Versions Compared

Old Version 17

changes.mady.by.user Markus Krogh

Saved on

compared with

New Version 18

changes.mady.by.user Markus Krogh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
$ sudo vi /etc/nginx/sites-available/default
 
# The following configuration should be a good start.
# Remember certificates or 
# sudo openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/ni_nordu_net.key -out /etc/ssl/certs/ni_nordu_net.crt
 
upstream django {   
    server 127.0.0.1:8001; # for a web port socket
}
 
server {
    listen         80;
    listen         [::]:80;
    server_name    ni.nordu.net;
    return         301 https://$server_name$request_uri;
}
 
server {
    listen 443;
    listen [::]:443 default ipv6only=on; ## listen for ipv6
    ssl on;
    ssl_certificate /etc/ssl/certs/ni_nordu_net.crt;
    ssl_certificate_key /etc/ssl/private/ni_nordu_net.key;
 
    # https://cipherli.st
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_session_cache shared:SSL:10m;
    ssl_ecdh_curve secp384r1;
    ssl_dhparam /etc/ssl/dhparams.pem;
     
    server_name ni.nordu.net;
 
    location /static/ {
        alias         /var/opt/norduni/norduni/src/niweb/niweb/static/;
        autoindex    on;
        access_log   off;
        expires      30d;
    }
 
    location / {
        include     /etc/nginx/uwsgi_params;
        proxy_set_header   Host                 $host;
        proxy_set_header   X-Real-IP            $remote_addr;
        proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto    $scheme;
        proxy_redirect     off;
        uwsgi_pass  django;
    }  
}

...