[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: berlin: Host guix.info.
|
From: |
Ricardo Wurmus |
|
Subject: |
01/01: berlin: Host guix.info. |
|
Date: |
Thu, 21 Jun 2018 11:10:32 -0400 (EDT) |
rekado pushed a commit to branch master
in repository maintenance.
commit 22e8c739322b5c7a280a4ab3b49111a403fd8c5a
Author: Ricardo Wurmus <address@hidden>
Date: Thu Jun 21 17:09:38 2018 +0200
berlin: Host guix.info.
* hydra/nginx/berlin.conf: Add server sections for guix.info.
---
hydra/nginx/berlin.conf | 41 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 41 insertions(+)
diff --git a/hydra/nginx/berlin.conf b/hydra/nginx/berlin.conf
index 3799bb2..952e5dc 100644
--- a/hydra/nginx/berlin.conf
+++ b/hydra/nginx/berlin.conf
@@ -109,6 +109,17 @@ http {
}
}
+ server {
+ listen 80;
+ server_name guix.info www.guix.info;
+ root /home/rekado/guix.info;
+ index index.html;
+ access_log /var/log/nginx/guix-info.access.log;
+ location = / {
+ root /home/rekado/guix.info;
+ }
+ }
+
# HTTPS server.
server {
listen 443 ssl;
@@ -169,4 +180,34 @@ http {
root /home/rekado/bootstrappable.org;
}
}
+ server {
+ listen 443 ssl;
+ server_name guix.info www.guix.info;
+
+ ssl_certificate /etc/letsencrypt/live/guix.info/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/guix.info/privkey.pem;
+
+ # Make sure SSL is disabled.
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+
+ # Disable weak cipher suites.
+ ssl_ciphers HIGH:!aNULL:!MD5;
+ ssl_prefer_server_ciphers on;
+
+ # Use our own DH parameters created with:
+ # openssl dhparam -out dhparams.pem 2048
+ # as suggested at <https://weakdh.org/sysadmin.html>.
+ ssl_dhparam /etc/dhparams.pem;
+
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ root /home/rekado/guix.info;
+ index index.html;
+ access_log /var/log/nginx/guix-info.https.access.log;
+ location = / {
+ root /home/rekado/guix.info;
+ }
+ }
}