From c8e7eb665bf53c5dd160d5cb6ab52e6a00c42cd7 Mon Sep 17 00:00:00 2001
From: zino <marlon.maschkiwitz@4players.io>
Date: Wed, 6 Dec 2023 00:30:34 +0100
Subject: [PATCH] m

---
 volumes/conf.d/code.zinomedia.de.conf        | 12 +++---------
 volumes/conf.d/vouch.armos.zinomedia.de.conf |  1 -
 volumes/snippets/ssl-optimizations.conf      |  5 +++++
 3 files changed, 8 insertions(+), 10 deletions(-)
 create mode 100644 volumes/snippets/ssl-optimizations.conf

diff --git a/volumes/conf.d/code.zinomedia.de.conf b/volumes/conf.d/code.zinomedia.de.conf
index d83ee13..4befc35 100644
--- a/volumes/conf.d/code.zinomedia.de.conf
+++ b/volumes/conf.d/code.zinomedia.de.conf
@@ -12,17 +12,11 @@ server {
     ssl_certificate /etc/letsencrypt/live/code.zinomedia.de/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/code.zinomedia.de/privkey.pem;
 
-    # SSL Optimizations
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_session_cache shared:SSL:10m;
-    ssl_session_timeout 10m;
-    ssl_prefer_server_ciphers on;
-
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:;" always;
-
+    include "snippets/ssl-optimizations.conf";
     include "snippets/enable-vouch.conf";
 
+    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:;" always;
+
     location / {
         resolver 127.0.0.11;
         set $upstream "http://code-server:8443";
diff --git a/volumes/conf.d/vouch.armos.zinomedia.de.conf b/volumes/conf.d/vouch.armos.zinomedia.de.conf
index a119407..14e9553 100644
--- a/volumes/conf.d/vouch.armos.zinomedia.de.conf
+++ b/volumes/conf.d/vouch.armos.zinomedia.de.conf
@@ -22,7 +22,6 @@ server {
     location / {
         resolver 127.0.0.11;
         set $upstream "http://vouch:9090";
-        #proxy_set_header Host $http_host;
         proxy_pass $upstream;
     }
 }
diff --git a/volumes/snippets/ssl-optimizations.conf b/volumes/snippets/ssl-optimizations.conf
new file mode 100644
index 0000000..d6ff910
--- /dev/null
+++ b/volumes/snippets/ssl-optimizations.conf
@@ -0,0 +1,5 @@
+
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_session_cache shared:SSL:10m;
+ssl_session_timeout 10m;
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
\ No newline at end of file