1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-09-27 20:48:11 +00:00
certidude/certidude/templates/nginx-https-site.conf
Lauri Võsandi b4d006227a Refactor codebase
* Replace PyOpenSSL with cryptography.io
* Rename constants to const
* Drop support for uwsgi
* Use systemd to launch certidude server
* Signer automatically spawned as part of server
* Update requirements.txt
* Clean up certidude client configuration handling
* Add automatic enroll with Kerberos machine cerdentials
2016-09-18 00:00:14 +03:00

30 lines
806 B
Plaintext

server {
listen 80;
server_name {{const.FQDN}};
rewrite ^ https://{{const.FQDN}}$request_uri?;
}
server {
root /var/www/html;
add_header X-Frame-Options "DENY";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
listen 443 ssl;
server_name {{const.FQDN}};
client_max_body_size 10G;
ssl_certificate {{certificate_path}};
ssl_certificate_key {{key_path}};
ssl_client_certificate {{authority_path}};
ssl_crl {{revocations_path}};
ssl_verify_client {{verify_client}};
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param REMOTE_USER $ssl_client_s_dn_cn;
include fastcgi_params;
}
}