From bc5c44dd049bad3b007be48b3f8d90886d63c105 Mon Sep 17 00:00:00 2001 From: System administrator Date: Mon, 29 May 2017 13:26:10 +0200 Subject: Initial commit --- images/router/nginx/snippets/fastcgi_params | 25 +++++++++++++++++++++++++ images/router/nginx/snippets/scgi_params | 17 +++++++++++++++++ images/router/nginx/snippets/ssl_ciphers | 4 ++++ images/router/nginx/snippets/ssl_http | 6 ++++++ images/router/nginx/snippets/ssl_tcp | 4 ++++ images/router/nginx/snippets/uwsgi_params | 17 +++++++++++++++++ images/router/nginx/snippets/wellknown | 5 +++++ 7 files changed, 78 insertions(+) create mode 100644 images/router/nginx/snippets/fastcgi_params create mode 100644 images/router/nginx/snippets/scgi_params create mode 100644 images/router/nginx/snippets/ssl_ciphers create mode 100644 images/router/nginx/snippets/ssl_http create mode 100644 images/router/nginx/snippets/ssl_tcp create mode 100644 images/router/nginx/snippets/uwsgi_params create mode 100644 images/router/nginx/snippets/wellknown (limited to 'images/router/nginx/snippets') diff --git a/images/router/nginx/snippets/fastcgi_params b/images/router/nginx/snippets/fastcgi_params new file mode 100644 index 0000000..28decb9 --- /dev/null +++ b/images/router/nginx/snippets/fastcgi_params @@ -0,0 +1,25 @@ + +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/images/router/nginx/snippets/scgi_params b/images/router/nginx/snippets/scgi_params new file mode 100644 index 0000000..6d4ce4f --- /dev/null +++ b/images/router/nginx/snippets/scgi_params @@ -0,0 +1,17 @@ + +scgi_param REQUEST_METHOD $request_method; +scgi_param REQUEST_URI $request_uri; +scgi_param QUERY_STRING $query_string; +scgi_param CONTENT_TYPE $content_type; + +scgi_param DOCUMENT_URI $document_uri; +scgi_param DOCUMENT_ROOT $document_root; +scgi_param SCGI 1; +scgi_param SERVER_PROTOCOL $server_protocol; +scgi_param REQUEST_SCHEME $scheme; +scgi_param HTTPS $https if_not_empty; + +scgi_param REMOTE_ADDR $remote_addr; +scgi_param REMOTE_PORT $remote_port; +scgi_param SERVER_PORT $server_port; +scgi_param SERVER_NAME $server_name; diff --git a/images/router/nginx/snippets/ssl_ciphers b/images/router/nginx/snippets/ssl_ciphers new file mode 100644 index 0000000..6eefe74 --- /dev/null +++ b/images/router/nginx/snippets/ssl_ciphers @@ -0,0 +1,4 @@ + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; + ssl_prefer_server_ciphers on; + diff --git a/images/router/nginx/snippets/ssl_http b/images/router/nginx/snippets/ssl_http new file mode 100644 index 0000000..78d171e --- /dev/null +++ b/images/router/nginx/snippets/ssl_http @@ -0,0 +1,6 @@ +ssl_certificate /data/certs/tx0.co/fullchain.pem; +ssl_certificate_key /data/certs/tx0.co/privkey.pem; + +ssl_dhparam /app/dhparams.pem; + +add_header Strict-Transport-Security "max-age=31536000" always; diff --git a/images/router/nginx/snippets/ssl_tcp b/images/router/nginx/snippets/ssl_tcp new file mode 100644 index 0000000..b59b7bf --- /dev/null +++ b/images/router/nginx/snippets/ssl_tcp @@ -0,0 +1,4 @@ +ssl_certificate /data/certs/tx0.co/fullchain.pem; +ssl_certificate_key /data/certs/tx0.co/privkey.pem; + +ssl_dhparam /app/dhparams.pem; diff --git a/images/router/nginx/snippets/uwsgi_params b/images/router/nginx/snippets/uwsgi_params new file mode 100644 index 0000000..09c732c --- /dev/null +++ b/images/router/nginx/snippets/uwsgi_params @@ -0,0 +1,17 @@ + +uwsgi_param QUERY_STRING $query_string; +uwsgi_param REQUEST_METHOD $request_method; +uwsgi_param CONTENT_TYPE $content_type; +uwsgi_param CONTENT_LENGTH $content_length; + +uwsgi_param REQUEST_URI $request_uri; +uwsgi_param PATH_INFO $document_uri; +uwsgi_param DOCUMENT_ROOT $document_root; +uwsgi_param SERVER_PROTOCOL $server_protocol; +uwsgi_param REQUEST_SCHEME $scheme; +uwsgi_param HTTPS $https if_not_empty; + +uwsgi_param REMOTE_ADDR $remote_addr; +uwsgi_param REMOTE_PORT $remote_port; +uwsgi_param SERVER_PORT $server_port; +uwsgi_param SERVER_NAME $server_name; diff --git a/images/router/nginx/snippets/wellknown b/images/router/nginx/snippets/wellknown new file mode 100644 index 0000000..17aacf7 --- /dev/null +++ b/images/router/nginx/snippets/wellknown @@ -0,0 +1,5 @@ +location ^~ /.well-known/ { + alias /data/wellknown/; + try_files $uri $uri/ =404; + break; +} -- cgit v1.2.3