Personal/ansible-deploy-gitea
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Initial Commit

Browse source
This commit is contained in:
Theodotos Andreou 2019-01-26 08:21:47 +02:00
commit fd562c3235
11 changed files with 1090 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

29
templates/nginx_vhost_tls.j2 Normal file
View file

@ -0,0 +1,29 @@
server {
listen 80;
server_name {{ gitea_fqdn }};
location / {
proxy_pass http://localhost:3000;
proxy_set_header X-Real-IP $remote_addr;
}
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/html;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/{{ gitea_fqdn }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ gitea_fqdn }}/privkey.pem;
ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA";
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
}