mirror of
https://github.com/mediacms-io/mediacms.git
synced 2024-11-22 16:23:35 +01:00
950adcdd9d
* Webserver security * Create vHost dirs during install; link vHost to sites-enabled * Remove default vHosts during install * Only generate new DH params when also using real certificates * Removed duplicate ssl_ecdh_curve
85 lines
2.8 KiB
Io
85 lines
2.8 KiB
Io
server {
|
|
listen 80 ;
|
|
server_name localhost;
|
|
|
|
gzip on;
|
|
access_log /var/log/nginx/mediacms.io.access.log;
|
|
|
|
error_log /var/log/nginx/mediacms.io.error.log warn;
|
|
|
|
# # redirect to https if logged in
|
|
# if ($http_cookie ~* "sessionid") {
|
|
# rewrite ^/(.*)$ https://localhost/$1 permanent;
|
|
# }
|
|
|
|
# # redirect basic forms to https
|
|
# location ~ (login|login_form|register|mail_password_form)$ {
|
|
# rewrite ^/(.*)$ https://localhost/$1 permanent;
|
|
# }
|
|
|
|
location /static {
|
|
alias /home/mediacms.io/mediacms/static ;
|
|
}
|
|
|
|
location /media/original {
|
|
alias /home/mediacms.io/mediacms/media_files/original;
|
|
}
|
|
|
|
location /media {
|
|
alias /home/mediacms.io/mediacms/media_files ;
|
|
}
|
|
|
|
location / {
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
|
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
|
|
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
|
|
|
|
include /etc/nginx/sites-enabled/uwsgi_params;
|
|
uwsgi_pass 127.0.0.1:9000;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
server_name localhost;
|
|
|
|
ssl_certificate_key /etc/letsencrypt/live/localhost/privkey.pem;
|
|
ssl_certificate /etc/letsencrypt/live/localhost/fullchain.pem;
|
|
ssl_dhparam /etc/nginx/dhparams/dhparams.pem;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
|
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
|
ssl_ecdh_curve secp521r1:secp384r1;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
gzip on;
|
|
access_log /var/log/nginx/mediacms.io.access.log;
|
|
|
|
error_log /var/log/nginx/mediacms.io.error.log warn;
|
|
|
|
location /static {
|
|
alias /home/mediacms.io/mediacms/static ;
|
|
}
|
|
|
|
location /media/original {
|
|
alias /home/mediacms.io/mediacms/media_files/original;
|
|
#auth_basic "auth protected area";
|
|
#auth_basic_user_file /home/mediacms.io/mediacms/deploy/local_install/.htpasswd;
|
|
}
|
|
|
|
location /media {
|
|
alias /home/mediacms.io/mediacms/media_files ;
|
|
}
|
|
|
|
location / {
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
|
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
|
|
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
|
|
|
|
include /etc/nginx/sites-enabled/uwsgi_params;
|
|
uwsgi_pass 127.0.0.1:9000;
|
|
}
|
|
}
|