Commit 37d89d7c authored by Ludovic Courtès's avatar Ludovic Courtès

nginx: Handle hpc.guixsd.org correctly.

Previously hpc.guixsd.org would server the wrong certificate. * nginx.conf: Move 'ssl_protocols', 'ssl_ciphers', etc. to the top level. Add 'server' block for hpc.guixsd.org.
parent 8577407b
......@@ -44,6 +44,21 @@ http {
include nginx-locations.conf;
}
# Make sure SSL is disabled.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Disable weak cipher suites.
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Use our own DH parameters created with:
# openssl dhparam -out dhparams.pem 2048
# as suggested at <https://weakdh.org/sysadmin.html>.
ssl_dhparam /etc/dhparams.pem;
access_log /var/log/nginx/http.access.log;
server {
listen 443 ssl;
server_name guix-hpc.bordeaux.inria.fr;
......@@ -51,20 +66,20 @@ http {
ssl_certificate /etc/letsencrypt/live/guix-hpc.bordeaux.inria.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/guix-hpc.bordeaux.inria.fr/privkey.pem;
# Make sure SSL is disabled.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Disable weak cipher suites.
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
include nginx-locations.conf;
}
# Use our own DH parameters created with:
# openssl dhparam -out dhparams.pem 2048
# as suggested at <https://weakdh.org/sysadmin.html>.
ssl_dhparam /etc/dhparams.pem;
server {
listen 443 ssl;
server_name hpc.guixsd.org;
access_log /var/log/nginx/http.access.log;
ssl_certificate /etc/letsencrypt/live/hpc.guixsd.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hpc.guixsd.org/privkey.pem;
include nginx-locations.conf;
location ~ /(.*) {
# For now make a temporary redirect to inria.fr. However,
# perhaps we should reverse things?
return 307 https://guix-hpc.bordeaux.inria.fr/$1;
}
}
}
\ No newline at end of file
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment