Pārlūkot izejas kodu

force https

pull/342/head
Guillaume Vincent pirms 8 gadiem
vecāks
revīzija
5273ab5c1e
3 mainītis faili ar 37 papildinājumiem un 3 dzēšanām
  1. +1
    -0
      .gitignore
  2. +5
    -0
      Dockerfile
  3. +31
    -3
      conf.d/backend.conf

+ 1
- 0
.gitignore Parādīt failu

@@ -0,0 +1 @@
ssl/

+ 5
- 0
Dockerfile Parādīt failu

@@ -7,3 +7,8 @@ COPY mime.types /etc/nginx/mime.types

RUN rm /etc/nginx/conf.d/default.conf
COPY conf.d /etc/nginx/conf.d/

COPY ssl/lesspass.com.crt /etc/ssl/certs/lesspass.com.crt
COPY ssl/lesspass.com.key /etc/ssl/private/lesspass.com.key
COPY ssl/dhparam.pem /etc/ssl/certs/dhparam.pem
COPY ssl/AddTrustExternalCARoot.crt /etc/ssl/certs/AddTrustExternalCARoot.crt

+ 31
- 3
conf.d/backend.conf Parādīt failu

@@ -1,6 +1,35 @@
server {
listen 80;
server_name localhost *.oslab.fr;
server_name localhost *.oslab.fr *.lesspass.com;

return 301 https://$server_name$request_uri;
}


server {
listen [::]:443 ssl;
listen 443 ssl;

server_name localhost *.oslab.fr *.lesspass.com;

charset utf-8;

ssl_certificate /etc/ssl/certs/lesspass.com.crt;
ssl_certificate_key /etc/ssl/private/lesspass.com.key;

ssl_session_cache shared:SSL:20m;
ssl_session_timeout 30m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;

ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_trusted_certificate /etc/ssl/certs/AddTrustExternalCARoot.crt;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

location ~ /(static|media)/ {
autoindex on;
@@ -20,5 +49,4 @@ server {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

}
}

Notiek ielāde…
Atcelt
Saglabāt