-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
-_-
- Loading branch information
Showing
1 changed file
with
24 additions
and
37 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,52 +1,39 @@ | ||
| # Redirect HTTP to HTTPS and www to non-www. | ||
| # HTTP -> HTTPS Redirect | ||
| server { | ||
|
|
||
| listen 80; | ||
| listen 443 ssl; | ||
| server_name www.localhost; | ||
|
|
||
| # Enforce secure protocols and encryption ciphers | ||
| add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; | ||
| ssl_protocols TLSv1.3 TLSv1.2; | ||
| ssl_prefer_server_ciphers on; | ||
| ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; | ||
|
|
||
| # Path to certificate and private key. If you change the location or name of these, you must change the path here | ||
| ssl_certificate /etc/nginx/conf.d/fullchain.pem; | ||
| ssl_certificate_key /etc/nginx/conf.d/privkey.pem; | ||
| server_name localhost; | ||
| return 301 https://$server_name$request_uri; | ||
|
|
||
| return 301 https://localhost$request_uri; | ||
|
|
||
| } | ||
|
|
||
| server { | ||
|
|
||
| listen 443 ssl; | ||
| server_name localhost; | ||
| listen 443 ssl; | ||
| server_name localhost; | ||
|
|
||
| # Enforce secure protocols and encryption ciphers | ||
| add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; | ||
| ssl_protocols TLSv1.3 TLSv1.2; | ||
| ssl_prefer_server_ciphers on; | ||
| ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; | ||
| # Enforce secure protocols and encryption cyphers, | ||
| ssl_protocols TLSv1.3 TLSv1.2; | ||
| ssl_prefer_server_ciphers on; | ||
| ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; | ||
|
|
||
| # Path to certificate and private key. If you change the location or name of these, you must change the path here | ||
| ssl_certificate /etc/nginx/conf.d/fullchain.pem; | ||
| ssl_certificate_key /etc/nginx/conf.d/privkey.pem; | ||
| # Path to certificate and private key. If you change the location or name of these, you must change the path here | ||
| ssl_certificate /etc/nginx/conf.d/fullchain.pem; | ||
| ssl_certificate_key /etc/nginx/conf.d/privkey.pem; | ||
|
|
||
| access_log /var/log/nginx/reverse-access.log; | ||
| error_log /var/log/nginx/reverse-error.log; | ||
| access_log /var/log/nginx/reverse-access.log; | ||
| error_log /var/log/nginx/reverse-error.log; | ||
|
|
||
| client_max_body_size 10m; | ||
| client_max_body_size 10m; | ||
|
|
||
| # Main application | ||
| location / { | ||
| proxy_pass http://raptorapp/; | ||
| } | ||
| # Main application | ||
| location / { | ||
| proxy_pass http://raptorapp/; | ||
| } | ||
|
|
||
| # User-uploaded media | ||
| location /media/ { | ||
| alias /raptor_app/media/; | ||
| } | ||
| # User-uploaded media | ||
| location /media/ { | ||
| alias /raptor_app/media/; | ||
| } | ||
|
|
||
| } | ||
| } |