system/nginx/02/git.conf

66 lines
1.6 KiB
Plaintext
Raw Normal View History

server {
listen 202.61.255.116:443 ssl http2;
listen [2a03:4000:55:d20::]:443 ssl http2;
ssl_certificate /etc/ssl/lysergic/fullchain.pem;
ssl_certificate_key /etc/ssl/lysergic/private/privkey.pem;
server_name git.lysergic.dev git.de.com;
return 302 https://git.com.de;
}
server {
listen 202.61.255.116:443 ssl http2;
listen [2a03:4000:55:d20::]:443 ssl http2;
ssl_certificate /etc/ssl/liberta.casa/fullchain.pem;
ssl_certificate_key /etc/ssl/liberta.casa/private/privkey.pem;
server_name git.casa;
# return 302 https://git.com.de/libertacasa;
root /srv/www/htdocs;
try_files $uri @cgit;
location @cgit {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /srv/www/cgi-bin/cgit/cgit.cgi;
fastcgi_param PATH_INFO $uri;
fastcgi_param QUERY_STRING $args;
fastcgi_param HTTP_HOST $server_name;
fastcgi_pass unix:/run/fcgiwrap.sock;
}
}
server {
listen 202.61.255.116:443 ssl http2;
listen [2a03:4000:55:d20::]:443 ssl http2;
listen 192.168.0.115:443 ssl http2;
server_name git.com.de;
ssl_certificate /etc/ssl/lysergic/fullchain.pem;
ssl_certificate_key /etc/ssl/lysergic/private/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/ca-bundle.pem;
resolver 127.0.0.4;
location / {
proxy_pass http://127.0.0.2:3501;
}
}