Improve SSL config
This commit is contained in:
parent
f6322e183d
commit
1b30fed65f
SSH key fingerprint:
SHA256:B5ADfMCqd2M7d/jtXDoihAV/yfXOAbWWri9+GdCN4hQ
|
|
@ -3,7 +3,10 @@ server {
|
|||
listen [::]:443 ssl;
|
||||
server_name portal.exozy.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
# Required to proxy the connection to Cockpit
|
||||
|
|
|
|||
|
|
@ -10,10 +10,12 @@ server {
|
|||
server {
|
||||
listen 443 ssl default_server;
|
||||
listen [::]:443 ssl default_server;
|
||||
|
||||
server_name exozy.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
root /srv/http/exozyme;
|
||||
index index.html;
|
||||
|
|
|
|||
|
|
@ -3,7 +3,14 @@ server {
|
|||
listen [::]:443 ssl;
|
||||
server_name git.exozy.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
if ($http_user_agent = "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)") {
|
||||
return 444;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/run/forgejo/forgejo.sock;
|
||||
|
|
|
|||
|
|
@ -3,7 +3,10 @@ server {
|
|||
listen [::]:443 ssl;
|
||||
server_name desk.exozy.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:4080/guacamole/;
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@ server {
|
|||
|
||||
ssl_certificate /etc/letsencrypt/live/www2.1a-insec.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/www2.1a-insec.net/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/srv/http/pages/xrablnhmov;
|
||||
|
|
|
|||
|
|
@ -1,10 +1,12 @@
|
|||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
server_name hub.exozy.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location ~ ^/user/(.*)/desk/(.*)$ {
|
||||
return 301 /hub/desk/$2;
|
||||
|
|
|
|||
|
|
@ -26,7 +26,10 @@ server {
|
|||
listen [::]:443 ssl;
|
||||
server_name social.exozy.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
keepalive_timeout 70;
|
||||
sendfile on;
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@ server {
|
|||
|
||||
ssl_certificate /etc/letsencrypt/live/mdwalters.exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/mdwalters.exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:5173;
|
||||
|
|
@ -22,6 +24,8 @@ server {
|
|||
|
||||
ssl_certificate /etc/letsencrypt/live/mdwalters.exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/mdwalters.exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:1342;
|
||||
|
|
@ -39,6 +43,8 @@ server {
|
|||
|
||||
ssl_certificate /etc/letsencrypt/live/mdwalters.exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/mdwalters.exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:1341;
|
||||
|
|
@ -61,6 +67,8 @@ server {
|
|||
|
||||
ssl_certificate /etc/letsencrypt/live/mdwalters.exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/mdwalters.exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:1351;
|
||||
|
|
@ -68,6 +76,5 @@ server {
|
|||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,7 +22,10 @@ server {
|
|||
|
||||
# Use Mozilla's guidelines for SSL/TLS settings
|
||||
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
|
||||
include conf.d/ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
# HSTS settings
|
||||
# WARNING: Only add the preload option once you read about
|
||||
|
|
@ -30,7 +33,7 @@ server {
|
|||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
|
||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
|
||||
|
||||
# set max upload size and increase upload timeout:
|
||||
client_max_body_size 16G;
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@ server {
|
|||
|
||||
ssl_certificate /etc/letsencrypt/live/neovoid.is-cool.dev/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/neovoid.is-cool.dev/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/srv/http/pages/nvpie;
|
||||
|
|
|
|||
10
pages.conf
10
pages.conf
|
|
@ -3,7 +3,10 @@ server {
|
|||
listen [::]:443 ssl;
|
||||
server_name ~^(\d)\.exozy\.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
index index.html;
|
||||
|
||||
|
|
@ -27,7 +30,10 @@ server {
|
|||
listen [::]:443 ssl;
|
||||
server_name ~^(?<page>.+)\.exozy\.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
root /srv/http/pages/$page;
|
||||
index index.html;
|
||||
|
|
|
|||
|
|
@ -15,7 +15,10 @@ server {
|
|||
# Certificates
|
||||
# you need a certificate to run in production. see https://letsencrypt.org/
|
||||
##
|
||||
include conf.d/ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
##
|
||||
# Application
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@ server {
|
|||
|
||||
ssl_certificate /home/pranav/.local/share/cert/karawale.in/fullchain.pem;
|
||||
ssl_certificate_key /home/pranav/.local/share/cert/karawale.in/key.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/srv/http/pages/pranav;
|
||||
|
|
|
|||
|
|
@ -3,7 +3,10 @@ server {
|
|||
listen [::]:443 ssl;
|
||||
server_name ta180m.exozy.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
return 301 https://a.exozy.me$request_uri;
|
||||
|
|
|
|||
|
|
@ -3,7 +3,10 @@ server {
|
|||
listen [::]:443 ssl;
|
||||
server_name safetwitch.exozy.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
root /srv/http/pages/safetwitch;
|
||||
index index.html;
|
||||
|
|
|
|||
8
ssl
8
ssl
|
|
@ -1,8 +0,0 @@
|
|||
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
|
@ -1,10 +1,12 @@
|
|||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
server_name chat.exozy.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8008;
|
||||
|
|
|
|||
|
|
@ -3,7 +3,10 @@ server {
|
|||
listen [::]:443 ssl;
|
||||
server_name ci.exozy.me;
|
||||
|
||||
include conf.d/ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@ server {
|
|||
|
||||
ssl_certificate /etc/letsencrypt/live/xtexx.eu.org/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/xtexx.eu.org/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
add_header Server exozyme;
|
||||
|
||||
|
|
@ -29,6 +31,8 @@ server {
|
|||
|
||||
ssl_certificate /etc/letsencrypt/live/xtexx.eu.org/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/xtexx.eu.org/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
add_header Server exozyme;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue