zino/docker-nginx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

m

Browse Source
This commit is contained in:
zino
2023-12-06 00:33:03 +01:00
parent c8e7eb665b
commit 82e27ef5e1
9 changed files with 16 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
volumes/conf.d/4netplayers.zinomedia.de.conf
View File

@@ -14,13 +14,8 @@ server {
ssl_certificate /etc/letsencrypt/live/4netplayers.zinomedia.de/fullchain.pem; ssl_certificate /etc/letsencrypt/live/4netplayers.zinomedia.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/4netplayers.zinomedia.de/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/4netplayers.zinomedia.de/privkey.pem;
# SSL Optimizations include "snippets/ssl-optimizations.conf";
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:;" always; add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:;" always;
location ~ /(\.user\.ini|debug\.log) { location ~ /(\.user\.ini|debug\.log) {

8
volumes/conf.d/dl.zinomedia.de.conf
View File

@@ -12,14 +12,8 @@ server {
ssl_certificate /etc/letsencrypt/live/dl.zinomedia.de/fullchain.pem; ssl_certificate /etc/letsencrypt/live/dl.zinomedia.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dl.zinomedia.de/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/dl.zinomedia.de/privkey.pem;
# SSL Optimizations include "snippets/ssl-optimizations.conf";
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self';" always; add_header Content-Security-Policy "default-src 'self';" always;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN; add_header X-Frame-Options SAMEORIGIN;

7
volumes/conf.d/git.zinomedia.de.conf
View File

@@ -9,12 +9,7 @@ server {
ssl_certificate /etc/letsencrypt/live/git.zinomedia.de/fullchain.pem; ssl_certificate /etc/letsencrypt/live/git.zinomedia.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.zinomedia.de/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/git.zinomedia.de/privkey.pem;
# SSL Optimizations include "snippets/ssl-optimizations.conf";
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# Gzip Compression # Gzip Compression
gzip on; gzip on;

7
volumes/conf.d/joplin.zinomedia.de.conf
View File

@@ -9,12 +9,7 @@ server {
ssl_certificate /etc/letsencrypt/live/joplin.zinomedia.de/fullchain.pem; ssl_certificate /etc/letsencrypt/live/joplin.zinomedia.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/joplin.zinomedia.de/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/joplin.zinomedia.de/privkey.pem;
# SSL Optimizations include "snippets/ssl-optimizations.conf";
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# Gzip Compression # Gzip Compression
gzip on; gzip on;

6
volumes/conf.d/pkrstarsbot.zinomedia.de.conf
View File

@@ -13,12 +13,8 @@ server {
ssl_certificate /etc/letsencrypt/live/pkrstarsbot.zinomedia.de/fullchain.pem; ssl_certificate /etc/letsencrypt/live/pkrstarsbot.zinomedia.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pkrstarsbot.zinomedia.de/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/pkrstarsbot.zinomedia.de/privkey.pem;
# SSL Optimizations include "snippets/ssl-optimizations.conf";
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; img-src 'self' data:; style-src 'self'; font-src 'self' data:;" always; add_header Content-Security-Policy "default-src 'self'; script-src 'self'; img-src 'self' data:; style-src 'self'; font-src 'self' data:;" always;
location / { location / {

8
volumes/conf.d/portainer.armos.zinomedia.de.conf
View File

@@ -9,13 +9,7 @@ server {
ssl_certificate /etc/letsencrypt/live/portainer.armos.zinomedia.de/fullchain.pem; ssl_certificate /etc/letsencrypt/live/portainer.armos.zinomedia.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/portainer.armos.zinomedia.de/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/portainer.armos.zinomedia.de/privkey.pem;
# SSL optimizations include "snippets/ssl-optimizations.conf";
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
include "snippets/enable-vouch.conf"; include "snippets/enable-vouch.conf";
location / { location / {

6
volumes/conf.d/seafile.zinomedia.de.conf
View File

@@ -11,12 +11,8 @@ server {
ssl_certificate /etc/letsencrypt/live/seafile.zinomedia.de/fullchain.pem; ssl_certificate /etc/letsencrypt/live/seafile.zinomedia.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/seafile.zinomedia.de/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/seafile.zinomedia.de/privkey.pem;
# SSL Optimizations include "snippets/ssl-optimizations.conf";
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: http://seafile.zinomedia.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:;" always; add_header Content-Security-Policy "default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: http://seafile.zinomedia.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:;" always;
location / { location / {

7
volumes/conf.d/validate.vouch.armos.zinomedia.de.conf
View File

@@ -12,12 +12,7 @@ server {
ssl_certificate /etc/letsencrypt/live/validate.vouch.armos.zinomedia.de/fullchain.pem; ssl_certificate /etc/letsencrypt/live/validate.vouch.armos.zinomedia.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/validate.vouch.armos.zinomedia.de/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/validate.vouch.armos.zinomedia.de/privkey.pem;
# SSL Optimizations include "snippets/ssl-optimizations.conf";
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location = /validate { location = /validate {
# forward the /validate request to Vouch Proxy # forward the /validate request to Vouch Proxy

12
volumes/conf.d/vouch.armos.zinomedia.de.conf
View File

@@ -1,4 +1,4 @@
log_format vouch '[$time_iso8601] VOUCH | request_uri: $request_uri | status: $status | http_host: $http_host | auth_resp_x_vouch_user: $auth_resp_x_vouch_user | upstream_http_x_vouch_user: $upstream_http_x_vouch_user | auth_resp_jwt: $auth_resp_jwt | upstream_http_x_vouch_jwt: $upstream_http_x_vouch_jwt | auth_resp_err: $auth_resp_err | upstream_http_x_vouch_err: $upstream_http_x_vouch_err | auth_resp_failcount: $auth_resp_failcount | upstream_http_x_vouch_failcount: $upstream_http_x_vouch_failcount'; #log_format vouch '[$time_iso8601] VOUCH | request_uri: $request_uri | status: $status | http_host: $http_host | auth_resp_x_vouch_user: $auth_resp_x_vouch_user | upstream_http_x_vouch_user: $upstream_http_x_vouch_user | auth_resp_jwt: $auth_resp_jwt | upstream_http_x_vouch_jwt: $upstream_http_x_vouch_jwt | auth_resp_err: $auth_resp_err | upstream_http_x_vouch_err: $upstream_http_x_vouch_err | auth_resp_failcount: $auth_resp_failcount | upstream_http_x_vouch_failcount: $upstream_http_x_vouch_failcount';
server { server {
@@ -6,18 +6,14 @@ server {
listen [::]:443 ssl; listen [::]:443 ssl;
server_name vouch.armos.zinomedia.de; server_name vouch.armos.zinomedia.de;
access_log /var/log/nginx/access.log vouch; #access_log /var/log/nginx/access.log vouch;
access_log off;
error_log /var/log/nginx/error.log debug; error_log /var/log/nginx/error.log debug;
ssl_certificate /etc/letsencrypt/live/vouch.armos.zinomedia.de/fullchain.pem; ssl_certificate /etc/letsencrypt/live/vouch.armos.zinomedia.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/vouch.armos.zinomedia.de/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/vouch.armos.zinomedia.de/privkey.pem;
# SSL Optimizations include "snippets/ssl-optimizations.conf";
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / { location / {
resolver 127.0.0.11; resolver 127.0.0.11;