From dcf932b66d0afd2a440d9340678a08ca6b6722f0 Mon Sep 17 00:00:00 2001 From: prance Date: Sun, 30 Jan 2022 14:54:51 +0100 Subject: [PATCH] add initial configurations --- MUOR/MUOR/configs/muor.conf | 64 ++++++++++++++++++++++++++++++++++++ MUOR/MUOR/configs/nginx.conf | 15 +++++---- 2 files changed, 73 insertions(+), 6 deletions(-) create mode 100644 MUOR/MUOR/configs/muor.conf diff --git a/MUOR/MUOR/configs/muor.conf b/MUOR/MUOR/configs/muor.conf new file mode 100644 index 000000000..c00e813e7 --- /dev/null +++ b/MUOR/MUOR/configs/muor.conf @@ -0,0 +1,64 @@ +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +upstream django { + server localhost:8080; +} + +server { + if ($host = randomsec.projektstudencki.pl) { + return 301 https://$host$request_uri; + } + listen 80 reuseport; + server_name randomsec.projektstudencki.pl + charset utf-8; + return 404; +} + +# configuration of the server +server { + # the port your site will be served on + listen 443 ssl http2 reuseport; + # the domain name it will serve for + server_name randomsec.projektstudencki.pl + charset utf-8; + + # max upload size + client_max_body_size 75M; # adjust to taste + +# location /static { +# alias /path/to/static; #TODO add path +# expires 30d; +# access_log off; +# add_header Pragma public; +# add_header Cache-Control "public"; +# } + + error_page 500 502 503 504 404 /error.html; + + location = /error.html { + add_header Content-Type text/html; + return 200 ''; + } + + location /logout/ { + proxy_pass http://django; + } + + # Finally, send all non-media requests to the Django server. + location / { + if ($cookie_sessionid = ""){ + proxy_pass http://django; # TODO prolly change that to uwsgi_pass + } + } + + ssl_certificate /etc/letsencrypt/live/randomsec.projektstudencki.pl/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/randomsec.projektstudencki.pl/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + + # add_header Strict-Transport-Security max-age=31536000; +} \ No newline at end of file diff --git a/MUOR/MUOR/configs/nginx.conf b/MUOR/MUOR/configs/nginx.conf index 905ffa997..b42d0f3a3 100644 --- a/MUOR/MUOR/configs/nginx.conf +++ b/MUOR/MUOR/configs/nginx.conf @@ -1,11 +1,14 @@ -worker_processes 1; +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; events { - worker_connections 1024; + worker_connections 768; + # multi_accept on; } http { - ## # Basic Settings ## @@ -27,8 +30,8 @@ http { # SSL Settings ## - ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE - ssl_prefer_server_ciphers on; +# ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE +# ssl_prefer_server_ciphers on; ## # Logging Settings @@ -48,7 +51,7 @@ http { # gzip_comp_level 6; # gzip_buffers 16 8k; # gzip_http_version 1.1; - gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; ##