inference
6598bd2e44
Using actual system names allows fine-grained and modular control over each system's configuration files.
54 lines
1.7 KiB
Plaintext
54 lines
1.7 KiB
Plaintext
# Inferencium - xb000-0
|
|
# Nginx - Configuration - Gitea
|
|
|
|
# Copyright 2022 Jake Winters
|
|
# SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
# Version: 3.0.1.12
|
|
|
|
|
|
# Server (unencrypted)
|
|
server {
|
|
# General
|
|
server_name git.inferencium.net;
|
|
listen 80;
|
|
listen [::]:80;
|
|
|
|
# Location
|
|
location / {
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
}
|
|
|
|
# Server (TLS)
|
|
server {
|
|
# General
|
|
server_name git.inferencium.net;
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
|
|
# Security
|
|
ssl_certificate /etc/letsencrypt/live/git.inferencium.net/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/git.inferencium.net/privkey.pem;
|
|
ssl_protocols TLSv1.3;
|
|
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256";
|
|
ssl_conf_command Ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
|
|
ssl_conf_command Options PrioritizeChaCha;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ecdh_curve X25519;
|
|
add_header Strict-Transport-Security "max-age=126200000; includeSubDomains; preload";
|
|
add_header X-Frame-Options "DENY";
|
|
add_header X-Content-Type-Options nosniff;
|
|
# add_header Content-Security-Policy "default-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'none'; connect-src 'none'; frame-src 'none'; style-src 'self'; font-src 'self'";
|
|
add_header Referrer-Policy no-referrer;
|
|
|
|
# Location
|
|
location / {
|
|
proxy_pass http://unix:/run/gitea/gitea.socket;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
}
|