C2A-Installation-Server/docker/conf/applications/c2a-systeme.fr.conf

63 lines
1.9 KiB
Plaintext

# http://nginx.org/en/docs/http/websocket.html
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# http server
server {
listen 80;
listen [::]:80;
server_name c2a-systeme.fr;
location / {
# redirect everything to WWW
return 301 https://www.c2a-systeme.fr/$request_uri;
}
}
# https server
server {
server_name www.c2a-systeme.fr;
listen 443 http2;
listen [::]:443 http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.c2a-systeme.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.c2a-systeme.fr/privkey.pem;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:50m;
# Enable server-side protection against BEAST attacks
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don't use SSLv3 ref: POODLE
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
# RFC-7919 recommended: https://wiki.mozilla.org/Security/Server_Side_TLS#ffdhe4096
ssl_dhparam /etc/ssl/ffdhe4096.pem;
ssl_ecdh_curve secp521r1:secp384r1;
# Enable OCSP stapling
# ref. http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/www.c2a-systeme.fr/fullchain.pem;
resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; # Cloudflare
resolver_timeout 5s;
root /var/www/html/c2a-web-platform;
index index.html;
# Required for LE certificate enrollment using certbot
location '/.well-known/acme-challenge' {
default_type "text/plain";
root /var/www/html;
}
location / {
# redirect everything to WWW
return 301 https://www.c2a-systeme.fr/$request_uri;
}
}