nginx/redirect,secure

2019-08-06 20:18:09 +02:00 · 2019-08-06 20:18:09 +02:00 · 8d9e58eb7c
commit 8d9e58eb7c
parent 779ad581bb
1 changed files with 26 additions and 4 deletions
--- a/in/personal/server/index.rst
+++ b/in/personal/server/index.rst
@ -309,25 +309,47 @@ Prepare a grub.cfg
 Web
 ---

+Security
+^^^^^^^^
+
+* /etc/nginx/https.conf
+
+::
+
+listen 443 ssl http2;
+listen [::]:443 ssl http2;
+add_header Strict-Transport-Security "max-age=31557600; includeSubDomains; preload";
+
 Sites
 ^^^^^

+* /etc/nginx/sites-enabled/http
+
+::
+
+ server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+ server_name _;
+ return 301 https://${host}${request_uri};
+ }
+
+* /etc/nginx/sites-enabled/rwx.work
+
 ::

 ssl_certificate /etc/nginx/rwx.work/bundle.crt;
 ssl_certificate_key /etc/nginx/rwx.work/key.pem;

 server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ include /etc/nginx/https.conf;
 server_name deb.rwx.work;
 root /d/mirrors/apt-mirror/debian;
 autoindex on;
 }

 server {
- listen 443 default_server ssl http2;
- listen [::]:443 default_server ssl http2;
+ include /etc/nginx/https.conf;
 server_name .rwx.work;
 location / {
 proxy_pass http://10.0.0.1/;