...
Code Block |
---|
$ sudo vi /etc/nginx/sites-available/default # The following configuration should be a good start. # Remember certificates or # sudo openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/ni_nordu_net.key -out /etc/ssl/certs/ni_nordu_net.crt upstream django { server 127.0.0.1:8001; # for a web port socket } server { listen 80; listen [::]:80; server_name ni.nordu.net; return 301 https://$server_name$request_uri; } server { listen 443; listen [::]:443 default ipv6only=on; ## listen for ipv6 ssl on; ssl_certificate /etc/ssl/certs/ni_nordu_net.crt; ssl_certificate_key /etc/ssl/private/ni_nordu_net.key; # https://cipherli.st ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_session_cache shared:SSL:10m; ssl_ecdh_curve secp384r1; ssl_dhparam /etc/ssl/dhparams.pem; server_name ni.nordu.net; location /static/ { alias /var/opt/norduni/norduni/src/niweb/niweb/static/; autoindex on; access_log off; expires 30d; } location / { include /etc/nginx/uwsgi_params; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect off; uwsgi_pass django; } } |
...