Sutty/trabajo-afectivo
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Update zammad_ssl.conf

Browse source 
Indentation corrected
This commit is contained in:
Liam Sullivan 2018-06-13 11:07:21 +01:00 committed by GitHub
parent 0a619bc3f7
commit f50bd63c41
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 32 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

64
contrib/nginx/zammad_ssl.conf
View file

@ -9,60 +9,60 @@
# #
upstream zammad-railsserver { upstream zammad-railsserver {
server localhost:3000; server localhost:3000;
} }
upstream zammad-websocket { upstream zammad-websocket {
server localhost:6042; server localhost:6042;
} }
server { server {
listen 80; listen 80;
server_name example.com www.example.com; server_name example.com www.example.com;
access_log /var/log/nginx/zammad.access.log; access_log /var/log/nginx/zammad.access.log;
error_log /var/log/nginx/zammad.error.log; error_log /var/log/nginx/zammad.error.log;
location /.well-known/ { location /.well-known/ {
root /var/www/html; root /var/www/html;
} }
location / { location / {
rewrite ^/(.*)$ https://example.com/$1 permanent; rewrite ^/(.*)$ https://example.com/$1 permanent;
} }
} }
server { server {
listen 443 ssl http2; listen 443 ssl http2;
server_name example.com; server_name example.com;
ssl_certificate /etc/nginx/ssl/your_cert.crt; ssl_certificate /etc/nginx/ssl/your_cert.crt;
ssl_certificate_key /etc/nginx/ssl/your_private_key.key; ssl_certificate_key /etc/nginx/ssl/your_private_key.key;
ssl_protocols TLSv1.2; ssl_protocols TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_dhparam /etc/nginx/ssl/dhparam.pem; ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;
ssl_session_timeout 180m; ssl_session_timeout 180m;
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/your_cert.crt; ssl_trusted_certificate /etc/nginx/ssl/your_cert.crt;
resolver 8.8.8.8 8.8.4.4; resolver 8.8.8.8 8.8.4.4;
add_header Strict-Transport-Security "max-age=31536000" always; add_header Strict-Transport-Security "max-age=31536000" always;
location = /robots.txt { location = /robots.txt {
access_log off; log_not_found off; access_log off; log_not_found off;
} }
@ -97,8 +97,8 @@ server {
proxy_read_timeout 180; proxy_read_timeout 180;
proxy_pass http://zammad-railsserver; proxy_pass http://zammad-railsserver;
gzip on; gzip on;
gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml; gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
gzip_proxied any; gzip_proxied any;
} }
} }