jared
/
ja13-nginx
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

some stuff change

master
Jared Dunbar 3 years ago
parent
3de0ec104e
commit
09af35a737
Signed by: jared GPG Key ID: CF202CC859BAC692
1 changed files with 33 additions and 46 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 79
      nginx.conf

79
nginx.conf
View File

@ -6,11 +6,9 @@ events {
http {
# Some SSL stuff
# when move to nginx 1.13, add TLSv1.3 below
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
# specifically, not RC4.
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
ssl_prefer_server_ciphers on;
# Some global configurations
client_max_body_size 10M;
@ -20,11 +18,20 @@ http {
keepalive_timeout 65;
gzip on;
# header crap
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer" always;
add_header Content-Security-Policy "self" always;
# http://ja13.org and https://ja13.org
server {
server_name ja13.org;
listen 80;
listen 443 http2 ssl;
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /srv/http/http;
ssl_certificate /etc/letsencrypt/live/ja13.org-0001/fullchain.pem;
@ -55,9 +62,14 @@ http {
server {
server_name john.ja13.org;
listen 80;
listen 443 http2 ssl;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /srv/http/john;
allow 10.0.0.0/24;
deny all;
ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
@ -70,7 +82,9 @@ http {
server {
server_name ns1.ja13.org;
listen 80;
listen 443 http2 ssl;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /srv/http/ns1;
ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
@ -96,12 +110,14 @@ http {
server {
server_name wifi.ja13.org;
listen 80;
listen 443 http2 ssl;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /srv/http;
allow 10.0.0.0/24;
deny all;
ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
@ -109,39 +125,6 @@ http {
proxy_set_header Referer "";
proxy_ssl_verify off;
proxy_pass https://127.0.0.1:8443;
}
}
# http://source.ja13.org and https://source.ja13.org
server {
server_name source.ja13.org;
listen 80;
listen 443 http2 ssl;
ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
location / {
# this will probably be changed later
proxy_pass http://10.0.0.10:80;
}
location /robots.txt {
root /srv/http/common;
index robots.txt;
}
location /favicon.ico {
root /srv/http/common;
index favicon.ico;
}
}
server {
server_name nx.ja13.org;
listen 80;
location / {
return 301 https://docs.plm.automation.siemens.com/tdoc/nx/12.0.1/nx_help/;
}
}
@ -149,7 +132,9 @@ http {
server {
server_name resume.ja13.org;
listen 80;
listen 443 http2 ssl;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /srv/http/resume;
ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
@ -175,7 +160,9 @@ http {
server {
server_name _;
listen 80 default_server;
listen 443 http2 default_server ssl;
listen [::]:80 default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /srv/http/lost;
ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;

Write Preview
Loading…
Cancel
Save