YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #121 from infertux/nginx_server_tokens

Browse source 
[fix] Don't emit Nginx version
This commit is contained in:
julienmalik 2016-02-29 12:11:20 +01:00
commit 9d6f9d4c07
4 changed files with 16 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
data/hooks/conf_regen/15-nginx
View file

@ -24,6 +24,7 @@ cd /usr/share/yunohost/templates/nginx
# Copy plain single configuration files # Copy plain single configuration files
files="ssowat.conf files="ssowat.conf
global.conf
yunohost_admin.conf yunohost_admin.conf
yunohost_admin.conf.inc yunohost_admin.conf.inc
yunohost_api.conf.inc yunohost_api.conf.inc

1
data/templates/nginx/global.conf Normal file
View file

@ -0,0 +1 @@
server_tokens off;

6
data/templates/nginx/server.conf.sed
View file

@ -19,19 +19,19 @@ server {
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;
server_name {{ domain }}; server_name {{ domain }};
ssl_certificate /etc/yunohost/certs/{{ domain }}/crt.pem;
ssl_certificate_key /etc/yunohost/certs/{{ domain }}/key.pem;
ssl_certificate /etc/yunohost/certs/{{ domain }}/crt.pem;
ssl_certificate_key /etc/yunohost/certs/{{ domain }}/key.pem;
ssl_session_timeout 5m; ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m; ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM; ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
add_header Strict-Transport-Security "max-age=31536000;"; add_header Strict-Transport-Security "max-age=31536000;";
# Uncomment the following directive after DH generation # Uncomment the following directive after DH generation
# > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 # > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
#ssl_dhparam /etc/ssl/private/dh2048.pem; #ssl_dhparam /etc/ssl/private/dh2048.pem;
access_by_lua_file /usr/share/ssowat/access.lua; access_by_lua_file /usr/share/ssowat/access.lua;

8
data/templates/nginx/yunohost_admin.conf
View file

@ -1,23 +1,28 @@
server { server {
listen 80 default_server; listen 80 default_server;
listen [::]:80 default_server; listen [::]:80 default_server;
location / { location / {
rewrite ^ https://$http_host/yunohost/admin permanent; rewrite ^ https://$http_host/yunohost/admin permanent;
} }
location /yunohost/admin { location /yunohost/admin {
rewrite ^ https://$http_host$request_uri? permanent; rewrite ^ https://$http_host$request_uri? permanent;
} }
} }
server { server {
listen 443 ssl default_server; listen 443 ssl default_server;
listen [::]:443 ssl default_server; listen [::]:443 ssl default_server;
ssl_certificate /etc/yunohost/certs/yunohost.org/crt.pem;
ssl_certificate /etc/yunohost/certs/yunohost.org/crt.pem;
ssl_certificate_key /etc/yunohost/certs/yunohost.org/key.pem; ssl_certificate_key /etc/yunohost/certs/yunohost.org/key.pem;
ssl_session_timeout 5m; ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m; ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM; ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
add_header Strict-Transport-Security "max-age=31536000;"; add_header Strict-Transport-Security "max-age=31536000;";
location / { location / {
@ -30,6 +35,7 @@ server {
return 403; return 403;
} }
} }
include conf.d/yunohost_admin.conf.inc; include conf.d/yunohost_admin.conf.inc;
include conf.d/yunohost_api.conf.inc; include conf.d/yunohost_api.conf.inc;
} }