server.yml: add CA to avoid warning when doing https on IP
This commit is contained in:
parent
1c908cac6f
commit
56ea6b42fc
66
server.yml
66
server.yml
|
@ -417,6 +417,12 @@ files:
|
||||||
- path: etc/nginx/ssl/privkey.pem
|
- path: etc/nginx/ssl/privkey.pem
|
||||||
source: ssl/privkey.pem
|
source: ssl/privkey.pem
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
- path: etc/nginx/ssl/ec_cert.pem
|
||||||
|
source: pkg/challenge/ssl/ec_cert.pem
|
||||||
|
mode: "0644"
|
||||||
|
- path: etc/nginx/ssl/ec_key.pem
|
||||||
|
source: pkg/challenge/ssl/ec_key.pem
|
||||||
|
mode: "0644"
|
||||||
- path: etc/nginx/nginx-gw.conf
|
- path: etc/nginx/nginx-gw.conf
|
||||||
contents: |
|
contents: |
|
||||||
user nginx;
|
user nginx;
|
||||||
|
@ -568,8 +574,68 @@ files:
|
||||||
listen [::]:443 default ssl;
|
listen [::]:443 default ssl;
|
||||||
ssl_protocols TLSv1.2;
|
ssl_protocols TLSv1.2;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
|
ssl_certificate /etc/nginx/ssl/ec_cert.pem;
|
||||||
|
ssl_certificate_key /etc/nginx/ssl/ec_key.pem;
|
||||||
|
location = /{
|
||||||
|
return https://adlin.nemunai.re/;
|
||||||
|
}
|
||||||
|
location /challenge {
|
||||||
|
proxy_pass https://82.64.31.248/challenge;
|
||||||
|
proxy_set_header Host adlin.nemunai.re;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_redirect off;
|
||||||
|
}
|
||||||
|
location /toctoc {
|
||||||
|
proxy_pass https://82.64.31.248/toctoc;
|
||||||
|
proxy_set_header Host adlin.nemunai.re;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_redirect off;
|
||||||
|
}
|
||||||
|
location /echorequest {
|
||||||
|
proxy_pass https://82.64.31.248/echorequest;
|
||||||
|
proxy_set_header Host adlin.nemunai.re;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_redirect off;
|
||||||
|
}
|
||||||
|
location /testdisk {
|
||||||
|
proxy_pass https://82.64.31.248/testdisk;
|
||||||
|
proxy_set_header Host adlin.nemunai.re;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_redirect off;
|
||||||
|
}
|
||||||
|
location /sshkeys {
|
||||||
|
proxy_pass https://82.64.31.248/sshkeys;
|
||||||
|
proxy_set_header Host adlin.nemunai.re;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_redirect off;
|
||||||
|
}
|
||||||
|
location /api/students {
|
||||||
|
proxy_pass https://82.64.31.248;
|
||||||
|
proxy_set_header Host adlin.nemunai.re;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-By 172.23.200.1;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_redirect off;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
listen [::]:443 ssl;
|
||||||
|
ssl_protocols TLSv1.2;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
ssl_certificate /etc/nginx/ssl/fullchain.pem;
|
ssl_certificate /etc/nginx/ssl/fullchain.pem;
|
||||||
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
|
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
|
||||||
|
server_name adlin.nemunai.re;
|
||||||
location = /{
|
location = /{
|
||||||
return https://adlin.nemunai.re/;
|
return https://adlin.nemunai.re/;
|
||||||
}
|
}
|
||||||
|
|
Reference in New Issue
Block a user