diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2016-12-13 20:36:06 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2016-12-13 20:36:06 +0100 |
| commit | b0869dd3b4e6f72060185b32f19d28351b560998 (patch) | |
| tree | e9aeae31c3cc51063ad58ad1f69627352d1fd212 | |
| parent | 544044b912adcf013f8a695afe511ff2906fe1a3 (diff) | |
nginx: add support for HTTP/2.
5 files changed, 10 insertions, 10 deletions
diff --git a/roles/git/files/etc/nginx/sites-available/git b/roles/git/files/etc/nginx/sites-available/git index 0ec65e2..53bfbe8 100644 --- a/roles/git/files/etc/nginx/sites-available/git +++ b/roles/git/files/etc/nginx/sites-available/git @@ -1,40 +1,40 @@ server { listen 80; listen [::]:80; server_name git.fripost.org; include snippets/acme-challenge.conf; access_log /var/log/nginx/git.access.log; error_log /var/log/nginx/git.error.log info; location / { return 301 https://$host$request_uri; } } server { - listen 443; - listen [::]:443; + listen 443 spdy; + listen [::]:443 spdy; server_name git.fripost.org; access_log /var/log/nginx/git.access.log; error_log /var/log/nginx/git.error.log info; include snippets/headers.conf; include snippets/ssl.conf; ssl_certificate ssl/git.fripost.org.pem; ssl_certificate_key ssl/git.fripost.org.key; include snippets/git.fripost.org.hpkp-hdr; location ^~ /static/ { alias /usr/share/cgit/; expires 30d; } # Bypass the CGI to return static files stored on disk. Try first repo with # a trailing '.git', then without. diff --git a/roles/lists/files/etc/nginx/sites-available/sympa b/roles/lists/files/etc/nginx/sites-available/sympa index fbb3421..48dcf3d 100644 --- a/roles/lists/files/etc/nginx/sites-available/sympa +++ b/roles/lists/files/etc/nginx/sites-available/sympa @@ -1,40 +1,40 @@ server { listen 80; listen [::]:80; server_name lists.fripost.org; include snippets/acme-challenge.conf; access_log /var/log/nginx/lists.access.log; error_log /var/log/nginx/lists.error.log info; location / { return 301 https://$host$request_uri; } } server { - listen 443; - listen [::]:443; + listen 443 spdy; + listen [::]:443 spdy; server_name lists.fripost.org; access_log /var/log/nginx/lists.access.log; error_log /var/log/nginx/lists.error.log info; include snippets/headers.conf; add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade; frame-ancestors 'none'; form-action 'self'; base-uri lists.fripost.org"; include snippets/ssl.conf; ssl_certificate ssl/lists.fripost.org.pem; ssl_certificate_key ssl/lists.fripost.org.key; include snippets/lists.fripost.org.hpkp-hdr; location = / { return 302 /sympa$args; } location ^~ /static-sympa/ { diff --git a/roles/webmail/files/etc/nginx/sites-available/roundcube b/roles/webmail/files/etc/nginx/sites-available/roundcube index c691d35..1f347c5 100644 --- a/roles/webmail/files/etc/nginx/sites-available/roundcube +++ b/roles/webmail/files/etc/nginx/sites-available/roundcube @@ -1,42 +1,42 @@ server { listen 80; listen [::]:80; server_name mail.fripost.org; server_name webmail.fripost.org; include snippets/acme-challenge.conf; access_log /var/log/nginx/roundcube.access.log; error_log /var/log/nginx/roundcube.error.log info; location / { return 301 https://$host$request_uri; } } server { - listen 443; - listen [::]:443; + listen 443 spdy; + listen [::]:443 spdy; server_name mail.fripost.org; server_name webmail.fripost.org; root /var/lib/roundcube; include snippets/headers.conf; add_header Content-Security-Policy "default-src 'none'; child-src 'self'; frame-src 'self'; connect-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * data:; font-src 'self'; reflected-xss block; referrer no-referrer-when-downgrade; frame-ancestors 'self'; form-action 'self'; base-uri mail.fripost.org webmail.fripost.org"; include snippets/ssl.conf; ssl_certificate ssl/mail.fripost.org.pem; ssl_certificate_key ssl/mail.fripost.org.key; include snippets/mail.fripost.org.hpkp-hdr; location = /favicon.ico { root /usr/share/roundcube/skins/default/images; log_not_found off; access_log off; expires max; diff --git a/roles/wiki/files/etc/nginx/sites-available/website b/roles/wiki/files/etc/nginx/sites-available/website index e79ff1f..fbf0c22 100644 --- a/roles/wiki/files/etc/nginx/sites-available/website +++ b/roles/wiki/files/etc/nginx/sites-available/website @@ -1,41 +1,41 @@ server { listen 80; listen [::]:80; server_name fripost.org; server_name www.fripost.org; include snippets/acme-challenge.conf; access_log /var/log/nginx/www.access.log; error_log /var/log/nginx/www.error.log info; location / { return 301 https://$host$request_uri; } } server { - listen 443; - listen [::]:443; + listen 443 spdy; + listen [::]:443 spdy; server_name fripost.org; server_name www.fripost.org; access_log /var/log/nginx/www.access.log; error_log /var/log/nginx/www.error.log info; include snippets/headers.conf; add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade; frame-ancestors 'none'; form-action https://www.paypal.com/; base-uri fripost.org www.fripost.org"; include snippets/ssl.conf; ssl_certificate ssl/www.fripost.org.pem; ssl_certificate_key ssl/www.fripost.org.key; include snippets/fripost.org.hpkp-hdr; location / { try_files $uri $uri/ =404; index index.html; root /var/lib/ikiwiki/public_html/fripost-wiki/website; diff --git a/roles/wiki/files/etc/nginx/sites-available/wiki b/roles/wiki/files/etc/nginx/sites-available/wiki index d2e13a5..4a9088c 100644 --- a/roles/wiki/files/etc/nginx/sites-available/wiki +++ b/roles/wiki/files/etc/nginx/sites-available/wiki @@ -1,41 +1,41 @@ server { listen 80; listen [::]:80; server_name wiki.fripost.org; include snippets/acme-challenge.conf; access_log /var/log/nginx/wiki.access.log; error_log /var/log/nginx/wiki.error.log info; location / { location ~ ^/website(/.*)?$ { return 302 $scheme://fripost.org$1; } return 301 https://$host$request_uri; } } server { - listen 443; - listen [::]:443; + listen 443 spdy; + listen [::]:443 spdy; server_name wiki.fripost.org; access_log /var/log/nginx/wiki.access.log; error_log /var/log/nginx/wiki.error.log info; include snippets/headers.conf; add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade; frame-ancestors 'none'; form-action 'self'; base-uri wiki.fripost.org"; include snippets/ssl.conf; ssl_certificate ssl/www.fripost.org.pem; ssl_certificate_key ssl/www.fripost.org.key; include snippets/fripost.org.hpkp-hdr; location / { location ~ ^/website(/.*)?$ { return 302 $scheme://fripost.org$1; } try_files $uri $uri/ =404; index index.html; root /var/lib/ikiwiki/public_html/fripost-wiki; |