Attention une mise à jour du service Gitlab va être effectuée le mardi 18 janvier (et non lundi 17 comme annoncé précédemment) entre 18h00 et 18h30. Cette mise à jour va générer une interruption du service dont nous ne maîtrisons pas complètement la durée mais qui ne devrait pas excéder quelques minutes.

Commit 03a00166 authored by HERBERT Ryan's avatar HERBERT Ryan
Browse files

nginx configurations switched to full https

parent 21cd44e7
...@@ -2,6 +2,37 @@ server { ...@@ -2,6 +2,37 @@ server {
listen 80; listen 80;
server_name $hostname; server_name $hostname;
}
server {
listen 443 default_server ssl;
server_name $hostname;
ssl_certificate /etc/nginx/ssl/web2py.crt;
ssl_certificate_key /etc/nginx/ssl/web2py.key;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
keepalive_timeout 70;
location / {
#uwsgi_pass 127.0.0.1:9001;
uwsgi_pass unix:///tmp/web2py.socket;
include uwsgi_params;
uwsgi_param UWSGI_SCHEME $scheme;
uwsgi_param SERVER_SOFTWARE nginx/$nginx_version;
###remove the comments to turn on if you want gzip compression of your pages
# include /etc/nginx/conf.d/web2py/gzip.conf;
### end gzip section
proxy_read_timeout 600;
client_max_body_size 20G;
###
}
## if you serve static files through https, copy here the section
## from the previous server instance to manage static files
location /browser { location /browser {
root /var/www; root /var/www;
expires 1h; expires 1h;
...@@ -35,20 +66,6 @@ server { ...@@ -35,20 +66,6 @@ server {
### ###
} }
location / {
#uwsgi_pass 127.0.0.1:9001;
uwsgi_pass unix:///tmp/web2py.socket;
include uwsgi_params;
uwsgi_param UWSGI_SCHEME $scheme;
uwsgi_param SERVER_SOFTWARE nginx/$nginx_version;
proxy_read_timeout 600;
###remove the comments to turn on if you want gzip compression of your pages
include /etc/nginx/conf.d/web2py/gzip.conf;
### end gzip section
client_max_body_size 20G;
}
client_max_body_size 20G; client_max_body_size 20G;
...@@ -63,35 +80,4 @@ server { ...@@ -63,35 +80,4 @@ server {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
} }
}
server {
listen 443 default_server ssl;
server_name $hostname;
ssl_certificate /etc/nginx/ssl/web2py.crt;
ssl_certificate_key /etc/nginx/ssl/web2py.key;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
keepalive_timeout 70;
location / {
#uwsgi_pass 127.0.0.1:9001;
uwsgi_pass unix:///tmp/web2py.socket;
include uwsgi_params;
uwsgi_param UWSGI_SCHEME $scheme;
uwsgi_param SERVER_SOFTWARE nginx/$nginx_version;
###remove the comments to turn on if you want gzip compression of your pages
# include /etc/nginx/conf.d/web2py/gzip.conf;
### end gzip section
proxy_read_timeout 600;
client_max_body_size 20G;
###
}
## if you serve static files through https, copy here the section
## from the previous server instance to manage static files
} }
...@@ -62,8 +62,32 @@ gzip_types text/plain text/css application/json application/x-javascript text/xm ...@@ -62,8 +62,32 @@ gzip_types text/plain text/css application/json application/x-javascript text/xm
# Create configuration file /etc/nginx/sites-available/web2py # Create configuration file /etc/nginx/sites-available/web2py
echo "server { echo "server {
listen 80; listen 443 default_server ssl;
server_name \$hostname; server_name \$hostname;
ssl_certificate /etc/nginx/ssl/web2py.crt;
ssl_certificate_key /etc/nginx/ssl/web2py.key;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
keepalive_timeout 70;
location / {
#uwsgi_pass 127.0.0.1:9001;
uwsgi_pass unix:///tmp/web2py.socket;
include uwsgi_params;
uwsgi_param UWSGI_SCHEME \$scheme;
uwsgi_param SERVER_SOFTWARE nginx/\$nginx_version;
###remove the comments to turn on if you want gzip compression of your pages
# include /etc/nginx/conf.d/web2py/gzip.conf;
### end gzip section
proxy_read_timeout 600;
client_max_body_size 20G;
###
}
## if you serve static files through https, copy here the section
## from the previous server instance to manage static files
location /browser { location /browser {
root $CWD/../; root $CWD/../;
...@@ -94,20 +118,6 @@ echo "server { ...@@ -94,20 +118,6 @@ echo "server {
# include /etc/nginx/conf.d/web2py/gzip_static.conf; # include /etc/nginx/conf.d/web2py/gzip_static.conf;
### ###
} }
location / {
#uwsgi_pass 127.0.0.1:9001;
uwsgi_pass unix:///tmp/web2py.socket;
include uwsgi_params;
uwsgi_param UWSGI_SCHEME \$scheme;
uwsgi_param SERVER_SOFTWARE nginx/\$nginx_version;
proxy_read_timeout 600;
###remove the comments to turn on if you want gzip compression of your pages
include /etc/nginx/conf.d/web2py/gzip.conf;
### end gzip section
client_max_body_size 20G;
}
client_max_body_size 20G; client_max_body_size 20G;
...@@ -122,36 +132,6 @@ echo "server { ...@@ -122,36 +132,6 @@ echo "server {
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
} }
}
server {
listen 443 default_server ssl;
server_name \$hostname;
ssl_certificate /etc/nginx/ssl/web2py.crt;
ssl_certificate_key /etc/nginx/ssl/web2py.key;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
keepalive_timeout 70;
location / {
#uwsgi_pass 127.0.0.1:9001;
uwsgi_pass unix:///tmp/web2py.socket;
include uwsgi_params;
uwsgi_param UWSGI_SCHEME \$scheme;
uwsgi_param SERVER_SOFTWARE nginx/\$nginx_version;
###remove the comments to turn on if you want gzip compression of your pages
# include /etc/nginx/conf.d/web2py/gzip.conf;
### end gzip section
proxy_read_timeout 600;
client_max_body_size 20G;
###
}
## if you serve static files through https, copy here the section
## from the previous server instance to manage static files
}" >/etc/nginx/sites-available/web2py }" >/etc/nginx/sites-available/web2py
ln -s /etc/nginx/sites-available/web2py /etc/nginx/sites-enabled/web2py ln -s /etc/nginx/sites-available/web2py /etc/nginx/sites-enabled/web2py
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment