28 lines
976 B
Text
28 lines
976 B
Text
server {
|
|
root /var/www/html;
|
|
server_name mumble.hamburg.ccc.de; # managed by Certbot
|
|
|
|
listen [::]:443 ssl ipv6only=on; # managed by Certbot
|
|
listen 443 ssl; # managed by Certbot
|
|
|
|
ssl_certificate /etc/letsencrypt/live/mumble.hamburg.ccc.de/fullchain.pem; # managed by Certbot
|
|
ssl_certificate_key /etc/letsencrypt/live/mumble.hamburg.ccc.de/privkey.pem; # managed by Certbot
|
|
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
|
ssl_trusted_certificate /etc/letsencrypt/live/mumble.hamburg.ccc.de/chain.pem;
|
|
|
|
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
|
|
|
location /static {
|
|
alias /opt/mailman/web/static;
|
|
autoindex off;
|
|
}
|
|
|
|
location / {
|
|
return 302 https://wiki.hamburg.ccc.de/infrastructure:services:mumble;
|
|
}
|
|
|
|
location /metrics {
|
|
proxy_pass http://127.0.0.1:9123/;
|
|
}
|
|
}
|