m
This commit is contained in:
zino
67
volumes/conf.d/etherpad.zinomedia.de.conf
Normal file
67
volumes/conf.d/etherpad.zinomedia.de.conf
Normal file
@@ -0,0 +1,67 @@
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name etherpad.zinomedia.de;
|
||||
|
||||
access_log off;
|
||||
error_log /var/log/nginx/error.log error;
|
||||
|
||||
# SSL Certificate Configuration
|
||||
ssl_certificate /etc/letsencrypt/live/etherpad.zinomedia.de/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/etherpad.zinomedia.de/privkey.pem;
|
||||
|
||||
include "snippets/ssl-optimizations.conf";
|
||||
|
||||
# Password protect
|
||||
auth_basic "Protected";
|
||||
auth_basic_user_file /usr/share/nginx/html/etherpad.zinomedia.de/.htpasswd;
|
||||
|
||||
location / {
|
||||
rewrite ^/$ / break;
|
||||
rewrite ^/locales/(.*) /locales/$1 break;
|
||||
rewrite ^/locales.json /locales.json break;
|
||||
rewrite ^/admin(.*) /admin$1 break;
|
||||
rewrite ^/p/(.*) /p/$1 break;
|
||||
rewrite ^/static/(.*) /static/$1 break;
|
||||
rewrite ^/pluginfw/(.*) /pluginfw/$1 break;
|
||||
rewrite ^/javascripts/(.*) /javascripts/$1 break;
|
||||
rewrite ^/socket.io/(.*) /socket.io/$1 break;
|
||||
rewrite ^/ep/(.*) /ep/$1 break;
|
||||
rewrite ^/minified/(.*) /minified/$1 break;
|
||||
rewrite ^/api/(.*) /api/$1 break;
|
||||
rewrite ^/ro/(.*) /ro/$1 break;
|
||||
rewrite ^/error/(.*) /error/$1 break;
|
||||
rewrite ^/jserror(.*) /jserror$1 break;
|
||||
rewrite ^/redirect(.*) /redirect$1 break;
|
||||
rewrite ^/(.*\.js) /$1 break;
|
||||
rewrite /favicon.ico /favicon.ico break;
|
||||
rewrite /robots.txt /robots.txt break;
|
||||
rewrite /(.*) /p/$1;
|
||||
|
||||
resolver 127.0.0.11;
|
||||
set $upstream "http://etherpad:9001";
|
||||
proxy_pass $upstream;
|
||||
|
||||
proxy_buffering off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass_header Server;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name etherpad.zinomedia.de;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
@@ -25,7 +25,7 @@ server {
|
||||
ssl_certificate_key /etc/letsencrypt/live/registry.zinomedia.de/privkey.pem;
|
||||
|
||||
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
||||
ssl_protocols TLSv1.1 TLSv1.2;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user