Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
LQDN Adminsys
piops-roles
hedgedocs-pad-lqdn
Commits
d24d972d
Commit
d24d972d
authored
Jan 19, 2021
by
nono
💻
Browse files
Updated Nginx config
parent
17cc88a7
Changes
1
Hide whitespace changes
Inline
Side-by-side
files/etc/nginx/hedgedocs-nginx.conf.j2
View file @
d24d972d
...
...
@@ -3,7 +3,7 @@ map $http_upgrade $connection_upgrade {
'' close;
}
server {
server_name {{hedgedoc
-
domain}};
server_name {{
service_
hedgedoc
s_
domain
}};
location / {
proxy_pass http://127.0.0.1:3000;
...
...
@@ -25,8 +25,35 @@ server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
ssl_certificate {{hedgedocs-ssl-fullchain}};
ssl_certificate_key {{hedgedocs-ssl-privkey}};
ssl_certificate /etc/letsencrypt/live/{{ service_hedgedocs_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ service_hedgedocs_domain }}/fullchain.pem;
include options-ssl-nginx.conf;
ssl_dhparam {{ hedgedocs-ssl-dhparams}};
# Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Enable server-side protection against BEAST attacks
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
# RFC-7919 recommended: https://wiki.mozilla.org/Security/Server_Side_TLS#ffdhe4096
ssl_dhparam /etc/ssl/ffdhe4096.pem;
ssl_ecdh_curve secp521r1:secp384r1;
# Aditional Security Headers
# ref: https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
# ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
add_header X-Frame-Options DENY always;
# ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
add_header X-Content-Type-Options nosniff always;
# ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
add_header X-Xss-Protection "1; mode=block" always;
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment