-
Notifications
You must be signed in to change notification settings - Fork 9
/
represent
46 lines (36 loc) · 2.03 KB
/
represent
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# /etc/nginx/sites-available/represent
upstream representbackend {
server 127.0.0.1:59000;
}
# @see https://wiki.mozilla.org/Security/Server_Side_TLS
server {
listen 80;
listen 443 ssl;
server_name represent.opennorth.ca represent-alpheus.opennorth.ca;
ssl_certificate /home/represent/ssl/represent.opennorth.ca.chained.crt;
ssl_certificate_key /home/represent/ssl/represent.opennorth.ca.key;
# Many Java 1.4, 1.5 and 6 clients in 2014.
# @see https://wiki.mozilla.org/Security/Server_Side_TLS#DHE_and_Java
ssl_dhparam /home/represent/ssl/dhparam1024.pem;
# No Windows XP Internet Explorer 6 users in 2014.
# @see http://nginx.com/blog/nginx-poodle-ssl/
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Only 3 Windows XP Internet Explorer 7 requests in 2014.
# @see https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_prefer_server_ciphers on;
access_log /home/represent/logs/nginx_access.log;
error_log /home/represent/logs/nginx_error.log;
location / {
include /etc/nginx/proxy_params;
proxy_pass http://representbackend;
}
location /static/ {
alias /home/represent/app/static/;
gzip on;
gzip_types application/javascript application/x-javascript text/css;
}
location /.well-known/ {
alias /home/letsencrypt/.well-known/;
}
}