working
This commit is contained in:
=
parent
d83f14f47b
commit
3e7007bbb9
@ -1,4 +1,4 @@
|
||||
FROM nginxinc/nginx-unprivileged:stable-alpine
|
||||
COPY --chown=nginx:nginx content /usr/share/nginx/html
|
||||
COPY --chown=nginx:nginx nginx.conf /etc/nginx/nginx.conf
|
||||
COPY --chown=nginx:nginx default.conf /etc/nginx/conf.d/default.conf
|
||||
USER nginx
|
||||
@ -1,50 +1,88 @@
|
||||
http2 on;
|
||||
ssl_certificate /usr/share/nginx/ssl/tls.crt;
|
||||
ssl_certificate_key /usr/share/nginx/ssl/tls.key;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 10m;
|
||||
|
||||
server {
|
||||
listen 8080 default_server;
|
||||
server_name _;
|
||||
listen 8080;
|
||||
server_name balsillie.net balsillie.email openpgpkey.balsillie.net openpgpkey.balsillie.email;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 8443 ssl:
|
||||
server_name balsillie.net;
|
||||
http2 on;
|
||||
listen 8080 default_server;
|
||||
return 444;
|
||||
}
|
||||
|
||||
#access_log /var/log/nginx/host.access.log main;
|
||||
server {
|
||||
listen 8443 ssl;
|
||||
server_name balsillie.net;
|
||||
|
||||
location = /michael.vcf {
|
||||
default_type application/octet-stream;
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
|
||||
location = /.well-known/mta-sts.txt {
|
||||
default_type application/octet-stream;
|
||||
root /usr/share/nginx/html/mta-sts/balsillie_net;
|
||||
}
|
||||
|
||||
location /.well-known/host-meta {
|
||||
return 301 https://social.balsillie.net$request_uri;
|
||||
}
|
||||
|
||||
location /.well-known/webfinger {
|
||||
return 301 https://social.balsillie.net$request_uri;
|
||||
}
|
||||
|
||||
location /.well-known/nodeinfo {
|
||||
return 301 https://social.balsillie.net$request_uri;
|
||||
}
|
||||
|
||||
location /.well-known/matrix/ {
|
||||
default_type application/json;
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
|
||||
location / {
|
||||
root /usr/share/nginx/html;
|
||||
index index.html index.htm;
|
||||
return 444;
|
||||
}
|
||||
|
||||
#error_page 404 /404.html;
|
||||
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
|
||||
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
|
||||
#
|
||||
#location ~ \.php$ {
|
||||
# proxy_pass http://127.0.0.1;
|
||||
#}
|
||||
|
||||
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||
#
|
||||
#location ~ \.php$ {
|
||||
# root html;
|
||||
# fastcgi_pass 127.0.0.1:9000;
|
||||
# fastcgi_index index.php;
|
||||
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
|
||||
# include fastcgi_params;
|
||||
#}
|
||||
|
||||
# deny access to .htaccess files, if Apache's document root
|
||||
# concurs with nginx's one
|
||||
#
|
||||
#location ~ /\.ht {
|
||||
# deny all;
|
||||
#}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 8443 ssl;
|
||||
server_name balsillie.email;
|
||||
|
||||
location = /.well-known/mta-sts.txt {
|
||||
default_type application/octet-stream;
|
||||
root /usr/share/nginx/html/mta-sts/balsillie_email;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 444;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 8443 ssl;
|
||||
server_name openpgpkey.balsillie.net openpgpkey.balsillie.email;
|
||||
|
||||
location /.well-known/openpgpkey {
|
||||
default_type application/octet-stream;
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 444;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 8443 ssl default_server;
|
||||
ssl_reject_handshake on;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user