Inferencium/cfg
1
0
Fork 0
Code Issues Activity

Fix code to conform to code style

Browse Source
This commit is contained in:
inference 2024-04-07 17:48:05 +00:00
parent b67e1cefcf
commit b29f34e97a
Signed by: inference
SSH Key Fingerprint: SHA256:K/a677+eHm7chi3X4s77BIpLTE9Vge1tsv+jUL5gI+Y
1 changed files with 42 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
nginx/inf-int-bin.conf
View File

@ -1,6 +1,6 @@
# Inferencium - xa000-1 # Inferencium - xa000-1
# Nginx - Configuration - Inferencium - Internal - BINHOST # Nginx - Configuration - Inferencium - Internal - BINHOST
# Version: 0.2.0 # Version: 0.3.0
# Copyright 2024 Jake Winters # Copyright 2024 Jake Winters
# SPDX-License-Identifier: BSD-3-Clause # SPDX-License-Identifier: BSD-3-Clause
@ -8,48 +8,52 @@
# Redirect (unencrypted) # Redirect (unencrypted)
server { server {
## General
server_name bin.int.inferencium.net;
listen 80;
# listen [::]:80;
## Location ## General
location / { server_name bin.int.inferencium.net;
return 301 https://$host$request_uri; listen 80;
} # listen [::]:80;
## Location
location / {
return 301 https://$host$request_uri;
}
} }
# Server (TLS) # Server (TLS)
server { server {
## General
server_name bin.int.inferencium.net;
listen 443 ssl;
# listen [::]:443 ssl;
http2 on;
## Location
location / {
root /srv/www/bin;
}
## Security ## General
ssl_certificate /etc/ssl/nginx/inferencium-int/fullchain.pem; server_name bin.int.inferencium.net;
ssl_certificate_key /etc/ssl/nginx/inferencium-int/privkey.pem; listen 443 ssl;
ssl_protocols TLSv1.3; # listen [::]:443 ssl;
ssl_early_data off; http2 on;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256";
ssl_conf_command Ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"; ## Location
ssl_conf_command Options PrioritizeChaCha; location / {
ssl_prefer_server_ciphers on; root /srv/www/bin;
ssl_ecdh_curve x25519:secp256r1; }
ssl_stapling on;
ssl_stapling_verify on; ## Security
# add_header Content-Security-Policy "default-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'none'; connect-src 'none'; frame-src 'none'; style-src 'self'; font-src 'self'"; ssl_certificate /etc/ssl/nginx/inferencium-int/fullchain.pem;
add_header Referrer-Policy no-referrer; ssl_certificate_key /etc/ssl/nginx/inferencium-int/privkey.pem;
add_header Strict-Transport-Security "max-age=126200000; always"; ssl_protocols TLSv1.3;
add_header X-Content-Type-Options nosniff; ssl_early_data off;
add_header X-Frame-Options "DENY"; ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256";
add_header Set-Cookie "Path=/;Secure;HttpOnly"; ssl_conf_command Ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
ignore_invalid_headers on; ssl_conf_command Options PrioritizeChaCha;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve x25519:secp256r1;
ssl_stapling on;
ssl_stapling_verify on;
# add_header Content-Security-Policy "default-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'none'; connect-src 'none'; frame-src 'none'; style-src 'self'; font-src 'self'";
add_header Referrer-Policy no-referrer;
add_header Strict-Transport-Security "max-age=126200000; always";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "DENY";
add_header Set-Cookie "Path=/;Secure;HttpOnly";
ignore_invalid_headers on;
} }