Skip to content

sysadmin / acme-ssl

Go to a project
Commit 52eb97d6 by Никита Миропольский
Options

упростил конфиг для очевидности

1 parent 1a7a1d84
Pipeline #1993 for 52eb97d6 skipped in 0 seconds
Inline Side-by-side
Showing 1 changed file with 8 additions and 21 deletions
nginx.conf
# нужно прописать в конфиге nginx использование сертификатов
# из папки /var/cache/acme
# и альяс .well-known/acme-challenge папки /var/cache/acme/challenges
server { server {
listen 80; listen 80;
server_name ggg.ashmanov.com; server_name ....;
server_tokens off;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
# запросы acme-challenge # запросы acme-challenge
location ~ ^/\.well-known/acme-challenge/([a-zA-Z0-9_-]*)$ { location ~ ^/\.well-known/acme-challenge/([a-zA-Z0-9_-]*)$ {
...@@ -12,7 +12,7 @@ server { ...@@ -12,7 +12,7 @@ server {
alias /var/cache/acme/challenges/$1; alias /var/cache/acme/challenges/$1;
} }
# остальные запросы # остальные запросы отправляем на HTTPS
location / { location / {
return 301 https://$server_name$request_uri; return 301 https://$server_name$request_uri;
} }
...@@ -20,23 +20,10 @@ server { ...@@ -20,23 +20,10 @@ server {
server { server {
listen 443 ssl; listen 443 ssl;
server_name ggg.ashmanov.com; server_name ....;
server_tokens off;
access_log /var/log/nginx/gitlab_ssl_access.log;
error_log /var/log/nginx/gitlab_ssl_error.log;
ssl_certificate /var/cache/acme/site.crt; ssl_certificate /var/cache/acme/site.crt;
ssl_certificate_key /var/cache/acme/site.key; ssl_certificate_key /var/cache/acme/site.key;
# простейшая защита от XSS ....
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
if ($http_host != $server_name) {
return 301 https://$server_name$request_uri;
}
include gitlab.conf;
} }
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!