Procházet zdrojové kódy

some stuff change

master
Jared Dunbar před 3 roky
rodič
revize
09af35a737
Signed by: jared GPG Key ID: CF202CC859BAC692
  1. 79
      nginx.conf

79
nginx.conf

@ -6,11 +6,9 @@ events {
http {
# Some SSL stuff
# when move to nginx 1.13, add TLSv1.3 below
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
# specifically, not RC4.
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
ssl_prefer_server_ciphers on;
# Some global configurations
client_max_body_size 10M;
@ -20,11 +18,20 @@ http {
keepalive_timeout 65;
gzip on;
# header crap
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer" always;
add_header Content-Security-Policy "self" always;
# http://ja13.org and https://ja13.org
server {
server_name ja13.org;
listen 80;
listen 443 http2 ssl;
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /srv/http/http;
ssl_certificate /etc/letsencrypt/live/ja13.org-0001/fullchain.pem;
@ -55,9 +62,14 @@ http {
server {
server_name john.ja13.org;
listen 80;
listen 443 http2 ssl;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /srv/http/john;
allow 10.0.0.0/24;
deny all;
ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
@ -70,7 +82,9 @@ http {
server {
server_name ns1.ja13.org;
listen 80;
listen 443 http2 ssl;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /srv/http/ns1;
ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
@ -96,12 +110,14 @@ http {
server {
server_name wifi.ja13.org;
listen 80;
listen 443 http2 ssl;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /srv/http;
allow 10.0.0.0/24;
deny all;
ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
@ -109,39 +125,6 @@ http {
proxy_set_header Referer "";
proxy_ssl_verify off;
proxy_pass https://127.0.0.1:8443;
}
}
# http://source.ja13.org and https://source.ja13.org
server {
server_name source.ja13.org;
listen 80;
listen 443 http2 ssl;
ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
location / {
# this will probably be changed later
proxy_pass http://10.0.0.10:80;
}
location /robots.txt {
root /srv/http/common;
index robots.txt;
}
location /favicon.ico {
root /srv/http/common;
index favicon.ico;
}
}
server {
server_name nx.ja13.org;
listen 80;
location / {
return 301 https://docs.plm.automation.siemens.com/tdoc/nx/12.0.1/nx_help/;
}
}
@ -149,7 +132,9 @@ http {
server {
server_name resume.ja13.org;
listen 80;
listen 443 http2 ssl;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /srv/http/resume;
ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
@ -175,7 +160,9 @@ http {
server {
server_name _;
listen 80 default_server;
listen 443 http2 default_server ssl;
listen [::]:80 default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /srv/http/lost;
ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;

Načítá se…
Zrušit
Uložit