#86 SSL Stapling + HTTP/2
This commit is contained in:
croax
parent
32e65bc0f9
commit
e9fa00522b
2 changed files with 28 additions and 25 deletions
|
|
@ -1,40 +1,40 @@
|
|||
# Configuration autoconfig.a-lec.org
|
||||
|
||||
server {
|
||||
server_name autoconfig.a-lec.org;
|
||||
|
||||
listen 444 ssl http2 proxy_protocol;
|
||||
listen [::]:443 ssl http2;
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
set_real_ip_from 192.169.0.1;
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
ssi on;
|
||||
ssi_last_modified on;
|
||||
|
||||
listen 444 ssl proxy_protocol;
|
||||
listen [::]:443 ssl;
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
# Important : PAS de HSTS ni redirection HTTPS
|
||||
# IMPORTANT : PAS de redirection vers HTTPS
|
||||
# Thunderbird fait une requête en clair (HTTP)
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/mail.a-lec.org/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/mail.a-lec.org/privkey.pem; # managed by Certbot
|
||||
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
# Add index.php to the list if you are using PHP
|
||||
root /var/www/html/autoconfig;
|
||||
server_name autoconfig.a-lec.org;
|
||||
|
||||
# On indique HSTS si ca pouvait pousser quelques êtres à utiliser HTTPS...
|
||||
# car on sert du HTTPS aussi
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
|
||||
# Section dédiée mail, si un jour on souhaite délocaliser de cette VM
|
||||
# le sous-domaine autoconfig et garder uniquement /mail
|
||||
# Section dédiée mail, si un jour on souhaite partager autoconfig avec
|
||||
# d'autres VM et garder uniquement le path /mail
|
||||
location /mail/ {
|
||||
alias /var/www/html/autoconfig/mail/;
|
||||
|
||||
location ~* ^/mail/config-v1\.1\.xml(\?.*)$ {
|
||||
try_files /var/www/html/autoconfig/mail/config-v1.1.xml =404;
|
||||
}
|
||||
# location ~* ^/mail/([a-zA-Z\-\.]+\.xml)(\?.*)?$ {
|
||||
# try_files /var/www/html/autoconfig/mail/\1 =404;
|
||||
# }
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,9 @@
|
|||
server {
|
||||
server_name mail.a-lec.org;
|
||||
|
||||
listen 444 ssl proxy_protocol;
|
||||
listen [::]:443 ssl;
|
||||
listen 444 ssl http2 proxy_protocol;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
set_real_ip_from 192.168.0.1;
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
|
|
@ -10,12 +11,13 @@ server {
|
|||
ssl_certificate_key /etc/letsencrypt/live/mail.a-lec.org/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
|
||||
client_max_body_size 100M;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
root /var/www/html/roundcube;
|
||||
|
||||
client_max_body_size 100M;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
|
||||
index index.html index.htm index.php;
|
||||
|
|
@ -24,7 +26,7 @@ server {
|
|||
try_files $uri $uri/ /index.php?q=$uri&$args;
|
||||
}
|
||||
|
||||
# pass PHP scripts to FastCGI server
|
||||
# pass PHP scripts to FastCGI server
|
||||
location ~ \.php$ {
|
||||
include snippets/fastcgi-php.conf;
|
||||
# # With php-fpm (or other unix sockets):
|
||||
|
|
@ -43,11 +45,12 @@ server {
|
|||
server {
|
||||
server_name mail.a-lec.org;
|
||||
|
||||
listen 80 proxy_protocol;
|
||||
listen 80 ;
|
||||
listen [::]:80;
|
||||
|
||||
set_real_ip_from 192.168.0.1;
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
root /var/www/html/roundcube;
|
||||
|
||||
return 302 https://mail.a-lec.org$request_uri;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue