diff options
author | jaseg <code@jaseg.net> | 2019-06-26 16:41:45 +0900 |
---|---|---|
committer | jaseg <git@jaseg.net> | 2019-06-26 16:41:45 +0900 |
commit | 8cb082a42d71a1e86a138eb58106d636e7c6d191 (patch) | |
tree | 8d4da453893c338dcd19671596c95100da4c83ce /gerboweb/deploy/nginx.conf | |
parent | 20f0df3892aea77ff17aed032aba7d9207fd85ae (diff) | |
download | gerbolyze-8cb082a42d71a1e86a138eb58106d636e7c6d191.tar.gz gerbolyze-8cb082a42d71a1e86a138eb58106d636e7c6d191.tar.bz2 gerbolyze-8cb082a42d71a1e86a138eb58106d636e7c6d191.zip |
Misc changes. Move up to fedora 30, add gerbolyze, secure download
Diffstat (limited to 'gerboweb/deploy/nginx.conf')
-rw-r--r-- | gerboweb/deploy/nginx.conf | 80 |
1 files changed, 65 insertions, 15 deletions
diff --git a/gerboweb/deploy/nginx.conf b/gerboweb/deploy/nginx.conf index 6344904..1f44981 100644 --- a/gerboweb/deploy/nginx.conf +++ b/gerboweb/deploy/nginx.conf @@ -51,36 +51,86 @@ http { ssl_certificate "/etc/letsencrypt/live/gerbolyze.jaseg.net/fullchain.pem"; ssl_certificate_key "/etc/letsencrypt/live/gerbolyze.jaseg.net/privkey.pem"; ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem"; - include /etc/letsencrypt/options-ssl-nginx.conf; + include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_stapling on; - ssl_stapling_verify on; + ssl_stapling on; + ssl_stapling_verify on; - resolver 67.207.67.2 67.207.67.3 valid=300s; - resolver_timeout 10s; + resolver 67.207.67.2 67.207.67.3 valid=300s; + resolver_timeout 10s; - add_header Strict-Transport-Security "max-age=86400"; + add_header Strict-Transport-Security "max-age=86400"; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; - location ^~ /static/ { - root /var/lib/gerboweb; - } + location ^~ /static/ { + root /var/lib/gerboweb; + } + + location / { + include uwsgi_params; + uwsgi_pass unix:/run/uwsgi/gerboweb.socket; + } + + error_page 404 /404.html; + location = /40x.html { + root /usr/share/nginx/html; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + } + + server { + listen 80; + listen [::]:80; + server_name blog.jaseg.net blog.jaseg.net; + return 301 https://$host$request_uri; + } + + server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name blog.jaseg.net blog.jaseg.net; + root /usr/share/nginx/html; + + ssl_certificate "/etc/letsencrypt/live/blog.jaseg.net/fullchain.pem"; + ssl_certificate_key "/etc/letsencrypt/live/blog.jaseg.net/privkey.pem"; + ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem"; + include /etc/letsencrypt/options-ssl-nginx.conf; + + ssl_stapling on; + ssl_stapling_verify on; + + resolver 67.207.67.2 67.207.67.3 valid=300s; + resolver_timeout 10s; + + add_header Strict-Transport-Security "max-age=86400"; + + # Load configuration files for the default server block. + include /etc/nginx/default.d/*.conf; location / { - include uwsgi_params; - uwsgi_pass unix:/run/uwsgi/gerboweb.socket; + root /var/www/blog.jaseg.net; + } + + location /d/ { + rewrite ^/d/(.*)$ /$1 break; + include uwsgi_params; + uwsgi_pass unix:/run/uwsgi/secure-download.socket; } error_page 404 /404.html; - location = /40x.html { - root /usr/share/nginx/html; + location = /40x.html { + root /usr/share/nginx/html; } error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; + location = /50x.html { + root /usr/share/nginx/html; } } |