An Ansible Playbook for deploying your own self-hosted Gitea instance
Nie możesz wybrać więcej, niż 25 tematów
Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.
|
- server {
- listen 80;
- server_name {{ gitea_fqdn }};
-
- location / {
- proxy_pass http://localhost:3000;
- proxy_set_header X-Real-IP $remote_addr;
- }
-
- location ^~ /.well-known/acme-challenge/ {
- default_type "text/plain";
- root /var/www/html;
- }
-
- listen 443 ssl;
- ssl_certificate /etc/letsencrypt/live/{{ gitea_fqdn }}/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/{{ gitea_fqdn }}/privkey.pem;
- ssl_session_cache shared:le_nginx_SSL:1m;
- ssl_session_timeout 1440m;
-
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_prefer_server_ciphers on;
-
- ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA";
-
- if ($scheme != "https") {
- return 301 https://$host$request_uri;
- }
- }
|