bofh/nginx_sites
9
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Unify configs, enhance SSL security

Browse Source
This commit is contained in:
root
2018-03-25 20:23:08 +02:00
parent 83354160ea
commit 69047a611c
18 changed files with 446 additions and 373 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
fet.at/mail.conf
View File

@@ -1,11 +1,11 @@
# -*-nginx-*-
server {
listen 80;
server {
listen 80;
server_name www.mail.fet.at mail.fet.at fet.htu.tuwien.ac.at;
root /srv/pxy/mail.fet.at;
location /.well-known {
allow all;
root /srv/pxy/mail.fet.at;
allow all;
}
location / {
return 301 https://$host$request_uri;
@@ -13,31 +13,23 @@ server {
}
server {
listen 443 ssl;
listen 443 ssl http2;
server_name www.mail.fet.at mail.fet.at fet.htu.tuwien.ac.at;
# server_name fet.at www.fet.at 128.131.95.208;
ssl_certificate /etc/letsencrypt/live/www.mail.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.mail.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.mail.fet.at/chain.pem;
# ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem;
include snippets/ssl.conf;
# include snippets/ldap.conf;
# auth_ldap "FET Login";
# auth_ldap_servers fet;
root /srv/pxy/mail.fet.at;
# root /srv/welcome;
location / {
proxy_bind $host:443;
proxy_pass http://192.168.95.11:80;
# proxy_redirect https://$host:8000/ https://$host:443/;
# proxy_redirect https://mail.fet.at:8000/ https://mail.fet.at:443/;
# proxy_redirect https://$host:8000/ https://$host:443/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X_FORWARDED_SSL on;
proxy_set_header HTTP_X_FORWARDED_SSL on;
proxy_set_header X-Forwarded-For $remote_addr;
include snippets/proxy_header.conf;
# index index.html;
}
location /http {
@@ -47,10 +39,6 @@ server {
alias /srv/www/mail/static;
}
location = / {
return 302 https://mail.fet.at/mail/;
return 302 https://mail.fet.at/http/;
}
location /.well-known {
allow all;
}
}