51 lines
2.1 KiB
Nginx Configuration File
51 lines
2.1 KiB
Nginx Configuration File
user www-data;
|
|
worker_processes 4;
|
|
pid /run/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 768;
|
|
}
|
|
|
|
http {
|
|
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
|
upstream www {
|
|
server www;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
server_name sophia.events;
|
|
rewrite ^ https://sophia.events$request_uri? permanent;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
server_name sophia.events;
|
|
ssl_certificate /etc/ssl/certs/server.crt;
|
|
ssl_certificate_key /etc/ssl/certs/server.key;
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
|
|
ssl_session_cache shared:SSL:20m;
|
|
ssl_session_timeout 4h;
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-Frame-Options DENY;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Content-Security-Policy "default-src 'self'; script-src https://code.jquery.com https://cdn.jsdelivr.net https://www.google-analytics.com https://www.googletagmanager.com 'self'; style-src https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'self'; font-src https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; object-src 'none'; image-src https://google-analytics.com 'self'";
|
|
|
|
location / {
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_pass http://www;
|
|
}
|
|
}
|
|
}
|