| Nico Huber | 8cd50ee | 2023-06-24 15:35:16 +0000 | [diff] [blame] | 1 | server { |
| Nico Huber | 38c14da | 2023-06-24 16:59:28 +0000 | [diff] [blame^] | 2 | listen 80; |
| 3 | listen [::]:80; |
| 4 | |
| 5 | return 301 https://$host$request_uri; |
| 6 | } |
| 7 | |
| 8 | server { |
| 9 | listen 443 ssl; |
| 10 | listen [::]:443 ssl; |
| 11 | ssl_certificate /etc/ssl/certs/sa-selfsigned.crt; |
| 12 | ssl_certificate_key /etc/ssl/private/sa-selfsigned.key; |
| 13 | ssl_protocols TLSv1.3; |
| 14 | ssl_prefer_server_ciphers on; |
| 15 | #ssl_dhparam /etc/nginx/dhparam.pem; |
| 16 | ssl_ciphers EECDH+AESGCM:EDH+AESGCM; |
| 17 | ssl_ecdh_curve secp384r1; |
| 18 | ssl_session_timeout 10m; |
| 19 | ssl_session_cache shared:SSL:10m; |
| 20 | ssl_session_tickets off; |
| 21 | ssl_stapling on; |
| 22 | ssl_stapling_verify on; |
| 23 | resolver 8.8.8.8 8.8.4.4 valid=300s; |
| 24 | resolver_timeout 5s; |
| 25 | # Disable strict transport security for now. You can uncomment the following |
| 26 | # line if you understand the implications. |
| 27 | #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; |
| 28 | add_header X-Frame-Options DENY; |
| 29 | add_header X-Content-Type-Options nosniff; |
| 30 | add_header X-XSS-Protection "1; mode=block"; |
| Nico Huber | 8cd50ee | 2023-06-24 15:35:16 +0000 | [diff] [blame] | 31 | |
| 32 | server_name id.miau.local; |
| 33 | |
| 34 | root /var/www/html; |
| 35 | location / { |
| 36 | index index.php index.html; |
| 37 | } |
| 38 | location ~ \.php$ { |
| 39 | include fastcgi_params; |
| 40 | fastcgi_pass simpleid:9000; |
| 41 | fastcgi_index index.php; |
| 42 | fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; |
| 43 | } |
| 44 | } |