diff --git a/Server/config/openproject.libsoc.org.conf b/Server/config/openproject.libsoc.org.conf new file mode 100644 index 0000000..3245522 --- /dev/null +++ b/Server/config/openproject.libsoc.org.conf @@ -0,0 +1,41 @@ +server { + + server_name openproject.libsoc.org; + + add_header alt-svc 'h3=":443"; ma=2592000, h3-23=":443"; ma=86400, h3-29=":443"; ma=2592000'; + add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; + + location / { + proxy_set_header X-Forwarded-Host $host:$server_port; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_redirect off; + proxy_pass http://127.0.0.1:6000; + } + + listen 443 http3; + listen 443 ssl http2; + ssl_certificate /etc/letsencrypt/live/libsoc.org-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/libsoc.org-0001/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + ssl_buffer_size 4k; + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/letsencrypt/live/libsoc.org/fullchain.pem; + + resolver 1.1.1.1 1.0.0.1 valid=300s; + resolver_timeout 5s; + +} + +server { + + return 301 https://openproject.libsoc.org$request_uri; + + listen 80; + listen [::]:80; + + server_name openproject.libsoc.org; + +}