heuzef
/
lesspass
mirror of https://github.com/lesspass/lesspass.git
1
0
Fork 0
Code Issues 0 Releases 67 Wiki Activity
Browse Source

force https

pull/342/head
Guillaume Vincent 8 years ago
parent
23d711470b
commit
5273ab5c1e
3 changed files with 37 additions and 3 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -0
      .gitignore
  2. +5
    -0
      Dockerfile
  3. +31
    -3
      conf.d/backend.conf

+ 1
- 0
.gitignore View File

@@ -0,0 +1 @@
ssl/

+ 5
- 0
Dockerfile View File

@@ -7,3 +7,8 @@ COPY mime.types /etc/nginx/mime.types


RUN rm /etc/nginx/conf.d/default.conf RUN rm /etc/nginx/conf.d/default.conf
COPY conf.d /etc/nginx/conf.d/ COPY conf.d /etc/nginx/conf.d/

COPY ssl/lesspass.com.crt /etc/ssl/certs/lesspass.com.crt
COPY ssl/lesspass.com.key /etc/ssl/private/lesspass.com.key
COPY ssl/dhparam.pem /etc/ssl/certs/dhparam.pem
COPY ssl/AddTrustExternalCARoot.crt /etc/ssl/certs/AddTrustExternalCARoot.crt

+ 31
- 3
conf.d/backend.conf View File

@@ -1,6 +1,35 @@
server { server {
listen 80; listen 80;
server_name localhost *.oslab.fr;
server_name localhost *.oslab.fr *.lesspass.com;

return 301 https://$server_name$request_uri;
}


server {
listen [::]:443 ssl;
listen 443 ssl;

server_name localhost *.oslab.fr *.lesspass.com;

charset utf-8;

ssl_certificate /etc/ssl/certs/lesspass.com.crt;
ssl_certificate_key /etc/ssl/private/lesspass.com.key;

ssl_session_cache shared:SSL:20m;
ssl_session_timeout 30m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;

ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_trusted_certificate /etc/ssl/certs/AddTrustExternalCARoot.crt;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;


location ~ /(static|media)/ { location ~ /(static|media)/ {
autoindex on; autoindex on;
@@ -20,5 +49,4 @@ server {
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} }

}
}

Write Preview
Loading…
Cancel
Save