-
-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Expand file tree
/
Copy pathlisten.gotmpl
More file actions
36 lines (30 loc) · 1.42 KB
/
listen.gotmpl
File metadata and controls
36 lines (30 loc) · 1.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# Internal (IPv4 always; IPv6 optional)
listen {{ .listen.internal }};
{{ if .ipv6.enabled }}listen [::]:{{ .listen.internal_port }};{{ end }}
# intended for external traffic, protected by auth
{{ if .tls.enabled }}
# external HTTPS (IPv4 always; IPv6 optional)
listen {{ .listen.external }} ssl;
{{ if .ipv6.enabled }}listen [::]:{{ .listen.external_port }} ssl;{{ end }}
ssl_certificate /etc/letsencrypt/live/frigate/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/frigate/privkey.pem;
# generated 2024-06-01, Mozilla Guideline v5.7, nginx 1.25.3, OpenSSL 1.1.1w, modern configuration, no OCSP
# https://ssl-config.mozilla.org/#server=nginx&version=1.25.3&config=modern&openssl=1.1.1w&ocsp=false&guideline=5.7
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# ACME challenge location
location /.well-known/acme-challenge/ {
default_type "text/plain";
root /etc/letsencrypt/www;
}
{{ else }}
# (No tls) default to HTTP (IPv4 always; IPv6 optional)
listen {{ .listen.external }};
{{ if .ipv6.enabled }}listen [::]:{{ .listen.external_port }};{{ end }}
{{ end }}