99 lines
2.0 KiB
Plaintext
99 lines
2.0 KiB
Plaintext
|
server {
|
||
|
listen 80;
|
||
|
listen [::]:80;
|
||
|
server_name gnusocial.example;
|
||
|
rewrite ^ https://$server_name$request_uri? permanent;
|
||
|
}
|
||
|
|
||
|
server {
|
||
|
listen 443 ssl;
|
||
|
server_name gnusocial.example;
|
||
|
|
||
|
# Security
|
||
|
ssl on;
|
||
|
ssl_certificate /etc/ssl/certs/gnusocial.example.pem;
|
||
|
ssl_certificate_key /etc/ssl/private/gnusocial.example.key;
|
||
|
ssl_dhparam /etc/ssl/certs/gnusocial.example.dhparam;
|
||
|
|
||
|
ssl_session_timeout 60m;
|
||
|
ssl_prefer_server_ciphers on;
|
||
|
ssl_session_cache builtin:1000 shared:SSL:10m;
|
||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
|
||
|
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA';
|
||
|
add_header X-Frame-Options DENY;
|
||
|
add_header X-Content-Type-Options nosniff;
|
||
|
add_header Strict-Transport-Security max-age=15768000;
|
||
|
|
||
|
# Logs
|
||
|
access_log off;
|
||
|
error_log off;
|
||
|
|
||
|
# Root
|
||
|
root /etc/share/gnusocial;
|
||
|
|
||
|
# Index
|
||
|
index index.php;
|
||
|
|
||
|
# PHP
|
||
|
location ~ \.php {
|
||
|
include snippets/fastcgi-php.conf;
|
||
|
fastcgi_pass unix:/var/run/php5-fpm.sock;
|
||
|
}
|
||
|
|
||
|
# Location
|
||
|
location / {
|
||
|
try_files $uri $uri/ @gnusocial;
|
||
|
}
|
||
|
|
||
|
# Fancy URLs
|
||
|
location @gnusocial {
|
||
|
rewrite ^(.*)$ /index.php?p=$1 last;
|
||
|
}
|
||
|
|
||
|
# Restrict access that is unnecessary anyway
|
||
|
location ~ /\.(ht|git) {
|
||
|
deny all;
|
||
|
}
|
||
|
|
||
|
client_max_body_size 15m;
|
||
|
}
|
||
|
|
||
|
|
||
|
server {
|
||
|
listen 127.0.0.1:8087 default_server;
|
||
|
server_name gnusocial.example;
|
||
|
|
||
|
# Logs
|
||
|
access_log off;
|
||
|
error_log off;
|
||
|
|
||
|
# Root
|
||
|
root /etc/share/gnusocial;
|
||
|
|
||
|
# Index
|
||
|
index index.php;
|
||
|
|
||
|
# PHP
|
||
|
location ~ \.php {
|
||
|
include snippets/fastcgi-php.conf;
|
||
|
fastcgi_pass unix:/var/run/php5-fpm.sock;
|
||
|
}
|
||
|
|
||
|
# Location
|
||
|
location / {
|
||
|
try_files $uri $uri/ @gnusocial;
|
||
|
}
|
||
|
|
||
|
# Fancy URLs
|
||
|
location @gnusocial {
|
||
|
rewrite ^(.*)$ /index.php?p=$1 last;
|
||
|
}
|
||
|
|
||
|
# Restrict access that is unnecessary anyway
|
||
|
location ~ /\.(ht|git) {
|
||
|
deny all;
|
||
|
}
|
||
|
|
||
|
client_max_body_size 15m;
|
||
|
}
|