Gitiles
Code Review Sign In
review.sourcearcade.org / sourcearcade / refs/heads/keycloak / . / nginx / sa.conf
blob: 56262ae948b4dce3c4c69589096390fe47b76ca9 [file] [log] [blame]
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]1server {
Nico Huber38c14da2023-06-24 16:59:28 +0000[diff] [blame]2 listen 80;
3 listen [::]:80;
4
Nico Huber15edd772023-07-01 18:16:50 +0000[diff] [blame]5 location /.well-known/acme-challenge/ {
6 root /var/www/certbot;
7 }
8
9 location / {
10 return 301 https://$host$request_uri;
11 }
Nico Huber38c14da2023-06-24 16:59:28 +0000[diff] [blame]12}
13
14server {
Nico Hubera1a296f2023-06-25 10:07:07 +0000[diff] [blame]15 listen 443 ssl default_server;
16 listen [::]:443 ssl default_server;
Nico Huber2a128892023-07-25 17:19:42 +0000[diff] [blame]17 ssl_certificate /etc/nginx/certs/live/${SA_PUBLIC_DOMAIN_NAME}/fullchain.pem;
18 ssl_certificate_key /etc/nginx/certs/live/${SA_PUBLIC_DOMAIN_NAME}/privkey.pem;
Nico Huber38c14da2023-06-24 16:59:28 +0000[diff] [blame]19 ssl_protocols TLSv1.3;
20 ssl_prefer_server_ciphers on;
21 #ssl_dhparam /etc/nginx/dhparam.pem;
22 ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
23 ssl_ecdh_curve secp384r1;
24 ssl_session_timeout 10m;
25 ssl_session_cache shared:SSL:10m;
26 ssl_session_tickets off;
27 ssl_stapling on;
28 ssl_stapling_verify on;
29 resolver 8.8.8.8 8.8.4.4 valid=300s;
30 resolver_timeout 5s;
31 # Disable strict transport security for now. You can uncomment the following
32 # line if you understand the implications.
33 #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
34 add_header X-Frame-Options DENY;
35 add_header X-Content-Type-Options nosniff;
36 add_header X-XSS-Protection "1; mode=block";
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]37}