[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: berlin: Add HTTPS support for bootstrappable.org.
From: |
Ricardo Wurmus |
Subject: |
01/01: berlin: Add HTTPS support for bootstrappable.org. |
Date: |
Tue, 5 Jun 2018 05:54:42 -0400 (EDT) |
rekado pushed a commit to branch master
in repository maintenance.
commit d4bc9bca640af10dfbbf742c7bf140ebbe6fa91c
Author: Ricardo Wurmus <address@hidden>
Date: Tue Jun 5 11:51:15 2018 +0200
berlin: Add HTTPS support for bootstrappable.org.
---
hydra/nginx/berlin.conf | 34 +++++++++++++++++++++++++++++++++-
1 file changed, 33 insertions(+), 1 deletion(-)
diff --git a/hydra/nginx/berlin.conf b/hydra/nginx/berlin.conf
index d15879c..fbeffe0 100644
--- a/hydra/nginx/berlin.conf
+++ b/hydra/nginx/berlin.conf
@@ -107,7 +107,7 @@ http {
server {
listen 80;
- server_name bootstrappable.org;
+ server_name bootstrappable.org www.bootstrappable.org;
root /home/rekado/bootstrappable.org;
index index.html;
access_log /var/log/nginx/bootstrappable.access.log;
@@ -144,4 +144,36 @@ http {
include berlin-locations.conf;
}
+ server {
+ listen 443 ssl;
+ server_name bootstrappable.org www.bootstrappable.org;
+
+ ssl_certificate
/etc/letsencrypt/live/bootstrappable.org/fullchain.pem;
+ ssl_certificate_key
/etc/letsencrypt/live/bootstrappable.org/privkey.pem;
+
+ # Make sure SSL is disabled.
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+
+ # Disable weak cipher suites.
+ ssl_ciphers HIGH:!aNULL:!MD5;
+ ssl_prefer_server_ciphers on;
+
+ # Use our own DH parameters created with:
+ # openssl dhparam -out dhparams.pem 2048
+ # as suggested at <https://weakdh.org/sysadmin.html>.
+ ssl_dhparam /etc/dhparams.pem;
+
+ access_log /var/log/nginx/https.access.log;
+
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ root /home/rekado/bootstrappable.org;
+ index index.html;
+ access_log /var/log/nginx/bootstrappable.https.access.log;
+ location = / {
+ root /home/rekado/bootstrappable.org;
+ }
+ }
}