Add Reports conf, maj www conf
This commit is contained in:
parent
13cba9c8ae
commit
c298b77649
61
docker/conf/applications/reports.c2a-systeme.fr.conf
Normal file
61
docker/conf/applications/reports.c2a-systeme.fr.conf
Normal file
@ -0,0 +1,61 @@
|
||||
# http://nginx.org/en/docs/http/websocket.html
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
# http server
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name reports.c2a-systeme.fr;
|
||||
|
||||
location / {
|
||||
# redirect everything to HTTPS
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
# https server
|
||||
server {
|
||||
server_name reports.c2a-systeme.fr;
|
||||
listen 443 http2;
|
||||
listen [::]:443 http2;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/reports.c2a-systeme.fr/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/reports.c2a-systeme.fr/privkey.pem;
|
||||
ssl_session_timeout 10m;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
|
||||
# Enable server-side protection against BEAST attacks
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don't use SSLv3 ref: POODLE
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
|
||||
|
||||
# RFC-7919 recommended: https://wiki.mozilla.org/Security/Server_Side_TLS#ffdhe4096
|
||||
ssl_dhparam /etc/ssl/ffdhe4096.pem;
|
||||
ssl_ecdh_curve secp521r1:secp384r1;
|
||||
|
||||
# Enable OCSP stapling
|
||||
# ref. http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/reports.c2a-systeme.fr/fullchain.pem;
|
||||
resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; # Cloudflare
|
||||
resolver_timeout 5s;
|
||||
|
||||
root /var/www/html/c2a-web-app;
|
||||
index index.html;
|
||||
|
||||
# Required for LE certificate enrollment using certbot
|
||||
location '/.well-known/acme-challenge' {
|
||||
default_type "text/plain";
|
||||
root /var/www/html;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.html =404;
|
||||
}
|
||||
}
|
@ -1,5 +1,4 @@
|
||||
# http://nginx.org/en/docs/http/websocket.html
|
||||
# http://nginx.org/en/docs/http/websocket.html
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
@ -25,8 +24,8 @@ server {
|
||||
listen [::]:443 http2;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/portainer.c2a-systeme.fr/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/portainer.c2a-systeme.fr/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/www.c2a-systeme.fr/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/www.c2a-systeme.fr/privkey.pem;
|
||||
ssl_session_timeout 10m;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
|
||||
|
@ -6,6 +6,7 @@ certbot certonly --manual --preferred-challenges=dns --email mathieu.sanchez@out
|
||||
certbot certonly --manual --preferred-challenges=dns --email mathieu.sanchez@outlook.fr -i nginx -d api.c2a-systeme.fr
|
||||
certbot certonly --manual --preferred-challenges=dns --email mathieu.sanchez@outlook.fr -i nginx -d gitlab.c2a-systeme.fr
|
||||
certbot certonly --manual --preferred-challenges=dns --email mathieu.sanchez@outlook.fr -i nginx -d dev.api.c2a-systeme.fr
|
||||
certbot certonly --manual --preferred-challenges=dns --email mathieu.sanchez@outlook.fr -i nginx -d reports.c2a-systeme.fr
|
||||
certbot certonly --manual --preferred-challenges=dns --email mathieu.sanchez@outlook.fr -i nginx -d jenkins.c2a-systeme.fr
|
||||
certbot certonly --manual --preferred-challenges=dns --email mathieu.sanchez@outlook.fr -i nginx -d portainer.c2a-systeme.fr
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user