diff options
author | jaseg <code@jaseg.net> | 2019-03-28 01:50:07 +0900 |
---|---|---|
committer | jaseg <git@jaseg.net> | 2019-03-28 01:50:07 +0900 |
commit | 84148e368d3804c841d566cd0a8f28263445ef97 (patch) | |
tree | 4c718a75ea3ad42beccd64274562bd4a04b3d3bd /gerboweb/deploy/nginx.conf | |
parent | dabe1d8809348cf82c82b9a871f0509e1403a8cd (diff) | |
download | gerbolyze-84148e368d3804c841d566cd0a8f28263445ef97.tar.gz gerbolyze-84148e368d3804c841d566cd0a8f28263445ef97.tar.bz2 gerbolyze-84148e368d3804c841d566cd0a8f28263445ef97.zip |
gerboweb: Add HTTPS via letsencrypt
Diffstat (limited to 'gerboweb/deploy/nginx.conf')
-rw-r--r-- | gerboweb/deploy/nginx.conf | 50 |
1 files changed, 20 insertions, 30 deletions
diff --git a/gerboweb/deploy/nginx.conf b/gerboweb/deploy/nginx.conf index 22b3be2..c76a3db 100644 --- a/gerboweb/deploy/nginx.conf +++ b/gerboweb/deploy/nginx.conf @@ -39,8 +39,28 @@ http { listen 80 default_server; listen [::]:80 default_server; server_name gerbolyze.jaseg.net; + return 301 https://$host$request_uri; + } + + server { + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; + server_name gerbolyze.jaseg.net; root /usr/share/nginx/html; + ssl_certificate "/etc/letsencrypt/live/gerbolyze.jaseg.net/fullchain.pem"; + ssl_certificate_key "/etc/letsencrypt/live/gerbolyze.jaseg.net/privkey.pem"; + ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem"; + include /etc/letsencrypt/options-ssl-nginx.conf; + + ssl_stapling on; + ssl_stapling_verify on; + + resolver 67.207.67.2 67.207.67.3 valid=300s; + resolver_timeout 10s; + + add_header Strict-Transport-Security "max-age=86400"; + # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; @@ -64,35 +84,5 @@ http { } } -# Settings for a TLS enabled server. -# -# server { -# listen 443 ssl http2 default_server; -# listen [::]:443 ssl http2 default_server; -# server_name _; -# root /usr/share/nginx/html; -# -# ssl_certificate "/etc/pki/nginx/server.crt"; -# ssl_certificate_key "/etc/pki/nginx/private/server.key"; -# ssl_session_cache shared:SSL:1m; -# ssl_session_timeout 10m; -# ssl_ciphers PROFILE=SYSTEM; -# ssl_prefer_server_ciphers on; -# -# # Load configuration files for the default server block. -# include /etc/nginx/default.d/*.conf; -# -# location / { -# } -# -# error_page 404 /404.html; -# location = /40x.html { -# } -# -# error_page 500 502 503 504 /50x.html; -# location = /50x.html { -# } -# } - } |