author | Luke Hoersten <luke@hoersten.org> |
Mon, 12 Feb 2024 17:29:16 -0600 | |
changeset 232 | a447e60bd3e9 |
parent 202 | 252069788104 |
permissions | -rw-r--r-- |
130 | 1 |
server { |
2 |
listen 80; |
|
3 |
listen [::]:80; |
|
4 |
server_name {{nginx_server_name}}; |
|
5 |
return 301 https://$host$request_uri; |
|
6 |
} |
|
7 |
||
8 |
server { |
|
9 |
listen 443 ssl http2; |
|
10 |
# listen [::]:443 ssl ipv6only=on; |
|
11 |
server_name {{nginx_server_name}}; |
|
12 |
||
13 |
ssl_certificate {{nginx_ssl_cert}}; |
|
14 |
ssl_certificate_key {{nginx_ssl_privkey}}; |
|
15 |
include /etc/letsencrypt/options-ssl-nginx.conf; |
|
16 |
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; |
|
17 |
||
18 |
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1; |
|
19 |
ssl_stapling on; |
|
20 |
ssl_stapling_verify on; |
|
21 |
||
22 |
location / { |
|
202
252069788104
Backed out changeset 10051617d075
Luke Hoersten <luke@hoersten.org>
parents:
200
diff
changeset
|
23 |
proxy_pass {{nginx_proxy_pass}}; |
130 | 24 |
proxy_redirect off; |
25 |
proxy_set_header Host $host; |
|
26 |
proxy_set_header X-Real-IP $remote_addr; |
|
27 |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
28 |
proxy_set_header X-Forwarded-Proto $scheme; |
|
29 |
} |
|
30 |
} |