summaryrefslogtreecommitdiff
path: root/images/router/nginx/snippets
diff options
context:
space:
mode:
authorSystem administrator2017-05-29 13:26:10 +0200
committerSystem administrator2017-05-29 13:26:10 +0200
commitbc5c44dd049bad3b007be48b3f8d90886d63c105 (patch)
treea381d989db2295f228f9bc95a774f0cc9aef4c40 /images/router/nginx/snippets
downloadserver-bc5c44dd049bad3b007be48b3f8d90886d63c105.tar.gz
server-bc5c44dd049bad3b007be48b3f8d90886d63c105.tar.xz
server-bc5c44dd049bad3b007be48b3f8d90886d63c105.zip
Initial commit
Diffstat (limited to 'images/router/nginx/snippets')
-rw-r--r--images/router/nginx/snippets/fastcgi_params25
-rw-r--r--images/router/nginx/snippets/scgi_params17
-rw-r--r--images/router/nginx/snippets/ssl_ciphers4
-rw-r--r--images/router/nginx/snippets/ssl_http6
-rw-r--r--images/router/nginx/snippets/ssl_tcp4
-rw-r--r--images/router/nginx/snippets/uwsgi_params17
-rw-r--r--images/router/nginx/snippets/wellknown5
7 files changed, 78 insertions, 0 deletions
diff --git a/images/router/nginx/snippets/fastcgi_params b/images/router/nginx/snippets/fastcgi_params
new file mode 100644
index 0000000..28decb9
--- /dev/null
+++ b/images/router/nginx/snippets/fastcgi_params
@@ -0,0 +1,25 @@
+
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type;
+fastcgi_param CONTENT_LENGTH $content_length;
+
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param REQUEST_SCHEME $scheme;
+fastcgi_param HTTPS $https if_not_empty;
+
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+
+fastcgi_param REMOTE_ADDR $remote_addr;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param REDIRECT_STATUS 200;
diff --git a/images/router/nginx/snippets/scgi_params b/images/router/nginx/snippets/scgi_params
new file mode 100644
index 0000000..6d4ce4f
--- /dev/null
+++ b/images/router/nginx/snippets/scgi_params
@@ -0,0 +1,17 @@
+
+scgi_param REQUEST_METHOD $request_method;
+scgi_param REQUEST_URI $request_uri;
+scgi_param QUERY_STRING $query_string;
+scgi_param CONTENT_TYPE $content_type;
+
+scgi_param DOCUMENT_URI $document_uri;
+scgi_param DOCUMENT_ROOT $document_root;
+scgi_param SCGI 1;
+scgi_param SERVER_PROTOCOL $server_protocol;
+scgi_param REQUEST_SCHEME $scheme;
+scgi_param HTTPS $https if_not_empty;
+
+scgi_param REMOTE_ADDR $remote_addr;
+scgi_param REMOTE_PORT $remote_port;
+scgi_param SERVER_PORT $server_port;
+scgi_param SERVER_NAME $server_name;
diff --git a/images/router/nginx/snippets/ssl_ciphers b/images/router/nginx/snippets/ssl_ciphers
new file mode 100644
index 0000000..6eefe74
--- /dev/null
+++ b/images/router/nginx/snippets/ssl_ciphers
@@ -0,0 +1,4 @@
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+ ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
+ ssl_prefer_server_ciphers on;
+
diff --git a/images/router/nginx/snippets/ssl_http b/images/router/nginx/snippets/ssl_http
new file mode 100644
index 0000000..78d171e
--- /dev/null
+++ b/images/router/nginx/snippets/ssl_http
@@ -0,0 +1,6 @@
+ssl_certificate /data/certs/tx0.co/fullchain.pem;
+ssl_certificate_key /data/certs/tx0.co/privkey.pem;
+
+ssl_dhparam /app/dhparams.pem;
+
+add_header Strict-Transport-Security "max-age=31536000" always;
diff --git a/images/router/nginx/snippets/ssl_tcp b/images/router/nginx/snippets/ssl_tcp
new file mode 100644
index 0000000..b59b7bf
--- /dev/null
+++ b/images/router/nginx/snippets/ssl_tcp
@@ -0,0 +1,4 @@
+ssl_certificate /data/certs/tx0.co/fullchain.pem;
+ssl_certificate_key /data/certs/tx0.co/privkey.pem;
+
+ssl_dhparam /app/dhparams.pem;
diff --git a/images/router/nginx/snippets/uwsgi_params b/images/router/nginx/snippets/uwsgi_params
new file mode 100644
index 0000000..09c732c
--- /dev/null
+++ b/images/router/nginx/snippets/uwsgi_params
@@ -0,0 +1,17 @@
+
+uwsgi_param QUERY_STRING $query_string;
+uwsgi_param REQUEST_METHOD $request_method;
+uwsgi_param CONTENT_TYPE $content_type;
+uwsgi_param CONTENT_LENGTH $content_length;
+
+uwsgi_param REQUEST_URI $request_uri;
+uwsgi_param PATH_INFO $document_uri;
+uwsgi_param DOCUMENT_ROOT $document_root;
+uwsgi_param SERVER_PROTOCOL $server_protocol;
+uwsgi_param REQUEST_SCHEME $scheme;
+uwsgi_param HTTPS $https if_not_empty;
+
+uwsgi_param REMOTE_ADDR $remote_addr;
+uwsgi_param REMOTE_PORT $remote_port;
+uwsgi_param SERVER_PORT $server_port;
+uwsgi_param SERVER_NAME $server_name;
diff --git a/images/router/nginx/snippets/wellknown b/images/router/nginx/snippets/wellknown
new file mode 100644
index 0000000..17aacf7
--- /dev/null
+++ b/images/router/nginx/snippets/wellknown
@@ -0,0 +1,5 @@
+location ^~ /.well-known/ {
+ alias /data/wellknown/;
+ try_files $uri $uri/ =404;
+ break;
+}