You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
60 lines
1.6 KiB
60 lines
1.6 KiB
server {
|
|
# Bindings
|
|
listen 443 default_server ssl http2;
|
|
server_name {{ nginx_domain_name }};
|
|
root /var/www/html;
|
|
index index.php index.html index.htm;
|
|
|
|
# Certificate information
|
|
ssl_certificate /etc/letsencrypt/live/{{ nginx_domain_name }}/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/{{ nginx_domain_name }}/privkey.pem;
|
|
|
|
# Limit ciphers to PCI DSS compliant ciphers.
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_protocols TLSv1.2;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_dhparam /etc/nginx/dhparams.pem;
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_timeout 10m;
|
|
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
gzip on;
|
|
gzip_http_version 1.0;
|
|
gzip_comp_level 2;
|
|
gzip_min_length 1100;
|
|
gzip_buffers 4 8k;
|
|
gzip_proxied any;
|
|
gzip_types
|
|
# text/html is always compressed by HttpGzipModule
|
|
text/css
|
|
text/javascript
|
|
text/xml
|
|
text/plain
|
|
text/x-component
|
|
application/javascript
|
|
application/json
|
|
application/xml
|
|
application/rss+xml
|
|
font/truetype
|
|
font/opentype
|
|
application/vnd.ms-fontobject
|
|
image/svg+xml;
|
|
|
|
gzip_static on;
|
|
|
|
gzip_proxied expired no-cache no-store private auth;
|
|
gzip_vary on;
|
|
|
|
location / {
|
|
proxy_pass http://127.0.0.1:{{ gitea_http_port }};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
|
|
}
|