...
| Code Block |
|---|
sudo chown -R ni:www-data /tmp/django_cache sudo chmod -R g+w /tmp/django_cache sudo chown -R ni:www-data /var/opt/norduni/norduni/src/niweb/logs/ sudo chmod -R g+w /var/opt/norduni/norduni/src/niweb/logs/ |
nginx
Setup new dhparam file:
| Code Block |
|---|
$ sudo openssl dhparam -out /etc/ssl/dhparams.pem 2048 |
Configure nginx.
| Code Block | ||
|---|---|---|
| ||
$ sudo vi /etc/nginx/sites-available/default
The following configuration should be a good start.
upstream django {
server 127.0.0.1:8001; # for a web port socket
}
server {
listen 80;
listen [::]:80;
server_name ni.nordu.net;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443;
listen [::]:443 default ipv6only=on; ## listen for ipv6
ssl on;
ssl_certificate /etc/ssl/ni_nordu_net.crt;
ssl_certificate_key /etc/ssl/ni_nordu_net.key;
# PFS settings from httphttps://people.adams.edu/~cdmiller/posts/NSA_SSL_settings_for_nginx_and_apache/cipherli.st
# NOTE: these settings exclude Win XP with IE 6ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_session_protocols TLSv1 TLSv1.1 TLSv1.2cache shared:SSL:10m;
ssl_preferecdh_server_cipherscurve onsecp384r1;
ssl_ciphers DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA:!ADH:!aNULLdhparam /etc/ssl/dhparams.pem;
server_name ni.nordu.net;
location /static/ {
alias /var/opt/norduni/norduni/src/niweb/niweb/static/;
autoindex on;
access_log off;
expires 30d;
}
location / {
include /etc/nginx/uwsgi_params;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
uwsgi_pass django;
}
}
|
...