Move SSL configurtion to a separate file

This commit is contained in:
Anthony Wang 2022-01-04 09:11:56 -06:00
parent 0f9e128aaf
commit 26325e1218
Signed by: a
GPG key ID: BC96B00AEC5F2D76
16 changed files with 24 additions and 128 deletions

View file

@ -3,14 +3,7 @@ server {
listen [::]:443 ssl http2;
server_name portal.exozy.me;
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
include conf.d/ssl;
location / {
# Required to proxy the connection to Cockpit

View file

@ -3,14 +3,7 @@ server {
listen [::]:443 ssl http2;
server_name office.exozy.me;
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
include conf.d/ssl;
client_max_body_size 20M;
include snippets/coolwsd.conf;

View file

@ -3,14 +3,7 @@ server {
listen [::]:443 ssl http2;
server_name ci.exozy.me;
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
include conf.d/ssl;
location / {
proxy_pass http://localhost:2080;

View file

@ -12,14 +12,7 @@ server {
listen [::]:443 ssl http2 default_server;
server_name exozy.me;
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
include conf.d/ssl;
root /srv/http/exozyme;
index index.html;

View file

@ -3,14 +3,7 @@ server {
listen [::]:443 ssl http2;
server_name game.exozy.me;
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
include conf.d/ssl;
location / {
proxy_pass http://localhost:5000;

View file

@ -3,14 +3,7 @@ server {
listen [::]:443 ssl http2;
server_name git.exozy.me;
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
include conf.d/ssl;
location / {
proxy_pass http://unix:/run/gitea/gitea.socket;

View file

@ -3,14 +3,7 @@ server {
listen [::]:443 ssl http2;
server_name desk.exozy.me;
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
include conf.d/ssl;
location / {
proxy_pass http://localhost:4080/guacamole/;
@ -28,14 +21,7 @@ server {
listen [::]:443 ssl http2;
server_name 97.88.196.36;
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
include conf.d/ssl;
auth_basic "This is a test";
auth_basic_user_file /etc/nginx/.htpasswd;

View file

@ -8,14 +8,7 @@ server {
# (if you aren't using DNS remove the resolver line and change the variable to point to an IP address e.g `set $jellyfin localhost`)
set $jellyfin 127.0.0.1;
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
include conf.d/ssl;
# Security / XSS Mitigation Headers
add_header X-Frame-Options "SAMEORIGIN";

View file

@ -4,14 +4,7 @@ server {
server_name hub.exozy.me;
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
include conf.d/ssl;
location ~ ^/user/(.*)/desk/(.*)$ {
return 301 /hub/desk/$2;

View file

@ -18,14 +18,7 @@ server {
listen [::]:443 ssl http2;
server_name social.exozy.me;
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
include conf.d/ssl;
keepalive_timeout 70;
sendfile on;

View file

@ -9,14 +9,7 @@ server {
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
include conf.d/ssl;
# HSTS settings
# WARNING: Only add the preload option once you read about

View file

@ -19,14 +19,7 @@ server {
# Certificates
# you need a certificate to run in production. see https://letsencrypt.org/
##
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
include conf.d/ssl;
##
# Application

View file

@ -3,14 +3,7 @@ server {
listen [::]:443 ssl http2;
server_name server.exozy.me;
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
include conf.d/ssl;
location / {
proxy_pass http://localhost:6000;

8
ssl Normal file
View file

@ -0,0 +1,8 @@
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;

View file

@ -4,14 +4,7 @@ server {
server_name chat.exozy.me;
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
include conf.d/ssl;
location / {
proxy_pass http://localhost:8008;

View file

@ -3,14 +3,7 @@ server {
listen [::]:443 ssl http2;
server_name ta180m.exozy.me;
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
include conf.d/ssl;
root /srv/http/ta180m/public;
index index.html;