ash
/
nginx-configs
Obserwuj 1
Gwiazdka 0
Forkuj 0
Kod Problemy 0 Pull Requests 0 Wydania 0 Wiki Aktywność
Przeglądaj źródła

Update gitea

Alex Taber 6 lat temu
rodzic
13e9ed9f63
commit
f3d03d656d
1 zmienionych plików z 21 dodań i 28 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 21
    28
      sites-available/gitea

+ 21
- 28
sites-available/gitea Wyświetl plik 

@@ -14,41 +14,34 @@
14 14 
 # Default server configuration
15 15 
 #
16 16 
 server {
17 
-	listen 80;
18 
-	listen [::]:80;
17 
+        listen 80;
18 
+        listen [::]:80;
19 19
20 
-	# SSL configuration
21 
-	#
22 
-	# listen 443 ssl default_server;
23 
-	# listen [::]:443 ssl default_server;
24 
-	#
25 
-	# Note: You should disable gzip for SSL traffic.
26 
-	# See: https://bugs.debian.org/773332
27 
-	#
28 
-	# Read up on ssl_ciphers to ensure a secure configuration.
29 
-	# See: https://bugs.debian.org/765782
30 
-	#
31 
-	# Self signed certs generated by the ssl-cert package
32 
-	# Don't use them in a production server!
33 
-	#
34 
-	# include snippets/snakeoil.conf;
20 
+        server_name git.ataber.pw;
21 
+        return 301 https://$host$request_uri;
22 
+}
23 
+
24 
+server {
25 
+        listen 443 ssl http2;
26 
+        listen [::]:443 ssl http2;
35 27
36 
-	root /var/www/html;
28 
+        ssl_certificate /etc/letsencrypt/live/ataber.pw/fullchain.pem;
29 
+        ssl_certificate_key /etc/letsencrypt/live/ataber.pw/privkey.pem;
30 
+        ssl_trusted_certificate /etc/letsencrypt/live/ataber.pw/chain.pem;
31 
+        ssl_dhparam /etc/ssl/private/dhparam.pem;
37 32
38 
-	# Add index.php to the list if you are using PHP
39 
-	index index.html index.htm index.nginx-debian.html;
33 
+	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
34 
+	add_header X-Xss-Protection "1; mode=block" always;
35 
+	add_header X-Content-Type-Options "nosniff" always;
36 
+	add_header X-Frame-Options "SAMEORIGIN" always;
37 
+	proxy_hide_header X-Powered-By;
38 
+	add_header 'Referrer-Policy' 'no-referrer';
39 
+	add_header Content-Security-Policy "frame-ancestors ataber.pw git.ataber.pw;";
40 40
41 41 
 	server_name git.ataber.pw;
42 42
43 43 
 	location / {
44 
-		# First attempt to serve request as file, then
45 
-		# as directory, then fall back to displaying a 404.
46 
-		proxy_pass http://localhost:3000;
47 
-		proxy_http_version 1.1;
48 
-                proxy_set_header Upgrade $http_upgrade;
49 
-                proxy_set_header Connection 'upgrade';
50 
-                proxy_set_header Host $host;
51 
-                proxy_cache_bypass $http_upgrade;
44 
+		proxy_pass http://unix:/home/alex/gitea.sock;
52 45 
 	}
53 46
54 47 
 	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000