diff options
Diffstat (limited to 'files/usr/local/etc/nginx')
| -rw-r--r-- | files/usr/local/etc/nginx/acme.conf.common | 4 | ||||
| -rw-r--r-- | files/usr/local/etc/nginx/nginx.conf-acme | 55 | ||||
| l--------- | files/usr/local/etc/nginx/nginx.conf.smtp_server | 1 | ||||
| -rw-r--r-- | files/usr/local/etc/nginx/vhosts.conf.smtp_server | 22 |
4 files changed, 82 insertions, 0 deletions
diff --git a/files/usr/local/etc/nginx/acme.conf.common b/files/usr/local/etc/nginx/acme.conf.common new file mode 100644 index 0000000..583ca98 --- /dev/null +++ b/files/usr/local/etc/nginx/acme.conf.common @@ -0,0 +1,4 @@ +location /.well-known/acme-challenge/ { + root ${acme_webroot}; + default_type text/plain; +} diff --git a/files/usr/local/etc/nginx/nginx.conf-acme b/files/usr/local/etc/nginx/nginx.conf-acme new file mode 100644 index 0000000..d77c0de --- /dev/null +++ b/files/usr/local/etc/nginx/nginx.conf-acme @@ -0,0 +1,55 @@ +worker_processes ${nginx_worker_processes}; +worker_rlimit_nofile ${nginx_nofile}; + +events { + worker_connections ${nginx_worker_connections}; +} + +http { + include mime.types; + default_type application/octet-stream; + index index.html; + + aio threads; + aio_write on; + sendfile on; + directio 4m; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + server_tokens off; + client_max_body_size 5m; + charset utf-8; + gzip on; + gzip_http_version 1.0; + gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json image/svg+xml; + + proxy_buffers 64 32k; + proxy_busy_buffers_size 64k; + fastcgi_buffers 64 32k; + + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + ssl_protocols TLSv1.3; + ssl_prefer_server_ciphers off; + + map \$http_upgrade \$connection_upgrade { + default upgrade; + '' keep-alive; + } + + server { + listen 0.0.0.0:80 default_server; + listen [::]:80 default_server; + + include acme.conf; + + location / { + return 301 https://\$host\$request_uri; + } + } + + include vhost*.conf; +} diff --git a/files/usr/local/etc/nginx/nginx.conf.smtp_server b/files/usr/local/etc/nginx/nginx.conf.smtp_server new file mode 120000 index 0000000..53de10f --- /dev/null +++ b/files/usr/local/etc/nginx/nginx.conf.smtp_server @@ -0,0 +1 @@ +nginx.conf-acme
\ No newline at end of file diff --git a/files/usr/local/etc/nginx/vhosts.conf.smtp_server b/files/usr/local/etc/nginx/vhosts.conf.smtp_server new file mode 100644 index 0000000..71d6db8 --- /dev/null +++ b/files/usr/local/etc/nginx/vhosts.conf.smtp_server @@ -0,0 +1,22 @@ +server { + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + + http2 on; + + ssl_certificate ${rspamd_tls_cert}; + ssl_certificate_key ${rspamd_tls_key}; + + add_header Strict-Transport-Security "max-age=63072000" always; + + location / { + proxy_http_version 1.1; + + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + + proxy_pass http://127.0.0.1:${rspamd_port}/; + } +} |