Permalink
Browse files

Ŝanĝo de Nginx agordoj.

  • Loading branch information...
batisteo committed Jun 1, 2017
1 parent d204447 commit 050506a7ecc6abb7c84332ae4d9c8d771879e8a6
Showing with 74 additions and 7 deletions.
  1. +67 −0 etc/nginx/nginx.conf
  2. +6 −6 etc/nginx/prod.conf
  3. +1 −1 etc/nginx/staging.conf
View
@@ -0,0 +1,67 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
more_set_headers "Server: Venu_kontribui_al_Pasporta_Servo";
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE+CHACHA20:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE+AES256+SHA384:ECDHE+AES256+SHA';
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
}
View
@@ -1,10 +1,10 @@
server {
listen 80;
listen [::]:80;
server_name pasportaservo.org;
server_name pasportaservo.org www.pasportaservo.org;
# letsencrypt webroot
location ~ /.well-known {
location ~ /.well-known/acme-challenge {
allow all;
root /usr/share/nginx/html;
}
@@ -18,7 +18,7 @@ server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name pasportaservo.org;
if ($host != pasportaservo.org) {
return 444 "No Response";
}
@@ -29,12 +29,12 @@ server {
ssl_certificate_key /etc/letsencrypt/live/pasportaservo.org/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/pasportaservo.org/chain.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_session_tickets off;
location /mapo {
alias /srv/prod/pasportaservo-js/dist;
View
@@ -4,7 +4,7 @@ server {
server_name ido.pasportaservo.org;
# letsencrypt webroot
location ~ /.well-known {
location ~ /.well-known/acme-challenge {
allow all;
root /usr/share/nginx/html;
}

0 comments on commit 050506a

Please sign in to comment.