security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

add support for ACME with replicas

Browse Source
This commit is contained in:
Daniel Micay 2021-07-30 02:32:33 -04:00
parent b98710a90d
commit e1ccefd1fa
1 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
nginx/nginx.conf
View File

@ -88,6 +88,22 @@ http {
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name primary.grapheneos.org;
root /var/empty;
location /.well-known/acme-challenge/ {
root /srv/certbot;
}
location / {
return 301 https://grapheneos.org$request_uri;
}
}
server {
listen 443 ssl http2 backlog=4096;
listen [::]:443 ssl http2 backlog=4096;
@ -98,7 +114,13 @@ http {
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always;
return 301 https://grapheneos.org$request_uri;
location ^~ /.well-known/acme-challenge/ {
return 301 https://primary.grapheneos.org$request_uri;
}
location / {
return 301 https://grapheneos.org$request_uri;
}
}
server {
@ -111,7 +133,13 @@ http {
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always;
return 302 https://github.com/GrapheneOS/Vanadium;
location ^~ /.well-known/acme-challenge/ {
return 301 https://primary.grapheneos.org$request_uri;
}
location / {
return 302 https://github.com/GrapheneOS/Vanadium;
}
}
server {
@ -243,6 +271,10 @@ http {
try_files $uri.html =404;
}
location ^~ /.well-known/acme-challenge/ {
return 301 https://primary.grapheneos.org$request_uri;
}
location ^~ /fonts/ {
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always;
@ -352,6 +384,10 @@ http {
location = /.well-known/mta-sts.txt {}
location ^~ /.well-known/acme-challenge/ {
return 301 https://primary.grapheneos.org$request_uri;
}
location / {
return 404;
}