An Ansible Playbook for deploying your own self-hosted Gitea instance
25개 이상의 토픽을 선택하실 수 없습니다. Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

30 lines
1.1KB

  1. server {
  2. listen 80;
  3. server_name {{ gitea_fqdn }};
  4. location / {
  5. proxy_pass http://localhost:3000;
  6. proxy_set_header X-Real-IP $remote_addr;
  7. }
  8. location ^~ /.well-known/acme-challenge/ {
  9. default_type "text/plain";
  10. root /var/www/html;
  11. }
  12. listen 443 ssl;
  13. ssl_certificate /etc/letsencrypt/live/{{ gitea_fqdn }}/fullchain.pem;
  14. ssl_certificate_key /etc/letsencrypt/live/{{ gitea_fqdn }}/privkey.pem;
  15. ssl_session_cache shared:le_nginx_SSL:1m;
  16. ssl_session_timeout 1440m;
  17. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  18. ssl_prefer_server_ciphers on;
  19. ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA";
  20. if ($scheme != "https") {
  21. return 301 https://$host$request_uri;
  22. }
  23. }