diff options
Diffstat (limited to 'data/firefly')
| -rw-r--r-- | data/firefly/firefly.conf.j2 | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/data/firefly/firefly.conf.j2 b/data/firefly/firefly.conf.j2 new file mode 100644 index 0000000..d3bc9a1 --- /dev/null +++ b/data/firefly/firefly.conf.j2 | |||
| @@ -0,0 +1,75 @@ | |||
| 1 | server { | ||
| 2 | listen 443 ssl; | ||
| 3 | server_name {{ firefly_server_name }}; | ||
| 4 | |||
| 5 | ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem; | ||
| 6 | ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem; | ||
| 7 | add_header Strict-Transport-Security "max-age=31536000" always; | ||
| 8 | ssl_stapling on; | ||
| 9 | ssl_stapling_verify on; | ||
| 10 | |||
| 11 | # Security / XSS Mitigation Headers | ||
| 12 | add_header X-Frame-Options "SAMEORIGIN"; | ||
| 13 | add_header X-XSS-Protection "1; mode=block"; | ||
| 14 | add_header X-Content-Type-Options "nosniff"; | ||
| 15 | add_header 'Access-Control-Allow-Origin' 'https://chudnick.com' always; | ||
| 16 | |||
| 17 | # authelia | ||
| 18 | include /etc/nginx/snippets/authelia-location.conf; | ||
| 19 | |||
| 20 | |||
| 21 | location / { | ||
| 22 | #authelia | ||
| 23 | include /etc/nginx/snippets/proxy.conf; | ||
| 24 | include /etc/nginx/snippets/authelia-authrequest.conf; | ||
| 25 | |||
| 26 | proxy_pass http://127.0.0.1:{{ firefly_external_port }}/; | ||
| 27 | } | ||
| 28 | |||
| 29 | } | ||
| 30 | |||
| 31 | server { | ||
| 32 | listen 80; | ||
| 33 | listen [::]:80; | ||
| 34 | server_name {{ firefly_server_name }}; | ||
| 35 | return 301 https://$host$request_uri; | ||
| 36 | } | ||
| 37 | |||
| 38 | server { | ||
| 39 | listen 443 ssl; | ||
| 40 | server_name {{ firefly_importer_server_name }}; | ||
| 41 | |||
| 42 | ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem; | ||
| 43 | ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem; | ||
| 44 | add_header Strict-Transport-Security "max-age=31536000" always; | ||
| 45 | ssl_stapling on; | ||
| 46 | ssl_stapling_verify on; | ||
| 47 | |||
| 48 | # Security / XSS Mitigation Headers | ||
| 49 | add_header X-Frame-Options "SAMEORIGIN"; | ||
| 50 | add_header X-XSS-Protection "1; mode=block"; | ||
| 51 | add_header X-Content-Type-Options "nosniff"; | ||
| 52 | add_header 'Access-Control-Allow-Origin' 'https://chudnick.com' always; | ||
| 53 | |||
| 54 | # authelia | ||
| 55 | include /etc/nginx/snippets/authelia-location.conf; | ||
| 56 | |||
| 57 | location / { | ||
| 58 | #authelia | ||
| 59 | include /etc/nginx/snippets/proxy.conf; | ||
| 60 | include /etc/nginx/snippets/authelia-authrequest.conf; | ||
| 61 | |||
| 62 | proxy_buffer_size 128k; | ||
| 63 | proxy_busy_buffers_size 256k; | ||
| 64 | |||
| 65 | proxy_pass http://127.0.0.1:{{ firefly_importer_external_port }}/; | ||
| 66 | } | ||
| 67 | |||
| 68 | } | ||
| 69 | |||
| 70 | server { | ||
| 71 | listen 80; | ||
| 72 | listen [::]:80; | ||
| 73 | server_name {{ firefly_importer_server_name }}; | ||
| 74 | return 301 https://$host$request_uri; | ||
| 75 | } | ||