forked from Hay1tsme/artemis
		
	add pokken, cxb and frontend to nginx config
This commit is contained in:
		| @ -18,7 +18,7 @@ server { | ||||
| 	} | ||||
| } | ||||
|  | ||||
| # SSL titles | ||||
| # SSL titles, comment out if you don't plan on accepting SSL titles | ||||
| server { | ||||
| 	listen 443 ssl default_server; | ||||
| 	listen [::]:443 ssl default_server;	 | ||||
| @ -57,4 +57,99 @@ server { | ||||
| 	location / { | ||||
| 		proxy_pass http://localhost:8444/; | ||||
| 	} | ||||
| } | ||||
|  | ||||
| # Pokken, comment this out if you don't plan on serving pokken. | ||||
| server { | ||||
| 	listen 443 ssl;	 | ||||
| 	server_name pokken.hostname.here; | ||||
| 	 | ||||
| 	ssl_certificate /path/to/cert/pokken.pem; | ||||
| 	ssl_certificate_key /path/to/cert/pokken.key; | ||||
| 	ssl_session_timeout 1d; | ||||
| 	ssl_session_cache shared:MozSSL:10m; | ||||
| 	ssl_session_tickets off; | ||||
|  | ||||
| 	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; | ||||
| 	ssl_ciphers "ALL:@SECLEVEL=1"; | ||||
| 	ssl_prefer_server_ciphers off; | ||||
|  | ||||
| 	location / { | ||||
| 		proxy_pass http://localhost:8080/; | ||||
| 	} | ||||
| } | ||||
|  | ||||
| # CXB, comment this out if you don't plan on serving crossbeats. | ||||
| server { | ||||
| 	listen 443 ssl;	 | ||||
| 	server_name cxb.hostname.here; | ||||
| 	 | ||||
| 	ssl_certificate /path/to/cert/cxb.pem; | ||||
| 	ssl_certificate_key /path/to/cert/cxb.key; | ||||
| 	ssl_session_timeout 1d; | ||||
| 	ssl_session_cache shared:MozSSL:10m; | ||||
| 	ssl_session_tickets off; | ||||
|  | ||||
| 	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; | ||||
| 	ssl_ciphers "ALL:@SECLEVEL=1"; | ||||
| 	ssl_prefer_server_ciphers off; | ||||
|  | ||||
| 	location / { | ||||
| 		proxy_pass http://localhost:8080/SDBT/104/; | ||||
| 	} | ||||
| } | ||||
|  | ||||
| # CXB, comment this out if you don't plan on serving crossbeats. | ||||
| server { | ||||
| 	listen 443 ssl;	 | ||||
| 	server_name cxb.hostname.here; | ||||
| 	 | ||||
| 	ssl_certificate /path/to/cert/cxb.pem; | ||||
| 	ssl_certificate_key /path/to/cert/cxb.key; | ||||
| 	ssl_session_timeout 1d; | ||||
| 	ssl_session_cache shared:MozSSL:10m; | ||||
| 	ssl_session_tickets off; | ||||
|  | ||||
| 	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; | ||||
| 	ssl_ciphers "ALL:@SECLEVEL=1"; | ||||
| 	ssl_prefer_server_ciphers off; | ||||
|  | ||||
| 	location / { | ||||
| 		proxy_pass http://localhost:8080/SDBT/104/; | ||||
| 	} | ||||
| } | ||||
|  | ||||
| # Frontend, set to redirect to HTTPS. Comment out if you don't intend to use the frontend | ||||
| server { | ||||
|     listen 80; | ||||
| 	server_name frontend.hostname.here | ||||
|  | ||||
|     location / { | ||||
|         return 301 https://$host$request_uri; | ||||
| 		# If you don't want https redirection, comment the line above and uncomment the line below | ||||
| 		# proxy_pass http://localhost:8090/; | ||||
|     } | ||||
| } | ||||
|  | ||||
| # Frontend HTTPS. Comment out if you on't intend to use the frontend | ||||
| server { | ||||
|     listen 443 ssl; | ||||
|  | ||||
|     ssl_certificate /path/to/cert/frontend.pem; | ||||
| 	ssl_certificate_key /path/to/cert/frontend.key; | ||||
|     ssl_session_timeout 1d; | ||||
|     ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions | ||||
|     ssl_session_tickets off; | ||||
|  | ||||
|     # intermediate configuration | ||||
|     ssl_protocols TLSv1.2 TLSv1.3; | ||||
|     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; | ||||
|     ssl_prefer_server_ciphers off; | ||||
|  | ||||
|     # HSTS (ngx_http_headers_module is required) (63072000 seconds) | ||||
|     add_header Strict-Transport-Security "max-age=63072000" always; | ||||
|  | ||||
| 	location / { | ||||
| 		proxy_pass http://localhost:8090/; | ||||
| 	} | ||||
| } | ||||
		Reference in New Issue
	
	Block a user