nginx.conf.tmpl (3408B)
1 server { 2 listen {{ env "NOMAD_PORT_proxy" }} ssl; 3 listen [::]:{{ env "NOMAD_PORT_proxy" }} ssl; 4 5 ssl_certificate /snikket/letsencrypt/live/chat.in0rdr.ch-0001/fullchain.pem; 6 ssl_certificate_key /snikket/letsencrypt/live/chat.in0rdr.ch-0001/privkey.pem; 7 8 ssl_session_cache shared:le_nginx_SSL:1m; 9 ssl_session_timeout 1440m; 10 ssl_prefer_server_ciphers off; 11 12 ssl_stapling on; 13 ssl_stapling_verify on; 14 ssl_trusted_certificate /snikket/letsencrypt/live/chat.in0rdr.ch-0001/fullchain.pem; 15 16 add_header Strict-Transport-Security "max-age=63072000" always; 17 18 server_name chat.in0rdr.ch; 19 20 include "/etc/nginx/snippets/snikket-common.conf"; 21 } 22 23 server { 24 listen {{ env "NOMAD_PORT_proxy" }} ssl; 25 listen [::]:{{ env "NOMAD_PORT_proxy" }} ssl; 26 27 ssl_certificate /snikket/letsencrypt/live/chat.in0rdr.ch-0001/fullchain.pem; 28 ssl_certificate_key /snikket/letsencrypt/live/chat.in0rdr.ch-0001/privkey.pem; 29 30 ssl_session_cache shared:le_nginx_SSL:1m; 31 ssl_session_timeout 1440m; 32 ssl_prefer_server_ciphers off; 33 34 ssl_stapling on; 35 ssl_stapling_verify on; 36 ssl_trusted_certificate /snikket/letsencrypt/live/chat.in0rdr.ch-0001/fullchain.pem; 37 38 add_header Strict-Transport-Security "max-age=63072000" always; 39 40 server_name share.chat.in0rdr.ch; 41 42 root /var/www/html; 43 44 location / { 45 return 301 https://chat.in0rdr.ch/; 46 } 47 48 location /upload/ { 49 client_max_body_size 104857616; # 100MB + 16 bytes (see Prosody config) 50 proxy_request_buffering off; 51 proxy_http_version 1.1; 52 proxy_pass http://{{ env "NOMAD_ADDR_prosody" }}; 53 proxy_set_header Host $host; 54 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 55 proxy_set_header X-Forwarded-Proto https; 56 } 57 } 58 59 server { 60 listen {{ env "NOMAD_PORT_proxy" }} ssl; 61 listen [::]:{{ env "NOMAD_PORT_proxy" }} ssl; 62 63 ssl_certificate /snikket/letsencrypt/live/chat.in0rdr.ch-0001/fullchain.pem; 64 ssl_certificate_key /snikket/letsencrypt/live/chat.in0rdr.ch-0001/privkey.pem; 65 66 ssl_session_cache shared:le_nginx_SSL:1m; 67 ssl_session_timeout 1440m; 68 ssl_prefer_server_ciphers off; 69 70 ssl_stapling on; 71 ssl_stapling_verify on; 72 ssl_trusted_certificate /snikket/letsencrypt/live/chat.in0rdr.ch-0001/fullchain.pem; 73 74 add_header Strict-Transport-Security "max-age=63072000" always; 75 76 server_name groups.chat.in0rdr.ch; 77 78 root /var/www/html; 79 80 location / { 81 return 301 https://chat.in0rdr.ch/; 82 } 83 } 84 85 # Fail requests to unknown domains 86 server { 87 listen {{ env "NOMAD_PORT_proxy" }} ssl default_server; 88 listen [::]:{{ env "NOMAD_PORT_proxy" }} ssl default_server; 89 90 ssl_certificate /snikket/letsencrypt/live/chat.in0rdr.ch-0001/fullchain.pem; 91 ssl_certificate_key /snikket/letsencrypt/live/chat.in0rdr.ch-0001/privkey.pem; 92 93 ssl_session_cache shared:le_nginx_SSL:1m; 94 ssl_session_timeout 1440m; 95 ssl_prefer_server_ciphers off; 96 97 ssl_stapling on; 98 ssl_stapling_verify on; 99 ssl_trusted_certificate /snikket/letsencrypt/live/chat.in0rdr.ch-0001/fullchain.pem; 100 101 add_header Strict-Transport-Security "max-age=63072000" always; 102 103 error_page 404 /_errors/404_site.html; 104 105 location = /_errors/404_site.html { 106 root /var/www/html; 107 internal; 108 } 109 110 location / { 111 try_files none =404; 112 } 113 }