eriks/docker_system
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Nginx cleanup

Browse Source
This commit is contained in:
KEriks
2022-07-07 16:44:00 +03:00
parent ef6084326c
commit 7dbb9e2b91
13 changed files with 16 additions and 256 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
compose/nginx/conf/sites-enabled/100-default.conf
View File

@ -1,48 +0,0 @@
server {
listen 80 default_server;
client_max_body_size 1M;
access_log off;
error_log off;
root /var/lib/nginx/html;
# display real ip in nginx logs when connected through reverse proxy via docker network
set_real_ip_from 172.0.0.0/8;
real_ip_header X-Forwarded-For;
location = /favicon.ico {
alias /var/www/app/datne/staticfiles/favicon.ico;
}
location / {
include /etc/nginx/proxy_params;
proxy_pass http://default_web_app:8000/;
}
}
server {
listen 443 ssl http2 default_server;
client_max_body_size 1M;
access_log off;
error_log off;
root /var/lib/nginx/html;
# display real ip in nginx logs when connected through reverse proxy via docker network
set_real_ip_from 172.0.0.0/8;
real_ip_header X-Forwarded-For;
ssl_certificate /etc/letsencrypt/live/karls.lv/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/karls.lv/privkey.pem; # managed by Certbot
include /etc/nginx/ssl.conf; # managed by Certbot
ssl_dhparam /etc/nginx/ssl-dhparams.pem; # managed by Certbot
location = /favicon.ico {
alias /var/www/app/datne/staticfiles/favicon.ico;
}
location / {
include /etc/nginx/proxy_params;
proxy_pass http://default_web_app:8000/;
}
}

17
compose/nginx/conf/ssl-dhparams.pem
View File

@ -1,8 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
MIICCAKCAgEAzaxkoeWOsulfwhlabx/a394WaXNP33NGA0ip3qljJbWFqdpO3sgu
39he541CU3cziJGvkYXl8TTmNzZL6whFaESnx9npTP4k7s1gnF7PI8QKqlRefSnT
xhxcI1shC8L7deOM/wkEEWVn+rv0WDDzs623eOK9dA22biGZn0x9yq5NAvFnxBI7
4/DMosFspiUOoBoj5/tyXvnXWGXRxzwcmYSOE4MaZIYKYheqq6DrRyqef9mPeGQn
8dZx1a1paICIhsg2I89VwT5zwPgO1NV/w8HXB97/c07znJ3p+1xKDoxQcexGR3UK
czobKI7vuWfxxRj4T7W5Wg/jOWOXeyKqCXkX6wVyBxhTmiwcoz2oPYSIOqkOmlKk
wp6D08RRE3PJcrDP80ls1b/ChL3CZ2VfzEg9ZE2UHlikRGxNf+SGur0J/yPlZ2TZ
3l3GaBHGGEuFmRrZ+M2ZeS2v1+To2nV/jM/jJF5Xmb6FZPD/con1AYsR71oQUU+h
fTsc4W40JRbOCJTP1gwrLjq293tKJ8bN6U3tqDfLCRsJlcGUX+ZePffB1Heu6B9L
eHG6sQ7l9HM7DYkPzZldTenLuhqX7zGyxrdSlFTz/jPb8+eWSMvy54j2l8+qKgH0
i7o/yP4nrDffk0xUwUkubyX9UIY8LDyOMFttrEoLyDhzeaScSSyV6hsCAQI=
-----END DH PARAMETERS-----

3
compose/nginx/conf/ssl.conf
View File

@ -2,7 +2,7 @@
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.
# this file. Contents are based on https://ssl-config.mozilla.org
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
@ -12,3 +12,4 @@ ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";