Holger Frey
7 years ago
2 changed files with 53 additions and 1 deletions
@ -0,0 +1,51 @@
@@ -0,0 +1,51 @@
|
||||
server { |
||||
listen 443 ssl; |
||||
server_name {{cookiecutter.domain}}; |
||||
add_header X-Clacks-Overhead "GNU Terry Pratchett"; |
||||
|
||||
access_log /var/log/nginx/moin_{{cookiecutter.directory_name}}.access.log; |
||||
|
||||
{% if cookiecutter.access == "university only" %} |
||||
# Access is only allowed from the internal university network |
||||
allow 132.230.0.0/16; |
||||
allow 192.52.0.0/16; |
||||
allow 10.0.0.0/8; |
||||
deny all; |
||||
{% endif %} |
||||
|
||||
# ssl configuration |
||||
# ssl key and certificate |
||||
ssl_certificate /etc/ssl/uni-fr/live/{{cookiecutter.directory_name}}/fullchain.pem; |
||||
ssl_certificate_key /etc/ssl/uni-fr/keys/{{cookiecutter.directory_name}}.key; |
||||
# ssl protocols and ciphers |
||||
ssl_protocols TLSv1.2 TLSv1.1 TLSv1; |
||||
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL; |
||||
ssl_prefer_server_ciphers on; |
||||
# use a strong diffy helman elliptic curve |
||||
ssl_dhparam /etc/ssl/nginx/dhparam2048.pem; |
||||
ssl_ecdh_curve secp384r1; |
||||
# add HSTS header |
||||
add_header Strict-Transport-Security "max-age=31536000"; |
||||
|
||||
location /HonigTopf { |
||||
add_header Content-Type image/gif; |
||||
alias /var/www/moin/static/honeypot.gif; |
||||
} |
||||
|
||||
location ^~ /moin_static/ { |
||||
alias /var/www/moin_static/; |
||||
} |
||||
|
||||
location ^~ /static/ { |
||||
alias /var/www/moin/static/; |
||||
} |
||||
|
||||
location / { |
||||
try_files $uri @moin; |
||||
} |
||||
|
||||
location @moin { |
||||
include uwsgi_params; |
||||
uwsgi_pass unix:/tmp/moin.sock; |
||||
} |
||||
} |
||||
Loading…
Reference in new issue