security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

add support for ACME with replicas

Browse Source
This commit is contained in:
Daniel Micay 2021-07-30 02:32:33 -04:00
parent b98710a90d
commit e1ccefd1fa
1 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
nginx/nginx.conf
View File

@ -88,6 +88,22 @@ http {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name primary.grapheneos.org;
root /var/empty;
location /.well-known/acme-challenge/ {
root /srv/certbot;
}
location / {
return 301 https://grapheneos.org$request_uri;
}
}
server { server {
listen 443 ssl http2 backlog=4096; listen 443 ssl http2 backlog=4096;
listen [::]:443 ssl http2 backlog=4096; listen [::]:443 ssl http2 backlog=4096;
@ -98,7 +114,13 @@ http {
include snippets/security-headers.conf; include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always; add_header Cross-Origin-Resource-Policy "same-origin" always;
return 301 https://grapheneos.org$request_uri; location ^~ /.well-known/acme-challenge/ {
return 301 https://primary.grapheneos.org$request_uri;
}
location / {
return 301 https://grapheneos.org$request_uri;
}
} }
server { server {
@ -111,7 +133,13 @@ http {
include snippets/security-headers.conf; include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always; add_header Cross-Origin-Resource-Policy "same-origin" always;
return 302 https://github.com/GrapheneOS/Vanadium; location ^~ /.well-known/acme-challenge/ {
return 301 https://primary.grapheneos.org$request_uri;
}
location / {
return 302 https://github.com/GrapheneOS/Vanadium;
}
} }
server { server {
@ -243,6 +271,10 @@ http {
try_files $uri.html =404; try_files $uri.html =404;
} }
location ^~ /.well-known/acme-challenge/ {
return 301 https://primary.grapheneos.org$request_uri;
}
location ^~ /fonts/ { location ^~ /fonts/ {
include snippets/security-headers.conf; include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always; add_header Cross-Origin-Resource-Policy "same-origin" always;
@ -352,6 +384,10 @@ http {
location = /.well-known/mta-sts.txt {} location = /.well-known/mta-sts.txt {}
location ^~ /.well-known/acme-challenge/ {
return 301 https://primary.grapheneos.org$request_uri;
}
location / { location / {
return 404; return 404;
} }