6 年之前 · f3d03d656d
--- a/sites-available/gitea
+++ b/sites-available/gitea
@@ -14,41 +14,34 @@
 
				 # Default server configuration
			
 
				 #
			
 
				 server {
			
 
				-	listen 80;
			
 
				-	listen [::]:80;
			
 
				+        listen 80;
			
 
				+        listen [::]:80;
			
 
				 
			
 
				-	# SSL configuration
			
 
				-	#
			
 
				-	# listen 443 ssl default_server;
			
 
				-	# listen [::]:443 ssl default_server;
			
 
				-	#
			
 
				-	# Note: You should disable gzip for SSL traffic.
			
 
				-	# See: https://bugs.debian.org/773332
			
 
				-	#
			
 
				-	# Read up on ssl_ciphers to ensure a secure configuration.
			
 
				-	# See: https://bugs.debian.org/765782
			
 
				-	#
			
 
				-	# Self signed certs generated by the ssl-cert package
			
 
				-	# Don't use them in a production server!
			
 
				-	#
			
 
				-	# include snippets/snakeoil.conf;
			
 
				+        server_name git.ataber.pw;
			
 
				+        return 301 https://$host$request_uri;                                   
			
 
				+}
			
 
				+
			
 
				+server {
			
 
				+        listen 443 ssl http2;
			
 
				+        listen [::]:443 ssl http2;
			
 
				 
			
 
				-	root /var/www/html;
			
 
				+        ssl_certificate /etc/letsencrypt/live/ataber.pw/fullchain.pem;                                
			
 
				+        ssl_certificate_key /etc/letsencrypt/live/ataber.pw/privkey.pem;                              
			
 
				+        ssl_trusted_certificate /etc/letsencrypt/live/ataber.pw/chain.pem;                            
			
 
				+        ssl_dhparam /etc/ssl/private/dhparam.pem;
			
 
				 
			
 
				-	# Add index.php to the list if you are using PHP
			
 
				-	index index.html index.htm index.nginx-debian.html;
			
 
				+	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
			
 
				+	add_header X-Xss-Protection "1; mode=block" always;
			
 
				+	add_header X-Content-Type-Options "nosniff" always;
			
 
				+	add_header X-Frame-Options "SAMEORIGIN" always;
			
 
				+	proxy_hide_header X-Powered-By;
			
 
				+	add_header 'Referrer-Policy' 'no-referrer';
			
 
				+	add_header Content-Security-Policy "frame-ancestors ataber.pw git.ataber.pw;";
			
 
				 
			
 
				 	server_name git.ataber.pw;
			
 
				 
			
 
				 	location / {
			
 
				-		# First attempt to serve request as file, then
			
 
				-		# as directory, then fall back to displaying a 404.
			
 
				-		proxy_pass http://localhost:3000;
			
 
				-		proxy_http_version 1.1;
			
 
				-                proxy_set_header Upgrade $http_upgrade;
			
 
				-                proxy_set_header Connection 'upgrade';
			
 
				-                proxy_set_header Host $host;
			
 
				-                proxy_cache_bypass $http_upgrade;
			
 
				+		proxy_pass http://unix:/home/alex/gitea.sock;
			
 
				 	}
			
 
				 
			
 
				 	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000