Konfiguration gefixt und massiv aufgeräumt
SSL Redirects funktionieren jetzt
This commit is contained in:
kpcyrd
parent
d170593345
commit
d144bc082c
30 changed files with 501 additions and 241 deletions
39
sites-available/base
Normal file
39
sites-available/base
Normal file
|
|
@ -0,0 +1,39 @@
|
|||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
|
||||
|
||||
|
||||
access_log off;
|
||||
error_log /dev/null crit;
|
||||
|
||||
|
||||
ssl_certificate /etc/ssl/certs/*.hamburg.freifunk.net.crt;
|
||||
ssl_certificate_key /etc/ssl/private/*.hamburg.freifunk.net.key;
|
||||
|
||||
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 10m;
|
||||
|
||||
# Only strong ciphers in PFS mode
|
||||
ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
|
||||
# Don't allow to get framed by sites that aren't on the same domain
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
|
||||
# Tell clients never to use http or self-signed (!) certificates
|
||||
# There's no way to bypass this option after it has been cached!
|
||||
add_header Strict-Transport-Security max-age=31536000;
|
||||
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue