diff options
author | rsiddharth <s@ricketyspace.net> | 2019-11-16 22:52:56 -0500 |
---|---|---|
committer | rsiddharth <s@ricketyspace.net> | 2019-11-16 22:52:56 -0500 |
commit | 25c434fa8539eb5eff9f8e9686ec2aaa5a4da44e (patch) | |
tree | b1f4bc0d370314cf7fd884be09616c8916598900 /etc/nginx | |
parent | 4613caed476faee9ebaa07d601fef49aeb2f68bc (diff) |
Add etc/nginx/
Diffstat (limited to 'etc/nginx')
-rw-r--r-- | etc/nginx/nginx.conf.patch | 10 | ||||
-rw-r--r-- | etc/nginx/sites.conf | 39 |
2 files changed, 49 insertions, 0 deletions
diff --git a/etc/nginx/nginx.conf.patch b/etc/nginx/nginx.conf.patch new file mode 100644 index 0000000..a3d9bfe --- /dev/null +++ b/etc/nginx/nginx.conf.patch @@ -0,0 +1,10 @@ +diff --git a/nginx/nginx.conf b/nginx/nginx.conf +index 156f859..fbcd811 100644 +--- a/nginx/nginx.conf ++++ b/nginx/nginx.conf +@@ -120,4 +120,5 @@ http { + # ssl_prefer_server_ciphers on; + #} + ++ include /etc/nginx/sites.conf; + } diff --git a/etc/nginx/sites.conf b/etc/nginx/sites.conf new file mode 100644 index 0000000..cc5af1a --- /dev/null +++ b/etc/nginx/sites.conf @@ -0,0 +1,39 @@ +server { + listen 80; + listen [::]:80; + server_name nfsw.dingy.space; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name dingy.space; + + location / { + try_files $uri @nfsw; + } + + location @nfsw { + uwsgi_pass 127.0.0.1:4201; + include uwsgi_params; + } + + ssl_certificate /etc/ssl/nfsw.dingy.space.fullchain.pem; + ssl_certificate_key /etc/ssl/private/nfsw.dingy.space.key; + + add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; + + ssl_prefer_server_ciphers on; + ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !MD5 !EXP !DSS !PSK !SRP !kECDH !CAMELLIA !RC4 !SEED'; + + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + keepalive_timeout 70; + + # nginx 1.5.9+ ONLY + ssl_buffer_size 1400; + +} |