[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/02: hydra: berlin: Host issues.guix.info.
From: |
Ricardo Wurmus |
Subject: |
01/02: hydra: berlin: Host issues.guix.info. |
Date: |
Sat, 8 Sep 2018 15:22:22 -0400 (EDT) |
rekado pushed a commit to branch master
in repository maintenance.
commit ca2848655d5eeb6362e55487916e1dffd2cebf83
Author: Ricardo Wurmus <address@hidden>
Date: Sat Sep 8 21:16:40 2018 +0200
hydra: berlin: Host issues.guix.info.
* hydra/nginx/berlin.conf: Add server sections for issues.guix.info on
port 80 and 443.
---
hydra/nginx/berlin.conf | 41 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 41 insertions(+)
diff --git a/hydra/nginx/berlin.conf b/hydra/nginx/berlin.conf
index 952e5dc..6f60960 100644
--- a/hydra/nginx/berlin.conf
+++ b/hydra/nginx/berlin.conf
@@ -120,6 +120,17 @@ http {
}
}
+ server {
+ listen 80;
+ server_name issues.guix.info;
+ root /home/rekado/mumi/;
+ index index.html;
+ access_log /var/log/nginx/issues-guix-info.access.log;
+ location / {
+ proxy_pass http://localhost:1234;
+ }
+ }
+
# HTTPS server.
server {
listen 443 ssl;
@@ -210,4 +221,34 @@ http {
root /home/rekado/guix.info;
}
}
+ server {
+ listen 443 ssl;
+ server_name issues.guix.info;
+
+ ssl_certificate
/etc/letsencrypt/live/issues.guix.info/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/issues.guix.info/privkey.pem;
+
+ # Make sure SSL is disabled.
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+
+ # Disable weak cipher suites.
+ ssl_ciphers HIGH:!aNULL:!MD5;
+ ssl_prefer_server_ciphers on;
+
+ # Use our own DH parameters created with:
+ # openssl dhparam -out dhparams.pem 2048
+ # as suggested at <https://weakdh.org/sysadmin.html>.
+ ssl_dhparam /etc/dhparams.pem;
+
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ root /home/rekado/mumi/;
+ index index.html;
+ access_log /var/log/nginx/issues-guix-info.https.access.log;
+ location / {
+ proxy_pass http://localhost:1234;
+ }
+ }
}