Unify configs, enhance SSL security
This commit is contained in:
root
@@ -1,12 +1,11 @@
|
||||
# -*-nginx-*-
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server {
|
||||
listen 80;
|
||||
server_name intern.triton.fet.at www.intern.triton.fet.at;
|
||||
|
||||
location /.well-known {
|
||||
root /srv/welcome;
|
||||
allow all;
|
||||
root /srv/welcome;
|
||||
allow all;
|
||||
}
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
@@ -14,26 +13,32 @@ server {
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
#listen 8081;
|
||||
listen 443 ssl http2;
|
||||
server_name intern.triton.fet.at www.intern.triton.fet.at;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
|
||||
satisfy any;
|
||||
auth_ldap "FET Login";
|
||||
auth_ldap_servers fet;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
include snippets/ldap.conf;
|
||||
auth_basic "Alternative Login";
|
||||
auth_basic_user_file /srv/auth/.basic_user;
|
||||
satisfy any;
|
||||
|
||||
location / {
|
||||
include uwsgi_params;
|
||||
uwsgi_pass unix:/srv/run/intern.sock;
|
||||
}
|
||||
location = /intern/ {
|
||||
return 301 https://$host/intern/inde1x.html;
|
||||
}
|
||||
location /intern {
|
||||
rewrite ^/intern(.*)$ $1 break;
|
||||
include uwsgi_params;
|
||||
uwsgi_pass unix:/srv/run/intern.sock;
|
||||
}
|
||||
location = / {
|
||||
return 301 https://$host/index;
|
||||
}
|
||||
location /.well-known {
|
||||
root /srv/welcome;
|
||||
allow all;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user