From 8c136cb32bb68d8a0836571dfe1d461111d28409 Mon Sep 17 00:00:00 2001 From: zino Date: Mon, 27 Nov 2023 13:21:37 +0100 Subject: [PATCH] modified --- .../conf.d/portainer.armos.zinomedia.de.conf | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/volumes/conf.d/portainer.armos.zinomedia.de.conf b/volumes/conf.d/portainer.armos.zinomedia.de.conf index d599bb9..8ecfe61 100644 --- a/volumes/conf.d/portainer.armos.zinomedia.de.conf +++ b/volumes/conf.d/portainer.armos.zinomedia.de.conf @@ -2,12 +2,19 @@ server { listen *:443 ssl; listen [::]:443 ssl; - server_name portainer.armos.zinomedia.de www.portainer.armos.zinomedia.de; + server_name portainer.armos.zinomedia.de; error_log /var/log/nginx/error.log error; ssl_certificate /etc/letsencrypt/live/portainer.armos.zinomedia.de/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/portainer.armos.zinomedia.de/privkey.pem; + # SSL optimizations + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384'; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + location / { add_header Content-Security-Policy "font-src * data: blob: 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';" always; proxy_set_header X-Forwarded-Host $host:$server_port; @@ -19,12 +26,8 @@ server { } server { - if ($host = portainer.armos.zinomedia.de) { - return 301 https://$host$request_uri; - } - - server_name server_name portainer.armos.zinomedia.de www.portainer.armos.zinomedia.de; + server_name portainer.armos.zinomedia.de; listen 80; listen [::]:80; - return 404; + return 301 https://$host$request_uri; } \ No newline at end of file