From 30da6478a624bfdeb835eb106ef34860cd7e7c60 Mon Sep 17 00:00:00 2001 From: jaseg Date: Thu, 28 Mar 2019 01:50:07 +0900 Subject: gerboweb: Add HTTPS via letsencrypt --- nginx.conf | 50 ++++++++++++++++++++------------------------------ 1 file changed, 20 insertions(+), 30 deletions(-) (limited to 'nginx.conf') diff --git a/nginx.conf b/nginx.conf index 22b3be2..c76a3db 100644 --- a/nginx.conf +++ b/nginx.conf @@ -39,8 +39,28 @@ http { listen 80 default_server; listen [::]:80 default_server; server_name gerbolyze.jaseg.net; + return 301 https://$host$request_uri; + } + + server { + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; + server_name gerbolyze.jaseg.net; root /usr/share/nginx/html; + ssl_certificate "/etc/letsencrypt/live/gerbolyze.jaseg.net/fullchain.pem"; + ssl_certificate_key "/etc/letsencrypt/live/gerbolyze.jaseg.net/privkey.pem"; + ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem"; + include /etc/letsencrypt/options-ssl-nginx.conf; + + ssl_stapling on; + ssl_stapling_verify on; + + resolver 67.207.67.2 67.207.67.3 valid=300s; + resolver_timeout 10s; + + add_header Strict-Transport-Security "max-age=86400"; + # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; @@ -64,35 +84,5 @@ http { } } -# Settings for a TLS enabled server. -# -# server { -# listen 443 ssl http2 default_server; -# listen [::]:443 ssl http2 default_server; -# server_name _; -# root /usr/share/nginx/html; -# -# ssl_certificate "/etc/pki/nginx/server.crt"; -# ssl_certificate_key "/etc/pki/nginx/private/server.key"; -# ssl_session_cache shared:SSL:1m; -# ssl_session_timeout 10m; -# ssl_ciphers PROFILE=SYSTEM; -# ssl_prefer_server_ciphers on; -# -# # Load configuration files for the default server block. -# include /etc/nginx/default.d/*.conf; -# -# location / { -# } -# -# error_page 404 /404.html; -# location = /40x.html { -# } -# -# error_page 500 502 503 504 /50x.html; -# location = /50x.html { -# } -# } - } -- cgit