diff options
Diffstat (limited to 'nginx')
-rw-r--r-- | nginx/conf.d/cgit.conf | 23 | ||||
-rw-r--r-- | nginx/nginx.conf | 65 |
2 files changed, 88 insertions, 0 deletions
diff --git a/nginx/conf.d/cgit.conf b/nginx/conf.d/cgit.conf new file mode 100644 index 0000000..651a0eb --- /dev/null +++ b/nginx/conf.d/cgit.conf @@ -0,0 +1,23 @@ +server { + listen 80; + server_name git.dybiec.info; + return 301 https://$server_name$request_uri; +} + +server { + listen 443 ssl http2; + server_name git.dybiec.info; + location ~* ^.+(cgit.(css|png)|favicon.ico|robots.txt) { + root /usr/share/cgit/; + } + location / { + try_files $uri @cgit; + } + location @cgit { + gzip off; + include uwsgi_params; + uwsgi_modifier1 9; + uwsgi_pass unix:/run/uwsgi/cgit.sock; + } + + } diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 0000000..0857b7e --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,65 @@ +user www-data; +worker_processes 4; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '[$time_local] $remote_addr - $remote_user "$request" ' + '$status "$http_referer" ' + '"$http_user_agent" "$server_name"'; + + access_log /var/log/nginx/access.log main; + ssl_certificate /root/dybiec.info/fullchain.pem; + ssl_certificate_key /root/dybiec.info/privkey.pem; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + ssl_session_cache shared:SSL:40m; + ssl_session_timeout 1h; + + ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256; + + + sendfile on; + tcp_nopush on; + + etag on; + + keepalive_timeout 65; + + gzip on; + gzip_proxied any; + gzip_types + text/css + text/javascript + text/xml + text/plain + application/javascript + application/x-javascript + application/json; + + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + + server { + listen 80; + allow 127.0.0.1; + allow 172.0.0.0/8; + deny all; + } + include /etc/nginx/conf.d/*.conf; + + error_page 500 501 502 503 504 /50x.html; + +} + |