integrated ajarmoszuk work

2020-10-06 21:52:49 +02:00
parent 919b418d58
commit 6e3c2ddcc2
6 changed files with 108 additions and 90 deletions
--- a/confs/https.conf
+++ b/confs/https.conf
@@ -0,0 +1,7 @@
+listen 0.0.0.0:443 ssl %HTTP2%;
+ssl_certificate %HTTPS_CERT%;
+ssl_certificate_key %HTTPS_KEY%;
+ssl_protocols TLSv1.3;
+ssl_prefer_server_ciphers off;
+ssl_session_tickets off;
+%STRICT_TRANSPORT_SECURITY%
--- a/confs/nginx.conf
+++ b/confs/nginx.conf
@@ -61,9 +61,11 @@ http {
 	# enable/disable sending nginx version
 	server_tokens %SERVER_TOKENS%;

-	# write logs to local syslogd
+	# get real IP address if behind a reverse proxy
        %PROXY_REAL_IP%
-        access_log syslog:server=unix:/dev/log,nohostname,facility=local0 %LOG_TYPE%;	
+
+	# write logs to local syslogd
+        access_log syslog:server=unix:/dev/log,nohostname,facility=local0 combined;
 	error_log syslog:server=unix:/dev/log,nohostname,facility=local0,severity=warn;

 	# lua path
--- a/confs/proxy-real-ip.conf
+++ b/confs/proxy-real-ip.conf
@@ -1,3 +1,4 @@
-log_format proxy '$http_x_real_ip - $remote_user [$time_local]  '
-                          '"$request" $status $body_bytes_sent '
-                          '"$http_referer" "$http_user_agent"';
+%PROXY_REAL_IP_FROM%
+real_ip_header %PROXY_REAL_IP_HEADER%;
+real_ip_recursive %PROXY_REAL_IP_RECURSIVE%;
+
--- a/confs/server.conf
+++ b/confs/server.conf
@@ -1,8 +1,7 @@
 server {
 	include /server-confs/*.conf;
 	%LISTEN_HTTP%
-	%AUTO_LETS_ENCRYPT%
-	%CUSTOM_HTTPS%
+	%USE_HTTPS%
 	%REDIRECT_HTTP_TO_HTTPS%
 	server_name %SERVER_NAME%;
 	%DISABLE_DEFAULT_SERVER%