# nginx.conf — Stack de test nginx + ja4ebpf # HTTP/2 activé (h2) pour tester le parsing de la preface HTTP/2 par ja4ebpf. user nginx; worker_processes auto; error_log /var/log/nginx/error.log warn; pid /run/nginx/nginx.pid; events { worker_connections 1024; use epoll; } http { include /etc/nginx/mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; keepalive_requests 200; # Log format étendu (debug) log_format main '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' 'ssl_protocol=$ssl_protocol ssl_cipher=$ssl_cipher'; access_log /var/log/nginx/access.log main; # ── Serveur HTTP (port 80) ───────────────────────────────────────────── server { listen 80; server_name _; location /health { return 200 '{"status":"ok","stack":"nginx"}'; add_header Content-Type application/json; } # Redirection HTTPS optionnelle (trafic HTTP testé directement) location / { root /var/www/html; index index.html; try_files $uri $uri/ =404; } } # ── Serveur HTTPS (port 443) avec HTTP/2 ────────────────────────────── server { listen 443 ssl http2; server_name _; ssl_certificate /etc/pki/tls/certs/nginx.crt; ssl_certificate_key /etc/pki/tls/private/nginx.key; # Suites de chiffrement variées pour générer plusieurs JA4 distincts ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers off; # Activation du session resumption (teste le parsing ja4ebpf de session IDs) ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; location /health { return 200 '{"status":"ok","stack":"nginx","tls":true}'; add_header Content-Type application/json; } location / { root /var/www/html; index index.html; try_files $uri $uri/ =404; } # Endpoint POST pour tester la capture des requêtes avec body location /api/ { return 200 '{"result":"accepted"}'; add_header Content-Type application/json; } } }