formular.hamburg.freifunk.net via trusted https
This commit is contained in:
parent
e603c0e666
commit
d170593345
|
@ -3,12 +3,41 @@ server {
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
server_name formular.hamburg.freifunk.net formular.services.ffhh formular.ffhh;
|
server_name formular.hamburg.freifunk.net formular.services.ffhh formular.ffhh;
|
||||||
|
|
||||||
|
access_log off;
|
||||||
|
|
||||||
|
return 301 https://formular.hamburg.freifunk.net$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443;
|
||||||
|
listen [::]:443;
|
||||||
|
server_name formular.hamburg.freifunk.net formular.services.ffhh formular.ffhh;
|
||||||
|
|
||||||
access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitor loggen.
|
access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitor loggen.
|
||||||
|
|
||||||
# Bitte nur zum Debuggen von schweren Fehlern das Log-File temporär setzen und dann anschließend die Logs löschen.
|
# Bitte nur zum Debuggen von schweren Fehlern das Log-File temporär setzen und dann anschließend die Logs löschen.
|
||||||
# So stellen wir sicher, dass keine IPs geloggt werden.
|
# So stellen wir sicher, dass keine IPs geloggt werden.
|
||||||
error_log /dev/null crit;
|
error_log /dev/null crit;
|
||||||
|
|
||||||
|
ssl_certificate /etc/ssl/certs/formular.hamburg.freifunk.net.crt;
|
||||||
|
ssl_certificate_key /etc/ssl/private/formular.hamburg.freifunk.net.key;
|
||||||
|
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
ssl_session_cache shared:SSL:10m;
|
||||||
|
ssl_session_timeout 10m;
|
||||||
|
|
||||||
|
# Only strong ciphers in PFS mode
|
||||||
|
ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;
|
||||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||||
|
|
||||||
|
|
||||||
|
# Don't allow to get framed by sites that aren't on the same domain
|
||||||
|
add_header X-Frame-Options SAMEORIGIN;
|
||||||
|
|
||||||
|
# Tell clients never to use http or self-signed (!) certificates
|
||||||
|
# There's no way to bypass this option after it has been cached!
|
||||||
|
add_header Strict-Transport-Security max-age=31536000;
|
||||||
|
|
||||||
#return 301 $scheme://formular.hamburg.freifunk.net:8080$request_uri;
|
#return 301 $scheme://formular.hamburg.freifunk.net:8080$request_uri;
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://formular.hamburg.freifunk.net:8080;
|
proxy_pass http://formular.hamburg.freifunk.net:8080;
|
||||||
|
|
Loading…
Reference in a new issue