|
|
|
@@ -1,5 +1,5 @@ |
|
|
|
server { |
|
|
|
server_name {{ server_name }}; |
|
|
|
server_name {{ server_alias }} {{ server_name }}; |
|
|
|
listen {{ ssl_port }} ssl http2; |
|
|
|
|
|
|
|
location / { |
|
|
|
@@ -29,35 +29,3 @@ server { |
|
|
|
return 301 https://$host$request_uri; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
server { |
|
|
|
server_name {{ server_alias }}; |
|
|
|
listen {{ ssl_port }} ssl http2; |
|
|
|
|
|
|
|
location / { |
|
|
|
proxy_pass http://127.0.0.1:{{ admin_port }}/; |
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
|
|
proxy_set_header X-Real-IP $remote_addr; |
|
|
|
proxy_set_header X-Forwarded-Host {{ server_name }}; |
|
|
|
proxy_set_header X-Forwarded-Proto https; |
|
|
|
} |
|
|
|
|
|
|
|
location ^~ /.well-known/acme-challenge/ { |
|
|
|
default_type "text/plain"; |
|
|
|
root /var/www/html; |
|
|
|
} |
|
|
|
|
|
|
|
ssl_certificate /etc/letsencrypt/live/{{ server_alias }}/fullchain.pem; |
|
|
|
ssl_certificate_key /etc/letsencrypt/live/{{ server_alias }}/privkey.pem; |
|
|
|
ssl_session_cache shared:le_nginx_SSL:1m; |
|
|
|
ssl_session_timeout 1440m; |
|
|
|
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
|
|
|
ssl_prefer_server_ciphers on; |
|
|
|
|
|
|
|
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA"; |
|
|
|
|
|
|
|
if ($scheme != "https") { |
|
|
|
return 301 https://$host$request_uri; |
|
|
|
} |
|
|
|
} |
Jonathan Cobb
5 年前