106 lines
3.5 KiB
Plaintext
106 lines
3.5 KiB
Plaintext
server {
|
|
listen 443 ssl http2;
|
|
server_name maidstone-hackspace.org.uk live.maidstone-hackspace.org.uk www.maidstone-hackspace.org.uk;
|
|
root /var/www/live-maidstone-hackspace.org.uk/site/html;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/live.maidstone-hackspace.org.uk/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/live.maidstone-hackspace.org.uk/privkey.pem;
|
|
|
|
ssl_stapling on;
|
|
ssl_stapling_verify on;
|
|
ssl_protocols TLSv1.2;
|
|
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_session_timeout 1d;
|
|
ssl_session_cache shared:SSL:50m;
|
|
ssl_session_tickets on;
|
|
ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
|
|
|
resolver 8.8.8.8;
|
|
|
|
server_tokens off;
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Strict-Transport-Security max-age=15768000;
|
|
|
|
error_page 404 = /404.htm;
|
|
|
|
location = / {
|
|
# match uri equalling / only for index, if anything is after / go to next location
|
|
try_files $uri $uri/index.htm;
|
|
}
|
|
|
|
|
|
location / {
|
|
try_files $uri $uri.htm $uri/ @uwsgi_fallback;
|
|
#error_page 404 = @fallback;
|
|
}
|
|
|
|
location /static {
|
|
alias /var/www/live-maidstone-hackspace.org.uk/site/static;
|
|
#expires 1d;
|
|
#add_header Pragma public;
|
|
#add_header Cache-Control "public";
|
|
}
|
|
|
|
location @uwsgi_fallback {
|
|
include uwsgi_params;
|
|
uwsgi_pass unix:///data/sockets/live-maidstone_hackspace.sock;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name test.maidstone-hackspace.org.uk;
|
|
root /var/www/test-maidstone-hackspace.org.uk/site/html;
|
|
|
|
|
|
ssl_certificate /etc/letsencrypt/live/test.maidstone-hackspace.org.uk/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/test.maidstone-hackspace.org.uk/privkey.pem;
|
|
|
|
ssl_stapling on;
|
|
ssl_stapling_verify on;
|
|
ssl_protocols TLSv1.2;
|
|
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_session_timeout 1d;
|
|
ssl_session_cache shared:SSL:50m;
|
|
ssl_session_tickets off;
|
|
ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
|
|
|
resolver 8.8.8.8;
|
|
|
|
server_tokens off;
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Strict-Transport-Security max-age=15768000;
|
|
|
|
error_page 404 = /404.htm;
|
|
|
|
location = / {
|
|
# match uri equalling / only for index, if anything is after / go to next location
|
|
try_files $uri $uri/index.htm;
|
|
}
|
|
|
|
location / {
|
|
try_files $uri $uri.htm $uri/ @uwsgi_fallback;
|
|
#error_page 404 = @fallback;
|
|
}
|
|
|
|
location /static {
|
|
alias /var/www/test-maidstone-hackspace.org.uk/site/static;
|
|
expires 1d;
|
|
add_header Pragma public;
|
|
add_header Cache-Control "public";
|
|
}
|
|
|
|
|
|
location @uwsgi_fallback {
|
|
include uwsgi_params;
|
|
uwsgi_pass unix:///data/sockets/test-maidstone_hackspace.sock;
|
|
}
|
|
|
|
}
|