mirror of
https://github.com/laurivosandi/certidude
synced 2024-09-27 20:48:11 +00:00
Lauri Võsandi
b4d006227a
* Replace PyOpenSSL with cryptography.io * Rename constants to const * Drop support for uwsgi * Use systemd to launch certidude server * Signer automatically spawned as part of server * Update requirements.txt * Clean up certidude client configuration handling * Add automatic enroll with Kerberos machine cerdentials
30 lines
806 B
Plaintext
30 lines
806 B
Plaintext
|
|
server {
|
|
listen 80;
|
|
server_name {{const.FQDN}};
|
|
rewrite ^ https://{{const.FQDN}}$request_uri?;
|
|
}
|
|
|
|
server {
|
|
root /var/www/html;
|
|
add_header X-Frame-Options "DENY";
|
|
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
|
|
listen 443 ssl;
|
|
server_name {{const.FQDN}};
|
|
client_max_body_size 10G;
|
|
ssl_certificate {{certificate_path}};
|
|
ssl_certificate_key {{key_path}};
|
|
ssl_client_certificate {{authority_path}};
|
|
ssl_crl {{revocations_path}};
|
|
ssl_verify_client {{verify_client}};
|
|
|
|
location ~ \.php$ {
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
fastcgi_pass unix:/run/php5-fpm.sock;
|
|
fastcgi_index index.php;
|
|
fastcgi_param REMOTE_USER $ssl_client_s_dn_cn;
|
|
include fastcgi_params;
|
|
}
|
|
}
|
|
|