server { listen 443 ssl http2; server_name _ default_server; ssl_certificate /etc/nginx/ssl/kibana.crt; ssl_certificate_key /etc/nginx/ssl/kibana.key; server_tokens off; ssl_session_timeout 1d; ssl_session_cache shared:SSL:15m; ssl_session_tickets off; # modern configuration. tweak to your needs. ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; # Uncomment this next line if you are using a signed, trusted cert #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; #auth_basic "Login required"; #auth_basic_user_file /etc/nginx/htpasswd; location / { proxy_pass http://kibana:5601; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 80; return 301 https://$host$request_uri; }