guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: berlin: Add HTTPS support for bootstrappable.org.

From: Ricardo Wurmus
Subject: 01/01: berlin: Add HTTPS support for bootstrappable.org.
Date: Tue, 5 Jun 2018 05:54:42 -0400 (EDT) 
rekado pushed a commit to branch master
in repository maintenance.

commit d4bc9bca640af10dfbbf742c7bf140ebbe6fa91c
Author: Ricardo Wurmus <address@hidden>
Date:   Tue Jun 5 11:51:15 2018 +0200

    berlin: Add HTTPS support for bootstrappable.org.
---
 hydra/nginx/berlin.conf | 34 +++++++++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/hydra/nginx/berlin.conf b/hydra/nginx/berlin.conf
index d15879c..fbeffe0 100644
--- a/hydra/nginx/berlin.conf
+++ b/hydra/nginx/berlin.conf
@@ -107,7 +107,7 @@ http {
 
     server {
         listen       80;
-        server_name  bootstrappable.org;
+        server_name  bootstrappable.org www.bootstrappable.org;
         root         /home/rekado/bootstrappable.org;
         index        index.html;
         access_log   /var/log/nginx/bootstrappable.access.log;
@@ -144,4 +144,36 @@ http {
 
         include berlin-locations.conf;
     }
+    server {
+        listen       443 ssl;
+        server_name  bootstrappable.org www.bootstrappable.org;
+
+        ssl_certificate     
/etc/letsencrypt/live/bootstrappable.org/fullchain.pem;
+        ssl_certificate_key 
/etc/letsencrypt/live/bootstrappable.org/privkey.pem;
+
+        # Make sure SSL is disabled.
+        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+
+        # Disable weak cipher suites.
+        ssl_ciphers         HIGH:!aNULL:!MD5;
+        ssl_prefer_server_ciphers on;
+
+        # Use our own DH parameters created with:
+        #    openssl dhparam -out dhparams.pem 2048
+        # as suggested at <https://weakdh.org/sysadmin.html>.
+        ssl_dhparam         /etc/dhparams.pem;
+
+        access_log  /var/log/nginx/https.access.log;
+
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
+
+        root         /home/rekado/bootstrappable.org;
+        index        index.html;
+        access_log   /var/log/nginx/bootstrappable.https.access.log;
+        location = / {
+          root /home/rekado/bootstrappable.org;
+        }
+    }
 }
reply via email to
[Prev in Thread] Current Thread [Next in Thread]