nginx/sa.conf - sourcearcade - Gitiles

 proxy_cache_path /var/cache/nginx/gerrit levels=2 keys_zone=GERRIT:1m inactive=1w max_size=16m;

 server {
     listen 80;
     listen [::]:80;

     location /.well-known/acme-challenge/ {
         root /var/www/certbot;
     }

     location / {
 	    return 301 https://$host$request_uri;
     }
 }

 server {
     listen 443 ssl;
     listen [::]:443 ssl;

     server_name id.miau.local;

     root /var/www/html;
     location / {
         index index.php index.html;
     }
     location ~ \.php$ {
         include fastcgi_params;
         fastcgi_pass simpleid:9000;
         fastcgi_index index.php;
         fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
     }
 }

 server {
     listen 443 ssl default_server;
     listen [::]:443 ssl default_server;
     ssl_certificate /etc/nginx/certs/live/miau.local/fullchain.pem;
     ssl_certificate_key /etc/nginx/certs/live/miau.local/privkey.pem;
     ssl_protocols TLSv1.3;
     ssl_prefer_server_ciphers on;
     #ssl_dhparam /etc/nginx/dhparam.pem;
     ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
     ssl_ecdh_curve secp384r1;
     ssl_session_timeout  10m;
     ssl_session_cache shared:SSL:10m;
     ssl_session_tickets off;
     ssl_stapling on;
     ssl_stapling_verify on;
     resolver 8.8.8.8 8.8.4.4 valid=300s;
     resolver_timeout 5s;
     # Disable strict transport security for now. You can uncomment the following
     # line if you understand the implications.
     #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
     add_header X-Frame-Options DENY;
     add_header X-Content-Type-Options nosniff;
     add_header X-XSS-Protection "1; mode=block";

     server_name review.miau.local;

     location / {
         proxy_pass        http://gerrit:8080;
         proxy_set_header  X-Forwarded-For $remote_addr;
         proxy_set_header  Host $host;

         location ~ ^/(bower_components|elements|fonts|styles)/ {
             proxy_pass              http://gerrit:8080;
             proxy_set_header        X-Forwarded-For $remote_addr;
             proxy_set_header        Host $host;
             proxy_cache             GERRIT;
             proxy_cache_valid       200 1h;
             proxy_cache_use_stale   error timeout invalid_header updating http_500 http_503;
             # Gerrit bug sets `private`, hence the whole location override:
             proxy_ignore_headers    Cache-Control;
         }
     }
 }
	proxy_cache_path /var/cache/nginx/gerrit levels=2 keys_zone=GERRIT:1m inactive=1w max_size=16m;

	server {
	listen 80;
	listen [::]:80;

	location /.well-known/acme-challenge/ {
	root /var/www/certbot;
	}

	location / {
	return 301 https://$host$request_uri;
	}
	}

	server {
	listen 443 ssl;
	listen [::]:443 ssl;

	server_name id.miau.local;

	root /var/www/html;
	location / {
	index index.php index.html;
	}
	location ~ \.php$ {
	include fastcgi_params;
	fastcgi_pass simpleid:9000;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
	}
	}

	server {
	listen 443 ssl default_server;
	listen [::]:443 ssl default_server;
	ssl_certificate /etc/nginx/certs/live/miau.local/fullchain.pem;
	ssl_certificate_key /etc/nginx/certs/live/miau.local/privkey.pem;
	ssl_protocols TLSv1.3;
	ssl_prefer_server_ciphers on;
	#ssl_dhparam /etc/nginx/dhparam.pem;
	ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
	ssl_ecdh_curve secp384r1;
	ssl_session_timeout 10m;
	ssl_session_cache shared:SSL:10m;
	ssl_session_tickets off;
	ssl_stapling on;
	ssl_stapling_verify on;
	resolver 8.8.8.8 8.8.4.4 valid=300s;
	resolver_timeout 5s;
	# Disable strict transport security for now. You can uncomment the following
	# line if you understand the implications.
	#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
	add_header X-Frame-Options DENY;
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";

	server_name review.miau.local;

	location / {
	proxy_pass http://gerrit:8080;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header Host $host;

	location ~ ^/(bower_components\|elements\|fonts\|styles)/ {
	proxy_pass http://gerrit:8080;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header Host $host;
	proxy_cache GERRIT;
	proxy_cache_valid 200 1h;
	proxy_cache_use_stale error timeout invalid_header updating http_500 http_503;
	# Gerrit bug sets `private`, hence the whole location override:
	proxy_ignore_headers Cache-Control;
	}
	}
	}