Gitiles
Code Review Sign In
review.sourcearcade.org / sourcearcade / a1a296fa55d0b0293a4041c2fe62a41ef08cdb6d / . / nginx / sa.conf
blob: 2bef4749fc0871c5cb8af59a94ef4ac2fa7b1e18 [file] [log] [blame]
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]1server {
Nico Huber38c14da2023-06-24 16:59:28 +0000[diff] [blame]2 listen 80;
3 listen [::]:80;
4
5 return 301 https://$host$request_uri;
6}
7
8server {
9 listen 443 ssl;
10 listen [::]:443 ssl;
Nico Hubera1a296f2023-06-25 10:07:07 +0000[diff] [blame^]11
12 server_name id.miau.local;
13
14 root /var/www/html;
15 location / {
16 index index.php index.html;
17 }
18 location ~ \.php$ {
19 include fastcgi_params;
20 fastcgi_pass simpleid:9000;
21 fastcgi_index index.php;
22 fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
23 }
24}
25
26server {
27 listen 443 ssl default_server;
28 listen [::]:443 ssl default_server;
Nico Huber38c14da2023-06-24 16:59:28 +0000[diff] [blame]29 ssl_certificate /etc/ssl/certs/sa-selfsigned.crt;
30 ssl_certificate_key /etc/ssl/private/sa-selfsigned.key;
31 ssl_protocols TLSv1.3;
32 ssl_prefer_server_ciphers on;
33 #ssl_dhparam /etc/nginx/dhparam.pem;
34 ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
35 ssl_ecdh_curve secp384r1;
36 ssl_session_timeout 10m;
37 ssl_session_cache shared:SSL:10m;
38 ssl_session_tickets off;
39 ssl_stapling on;
40 ssl_stapling_verify on;
41 resolver 8.8.8.8 8.8.4.4 valid=300s;
42 resolver_timeout 5s;
43 # Disable strict transport security for now. You can uncomment the following
44 # line if you understand the implications.
45 #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
46 add_header X-Frame-Options DENY;
47 add_header X-Content-Type-Options nosniff;
48 add_header X-XSS-Protection "1; mode=block";
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]49
Nico Hubera1a296f2023-06-25 10:07:07 +0000[diff] [blame^]50 server_name review.miau.local;
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]51
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]52 location / {
Nico Hubera1a296f2023-06-25 10:07:07 +0000[diff] [blame^]53 proxy_pass http://gerrit:8080;
54 proxy_set_header X-Forwarded-For $remote_addr;
55 proxy_set_header Host $host;
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]56 }
57}