msfjarvis
/
server-config
mirror of https://github.com/msfjarvis/server-config.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Revert "nginx: update SSL cert paths for AOP" 

This reverts commit 51e756b956.
This commit is contained in:
Harsh Shandilya 2021-07-29 14:30:57 +05:30
parent dc322445fe
commit 9cb68e810e
No known key found for this signature in database
GPG Key ID: 366D7BBAD1031E80
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
nginx/dl.msfjarvis.dev
View File

@ -18,10 +18,9 @@ server {
root /var/www/dl.msfjarvis.dev;
index index.html index.php /_h5ai/public/index.php;
ssl_certificate /etc/ssl/certs/cert.pem;
ssl_certificate_key /etc/ssl/private/key.pem;
ssl_client_certificate /etc/ssl/certs/cloudflare.crt;
ssl_verify_client on;
ssl_certificate /etc/letsencrypt/live/msfjarvis.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/msfjarvis.dev/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
@ -36,6 +35,17 @@ server {
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# Authenticated origin pulls
# ssl_client_certificate /etc/nginx/certs/cloudflare.crt;
# ssl_verify_client on;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
# ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;