'nginx/nginx/nginx.conf' updaten
This commit is contained in:
parent
d9063c64ee
commit
6c41a3dc83
1 changed files with 28 additions and 13 deletions
|
@ -7,18 +7,33 @@
|
||||||
# https://www.ssllabs.com/
|
# https://www.ssllabs.com/
|
||||||
|
|
||||||
|
|
||||||
#DH-Param maken:
|
## DH-Param maken:
|
||||||
#sudo openssl dhparam -out /docker/nginx/nginx/conf_split/dhparam-2048.pem 2048
|
#sudo openssl dhparam -out /docker/nginx/nginx/conf_split/dhparam-2048.pem 2048
|
||||||
#sudo openssl dhparam -out /docker/nginx/nginx/conf_split/dhparam-4096.pem 4096
|
#sudo openssl dhparam -out /docker/nginx/nginx/conf_split/dhparam-4096.pem 4096
|
||||||
|
|
||||||
|
|
||||||
# controleren of dit bestand goed is:
|
## controleren of dit bestand goed is:
|
||||||
# docker exec nginx sh -c "nginx -t -c /config/nginx/nginx.conf"
|
# docker exec nginx sh -c "nginx -t -c /config/nginx/nginx.conf"
|
||||||
|
|
||||||
#zonder downtime nginx reloaden:
|
## zonder downtime nginx reloaden:
|
||||||
# docker exec -it nginx s6-svc -h /var/run/s6/services/nginx
|
# docker exec -it nginx s6-svc -h /var/run/s6/services/nginx
|
||||||
|
|
||||||
#Cert vernieuwen:
|
## Cert aanmaken
|
||||||
|
#sudo docker run -it --rm \
|
||||||
|
#-v /docker/nginx/letsencrypt:/etc/letsencrypt \
|
||||||
|
#-v /docker/nginx/letsencrypt_var:/var/lib/letsencrypt \
|
||||||
|
#-v /docker/nginx/letsencrypt/letsencrypt-site:/data/letsencrypt \
|
||||||
|
#-v "/docker/nginx/letsencrypt/log:/var/log/letsencrypt" \
|
||||||
|
#certbot/certbot \
|
||||||
|
#certonly --webroot \
|
||||||
|
#--email "example@example.nl" \
|
||||||
|
#--agree-tos \
|
||||||
|
#--rsa-key-size "4096" \
|
||||||
|
#--cert-name "example.example.com" \
|
||||||
|
#--webroot-path=/data/letsencrypt \
|
||||||
|
#-d example.example.com
|
||||||
|
|
||||||
|
## Cert vernieuwen:
|
||||||
# docker run --rm -it --name certbot \
|
# docker run --rm -it --name certbot \
|
||||||
# -v "/docker/nginx/letsencrypt:/etc/letsencrypt" \
|
# -v "/docker/nginx/letsencrypt:/etc/letsencrypt" \
|
||||||
# -v "/docker/nginx/letsencrypt_var:/var/lib/letsencrypt" \
|
# -v "/docker/nginx/letsencrypt_var:/var/lib/letsencrypt" \
|
||||||
|
@ -143,10 +158,10 @@ server {
|
||||||
|
|
||||||
server {
|
server {
|
||||||
include "/config/nginx/conf_split/listen443.conf";
|
include "/config/nginx/conf_split/listen443.conf";
|
||||||
server_name lermer.nl www.lermer.nl;
|
server_name example.com www.example.com;
|
||||||
ssl_certificate /config/letsencrypt/live/lermer.nl/fullchain.pem;
|
ssl_certificate /config/letsencrypt/live/example.com/fullchain.pem;
|
||||||
ssl_certificate_key /config/letsencrypt/live/lermer.nl/privkey.pem;
|
ssl_certificate_key /config/letsencrypt/live/example.com/privkey.pem;
|
||||||
ssl_trusted_certificate /config/letsencrypt/live/lermer.nl/chain.pem;
|
ssl_trusted_certificate /config/letsencrypt/live/example.com/chain.pem;
|
||||||
#include "/config/nginx/conf_split/ssl_dhparam_2048.conf";
|
#include "/config/nginx/conf_split/ssl_dhparam_2048.conf";
|
||||||
include "/config/nginx/conf_split/ssl_dhparam_4096.conf";
|
include "/config/nginx/conf_split/ssl_dhparam_4096.conf";
|
||||||
include "/config/nginx/conf_split/ssl_protocol.conf";
|
include "/config/nginx/conf_split/ssl_protocol.conf";
|
||||||
|
@ -175,14 +190,14 @@ server {
|
||||||
|
|
||||||
server {
|
server {
|
||||||
include "/config/nginx/conf_split/listen443.conf";
|
include "/config/nginx/conf_split/listen443.conf";
|
||||||
server_name test.lermer.nl;
|
server_name test.example.com;
|
||||||
ssl_certificate /config/letsencrypt/live/test.lermer.nl/fullchain.pem;
|
ssl_certificate /config/letsencrypt/live/test.example.com/fullchain.pem;
|
||||||
ssl_certificate_key /config/letsencrypt/live/test.lermer.nl/privkey.pem;
|
ssl_certificate_key /config/letsencrypt/live/test.example.com/privkey.pem;
|
||||||
ssl_trusted_certificate /config/letsencrypt/live/test.lermer.nl/chain.pem;
|
ssl_trusted_certificate /config/letsencrypt/live/test.example.com/chain.pem;
|
||||||
#include "/config/nginx/conf_split/ssl_dhparam_2048.conf";
|
#include "/config/nginx/conf_split/ssl_dhparam_2048.conf";
|
||||||
include "/config/nginx/conf_split/ssl_dhparam_4096.conf";
|
include "/config/nginx/conf_split/ssl_dhparam_4096.conf";
|
||||||
|
|
||||||
include "/config/nginx/conf_split/ssl_protocol.conf";
|
include "/config/nginx/conf_split/ssl_protocol_strong.conf";
|
||||||
include "/config/nginx/conf_split/headers.conf";
|
include "/config/nginx/conf_split/headers.conf";
|
||||||
|
|
||||||
add_header Content-Security-Policy "default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';";
|
add_header Content-Security-Policy "default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';";
|
||||||
|
|
Loading…
Reference in a new issue