf.d/.webstation.error_page.*.resource.conf*; + +location ~ ^ { + proxy_ignore_headers X-Accel-Redirect; + proxy_read_timeout 3600s; + proxy_set_header X-Forwarded-By $server_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-HTTPS $https; + proxy_set_header X-Port $server_port; + proxy_set_header X-Real-Port $remote_port; + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_http_version 1.1; + proxy_intercept_errors off; + proxy_redirect http:// $scheme://; + + error_page 502 /_webstation_/$status.html; + proxy_pass http://unix:/run/webstation_default.sock; +} +# configuration file /etc/nginx/conf.d/.webstation.error_page.default.resource.conf: + + +location ~ /webstation_error_page_custom_default_400 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /336f5e0b-f250-45db-b124-cab3c77adc5f.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_401 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /e1ff34ae-678b-4c6d-9c75-f05f61461351.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_402 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /01bec347-ca0a-4501-88f0-c24d0fa952ba.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_403 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /8e0b3b6c-dbf8-449c-836f-0415c8b104fe.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_404 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /9afb9e7a-d57c-4d5c-998e-70f62d9eaf6f.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_405 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /e49ab32b-1ee6-4b35-8790-06667e81e2aa.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_406 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /050fd3fb-2bb7-4b3f-ac11-c323ac5bae5a.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_407 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /43e2f964-a2f5-4d8d-85b3-759e097c3020.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_408 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /0f14ba31-a600-4bdc-a961-b78402e0b9fb.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_500 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /70a86fb4-28dc-4e01-af28-4e984b4c0bff.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_501 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /847c60bb-816b-45ab-af50-bff6ea2c17d9.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_502 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /acba7191-33ca-49ba-9aeb-bba7e98e642f.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_503 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /0605e1eb-d793-4dba-bfa8-44dc61bd3e0f.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_504 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /bc7e53bc-2149-4d0c-8759-6ec7738c3ab2.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_505 { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /42fe9463-b04d-48ea-991a-88578696484f.html break; + allow all; +} + +location ~ /webstation_error_page_custom_default_default { + internal; + root /var/packages/WebStation/var/error_page/default; + rewrite ^ /e6977d21-8af9-43a7-9717-6e3b656e4d3e.html break; + allow all; +} + + +# configuration file /etc/nginx/sites-enabled/server.ReverseProxy.conf: + + +# configuration file /etc/nginx/sites-enabled/server.webstation.conf: +server { + listen unix:/run/webstation_default.sock; + root /var/services/web; + index index.html index.php index.cgi; + + set_real_ip_from unix:; + real_ip_header X-Real-IP; + + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_param REQUEST_URI $request_uri; + fastcgi_param DOCUMENT_URI $document_uri; + fastcgi_param DOCUMENT_ROOT $document_root; + fastcgi_param SERVER_PROTOCOL $server_protocol; + fastcgi_param HTTPS $http_x_https if_not_empty; + fastcgi_param GATEWAY_INTERFACE CGI/1.1; + fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + + fastcgi_param REMOTE_ADDR $remote_addr; + fastcgi_param REMOTE_PORT $http_x_real_port; + fastcgi_param SERVER_ADDR $http_x_forwarded_by; + fastcgi_param SERVER_PORT $http_x_port; + fastcgi_param SERVER_NAME $host; + fastcgi_param REDIRECT_STATUS 200; + fastcgi_intercept_errors on; + fastcgi_read_timeout 3600s; + + include conf.d/.webstation.error_page.default.conf*; + + include conf.d/.webstation.error_page.default.resource.conf*; + + location ^~ /_webstation_/ { + alias /var/packages/WebStation/target/error_page/; + } + location ~* \.