Commit
These are the initial config files for hosting *.whatwg.org domains under nginx. Notes: * We match the Mozilla SSL Configurator “Intermediate” settings See https://mozilla.github.io/server-side-tls/ssl-config-generator/ * We set `ssl_session_tickets off` * We allow directory indexes everywhere (makes all directory indexes browsable) * We use `systemctl reload-or-restart nginx.service`
- Loading branch information
There are no files selected for viewing
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
#!/bin/bash -e | ||
|
||
apt install nginx | ||
|
||
rm -f /etc/nginx/sites-enabled/* | ||
|
||
cp nginx/conf/http.conf /etc/nginx/conf.d/ | ||
cp nginx/conf/whatwg.conf /etc/nginx/ | ||
cp nginx/conf/whatwg-headers.conf /etc/nginx/ | ||
|
||
mkdir -p /var/www/http/.well-known/acme-challenge | ||
|
||
chown -R deploy:deploy /var/www | ||
rm -rf /var/www/html | ||
|
||
nginx -t | ||
systemctl reload-or-restart nginx.service |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
#!/bin/bash -e | ||
|
||
apt install certbot python-certbot-apache | ||
apt install certbot | ||
|
||
for domains in `cat DOMAINS`; do | ||
certbot certonly -n --apache --agree-tos -m admin@whatwg.org -d $domains | ||
certbot certonly -n --agree-tos --webroot -m admin@whatwg.org -d $domains -w /var/www/http | ||
done |
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
#!/bin/bash -e | ||
|
||
rm -f /etc/nginx/sites-enabled/* | ||
cp nginx/sites/*.conf /etc/nginx/sites-available/ | ||
|
||
for domain in `cat DOMAINS | tr , ' '`; do | ||
ln -s /etc/nginx/sites-available/$domain.conf /etc/nginx/sites-enabled/ | ||
done | ||
|
||
nginx -t | ||
systemctl reload-or-restart nginx.service |
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
server { | ||
listen 80 default_server; | ||
listen [::]:80 default_server; | ||
root /var/www/http; | ||
location ^~ /.well-known/acme-challenge/ { | ||
default_type application/jose+json; | ||
} | ||
location / { | ||
return 301 https://$host$request_uri; | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; | ||
add_header X-Content-Type-Options nosniff; | ||
add_header X-XSS-Protection "1; mode=block"; |