YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #121 from infertux/nginx_server_tokens

Browse source 
[fix] Don't emit Nginx version
This commit is contained in:
julienmalik 2016-02-29 12:11:20 +01:00
commit 9d6f9d4c07
4 changed files with 16 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
data/hooks/conf_regen/15-nginx
View file

@ -24,6 +24,7 @@ cd /usr/share/yunohost/templates/nginx
# Copy plain single configuration files
files="ssowat.conf
global.conf
yunohost_admin.conf
yunohost_admin.conf.inc
yunohost_api.conf.inc

1
data/templates/nginx/global.conf Normal file
View file

@ -0,0 +1 @@
server_tokens off;

12
data/templates/nginx/server.conf.sed
View file

@ -2,7 +2,7 @@ server {
listen 80;
listen [::]:80;
server_name {{ domain }};
access_by_lua_file /usr/share/ssowat/access.lua;
include conf.d/{{ domain }}.d/*.conf;
@ -19,23 +19,23 @@ server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{ domain }};
ssl_certificate /etc/yunohost/certs/{{ domain }}/crt.pem;
ssl_certificate_key /etc/yunohost/certs/{{ domain }}/key.pem;
ssl_certificate /etc/yunohost/certs/{{ domain }}/crt.pem;
ssl_certificate_key /etc/yunohost/certs/{{ domain }}/key.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
add_header Strict-Transport-Security "max-age=31536000;";
# Uncomment the following directive after DH generation
# > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
#ssl_dhparam /etc/ssl/private/dh2048.pem;
access_by_lua_file /usr/share/ssowat/access.lua;
include conf.d/{{ domain }}.d/*.conf;
include conf.d/yunohost_admin.conf.inc;

10
data/templates/nginx/yunohost_admin.conf
View file

@ -1,25 +1,30 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
location / {
rewrite ^ https://$http_host/yunohost/admin permanent;
}
location /yunohost/admin {
rewrite ^ https://$http_host$request_uri? permanent;
}
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/yunohost/certs/yunohost.org/crt.pem;
ssl_certificate /etc/yunohost/certs/yunohost.org/crt.pem;
ssl_certificate_key /etc/yunohost/certs/yunohost.org/key.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
add_header Strict-Transport-Security "max-age=31536000;";
location / {
rewrite ^ https://$http_host/yunohost/admin permanent;
}
@ -30,6 +35,7 @@ server {
return 403;
}
}
include conf.d/yunohost_admin.conf.inc;
include conf.d/yunohost_api.conf.inc;
}