(php[345]?|phtml)$ { + + fastcgi_pass unix:/run/php-fpm/php-b9a41bca-af4e-11e9-9fc0-6335258c6d96.sock; + + } + location ~* \.cgi { + fastcgi_pass unix:/run/fcgiwrap.sock; + } +} + +# configuration file /etc/nginx/sites-enabled/synowstransfer-nginx.conf: +server { + listen 5357 default_server; + listen [::]:5357 default_server; + + location / { + proxy_pass http://unix:/tmp/synowstransfer.sock; + } +} + +# configuration file /etc/nginx/sites-enabled/webservice_portal_2cb0caad-5034-43b1-8f49-32aa6aafb709: + + +server { + + listen 8085 default_server; + listen [::]:8085 default_server; + + server_name _; + + error_log /var/packages/WebStation/var/log/nginx_error_log warn; + + include /usr/syno/etc/www/certificate/WebStation_2cb0caad-5034-43b1-8f49-32aa6aafb709/cert.conf*; + + include /usr/syno/etc/security-profile/tls-profile/config/WebStation_2cb0caad-5034-43b1-8f49-32aa6aafb709.conf*; + + ssl_prefer_server_ciphers on; + + include conf.d/.webstation.error_page.default.conf*; + + include conf.d/.webstation.error_page.default.resource.conf*; + + location / { + return 404; + } + +} + + +# configuration file /usr/syno/etc/www/certificate/WebStation_2cb0caad-5034-43b1-8f49-32aa6aafb709/cert.conf: +ssl_certificate /usr/syno/etc/www/certificate/WebStation_2cb0caad-5034-43b1-8f49-32aa6aafb709/ff57f193-ecaa-4582-b0e2-b54827f840b0.pem; +ssl_certificate_key /usr/syno/etc/www/certificate/WebStation_2cb0caad-5034-43b1-8f49-32aa6aafb709/624f702e-6a48-464d-9415-f504f14f5c9e.pem; + +# configuration file /usr/syno/etc/security-profile/tls-profile/config/WebStation_2cb0caad-5034-43b1-8f49-32aa6aafb709.conf: + + +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; +ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; + + +# configuration file /etc/nginx/sites-enabled/webservice_portal_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5: + + +server { + + listen 8087 default_server; + listen [::]:8087 default_server; + + server_name _; + + error_log /var/packages/WebStation/var/log/nginx_error_log warn; + + include /usr/syno/etc/www/certificate/WebStation_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5/cert.conf*; + + include /usr/syno/etc/security-profile/tls-profile/config/WebStation_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5.conf*; + + ssl_prefer_server_ciphers on; + + include conf.d/.webstation.error_page.default.conf*; + + include conf.d/.webstation.error_page.default.resource.conf*; + + location / { + return 404; + } + +} + + +# configuration file /usr/syno/etc/www/certificate/WebStation_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5/cert.conf: +ssl_certificate /usr/syno/etc/www/certificate/WebStation_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5/8b6cc71f-e8f0-4283-a69e-ce49e11971ae.pem; +ssl_certificate_key /usr/syno/etc/www/certificate/WebStation_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5/88db9094-5dbb-44b3-8485-b16cd59795ad.pem; + +# configuration file /usr/syno/etc/security-profile/tls-profile/config/WebStation_33a79a7d-ab22-4caa-aa38-3ab94a23f6e5.conf: + + +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; +ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; + + +# configuration file /etc/nginx/sites-enabled/webservice_portal_7531c0cc-0fb8-43c3-9765-d9713c59493e: + + +server { + + listen 50010 default_server; + listen [::]:50010 default_server; + + server_name _; + + error_log /var/packages/WebStation/var/log/nginx_error_log warn; + + include /usr/syno/etc/www/certificate/WebStation_7531c0cc-0fb8-43c3-9765-d9713c59493e/cert.conf*; + + include /usr/syno/etc/security-profile/tls-profile/config/WebStation_7531c0cc-0fb8-43c3-9765-d9713c59493e.conf*; + + ssl_prefer_server_ciphers on; + + include conf.d/.webstation.error_page.default.conf*; + + include conf.d/.webstation.error_page.default.resource.conf*; + + location / { + return 404; + } + +} + + +# configuration file /usr/syno/etc/www/certificate/WebStation_7531c0cc-0fb8-43c3-9765-d9713c59493e/cert.conf: +ssl_certificate /usr/syno/etc/www/certificate/WebStation_7531c0cc-0fb8-43c3-9765-d9713c59493e/2de8a8b3-e227-4f99-bcfe-ab3cbd6465d8.pem; +ssl_certificate_key /usr/syno/etc/www/certificate/WebStation_7531c0cc-0fb8-43c3-9765-d9713c59493e/7ad5d52a-3a0a-4121-991e-18cf907f934b.pem; + +# configuration file /usr/syno/etc/security-profile/tls-profile/config/WebStation_7531c0cc-0fb8-43c3-9765-d9713c59493e.conf: + + +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; +ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; + + +# configuration file /etc/nginx/sites-enabled/webservice_portal_8059b45e-e99d-4a75-8ac5-b2d006061963: + + +server { + + listen 80; + listen [::]:80; + + server_name nas-ntc3.stc-spb.ru ; + + if ( $host !~ "(^nas-ntc3.stc-spb.ru$)" ) { return 404; } + + error_log /var/packages/WebStation/var/log/nginx_error_log warn; + + include /usr/syno/etc/www/certificate/WebStation_8059b45e-e99d-4a75-8ac5-b2d006061963/cert.conf*; + + include /usr/syno/etc/security-profile/tls-profile/config/WebStation_8059b45e-e99d-4a75-8ac5-b2d006061963.conf*; + + ssl_prefer_server_ciphers on; + + location ^~ /.well-known/acme-challenge { + root /var/lib/letsencrypt; + default_type text/plain; + } + + include conf.d/.webstation.error_page.default.conf*; + + include conf.d/.webstation.error_page.default.resource.conf*; + + include conf.d/.service.8059b45e-e99d-4a75-8ac5-b2d006061963.4e8330be-1351-43d8-a63e-cfff736f5d8b.conf*; + +} + + +# configuration file /usr/syno/etc/www/certificate/WebStation_8059b45e-e99d-4a75-8ac5-b2d006061963/cert.conf: +ssl_certificate /usr/syno/etc/www/certificate/WebStation_8059b45e-e99d-4a75-8ac5-b2d006061963/a6c94283-c1af-40dd-b550-3991ca6589b0.pem; +ssl_certificate_key /usr/syno/etc/www/certificate/WebStation_8059b45e-e99d-4a75-8ac5-b2d006061963/3f3d2818-d7b7-4436-8d48-d6d4383c4404.pem; + +# configuration file /usr/syno/etc/security-profile/tls-profile/config/WebStation_8059b45e-e99d-4a75-8ac5-b2d006061963.conf: + + +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; +ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; + + +# configuration file /etc/nginx/conf.d/.service.8059b45e-e99d-4a75-8ac5-b2d006061963.4e8330be-1351-43d8-a63e-cfff736f5d8b.conf: + + + location ~ / { + + proxy_connect_timeout 300s; + proxy_read_timeout 300s; + proxy_send_timeout 300s; + + proxy_pass http://127.0.0.1:915; + + proxy_set_header X-Forwarded-By $server_addr; + + proxy_set_header X-Real-IP $remote_addr; + + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_set_header X-Forwarded-Port $server_port; + + proxy_set_header Host $http_host; + + proxy_set_header Upgrade $http_upgrade; + + proxy_set_header Connection $connection_upgrade; + + proxy_http_version 1.1; + + include /usr/local/etc/nginx/conf.d/4e8330be-1351-43d8-a63e-cfff736f5d8b/proxy.conf*; + } + + include /usr/local/etc/nginx/conf.d/4e8330be-1351-43d8-a63e-cfff736f5d8b/user.conf*; + + +# configuration file /etc/nginx/sites-enabled/webservice_portal_b9ee969b-7e47-4383-a293-c630b5877830: + + +server { + + listen 50011 default_server; + listen [::]:50011 default_server; + + server_name _; + + error_log /var/packages/WebStation/var/log/nginx_error_log warn; + + include /usr/syno/etc/www/certificate/WebStation_b9ee969b-7e47-4383-a293-c630b5877830/cert.conf*; + + include /usr/syno/etc/security-profile/tls-profile/config/WebStation_b9ee969b-7e47-4383-a293-c630b5877830.conf*; + + ssl_prefer_server_ciphers on; + + include conf.d/.webstation.error_page.default.conf*; + + include conf.d/.webstation.error_page.default.resource.conf*; + + location / { + return 404; + } + +} + + +# configuration file /usr/syno/etc/www/certificate/WebStation_b9ee969b-7e47-4383-a293-c630b5877830/cert.conf: +ssl_certificate /usr/syno/etc/www/certificate/WebStation_b9ee969b-7e47-4383-a293-c630b5877830/3e42a9d2-2900-4ca0-ae05-d0b7c37dfc5b.pem; +ssl_certificate_key /usr/syno/etc/www/certificate/WebStation_b9ee969b-7e47-4383-a293-c630b5877830/ed4b380a-449b-47d6-adfc-23447835042c.pem; + +# configuration file /usr/syno/etc/security-profile/tls-profile/config/WebStation_b9ee969b-7e47-4383-a293-c630b5877830.conf: + + +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; +ssl_dhparam /usr/syno/etc/ssl/dh2048.pem; + +