Last active
August 29, 2015 13:58
-
-
Save bentglasstube/10342528 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BITSIZE=4096 | |
| FILE=eatabrick.org | |
| all: $(FILE).pem $(FILE).key dhparam.pem | |
| chown http:http $(FILE).* | |
| chmod 600 $(FILE).key | |
| $(FILE).pem: $(FILE).csr intermediate.pem | |
| @echo "Copy and paste the following into your CA:" | |
| @cat $(FILE).csr | |
| @echo "Paste the certificate from your CA here (^D to finish):" | |
| @cat >$(FILE).pem | |
| @cat intermediate.pm >>$(FILE).pem | |
| $(FILE).csr: $(FILE).key | |
| openssl req -new -key $(FILE).key -out $(FILE).csr | |
| $(FILE).key: | |
| openssl genrsa -des3 -passout pass:x -out $(FILE).pass.key $(BITSIZE) | |
| openssl rsa -passin pass:x -in $(FILE).pass.key -out $(FILE).key | |
| rm $(FILE).pass.key | |
| intermediate.pem: | |
| @echo "Paste any intermediate certs here (^D to finish):" | |
| @cat >intermediate.pem | |
| dhparam.pem: | |
| openssl dhparam -out dhparam.pem $(BITSIZE) | |
| clean: | |
| rm $(FILE).* intermediate.pem dhparam.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80 default; | |
| listen [::]:80 default; | |
| server_name eatabrick.org www.eatabrick.org; | |
| rewrite ^/(.*) https://eatabrick.org/$1 permanent; | |
| } | |
| server { | |
| listen 443 ssl; | |
| listen [::]:443 ssl; | |
| server_name www.eatabrick.org; | |
| ssl_certificate /etc/nginx/ssl/eatabrick.org.pem; | |
| ssl_certificate_key /etc/nginx/ssl/eatabrick.org.key; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_prefer_server_ciphers on; | |
| ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4:!3DES'; | |
| ssl_session_cache shared:SSL:10m; | |
| ssl_dhparam /etc/nginx/ssl/dhparam.pem; | |
| ssl_stapling on; | |
| add_header Strict-Transport-Security max-age=31536000; | |
| add_header X-Frame-Options DENY; | |
| rewrite ^/(.*) https://eatabrick.org/$1 permanent; | |
| } | |
| server { | |
| listen 443 ssl default; | |
| listen [::]:443 ssl default; | |
| server_name eatabrick.org; | |
| ssl_certificate /etc/nginx/ssl/eatabrick.org.pem; | |
| ssl_certificate_key /etc/nginx/ssl/eatabrick.org.key; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_prefer_server_ciphers on; | |
| ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4:!3DES'; | |
| ssl_session_cache shared:SSL:10m; | |
| ssl_dhparam /etc/nginx/ssl/dhparam.pem; | |
| ssl_stapling on; | |
| add_header Strict-Transport-Security max-age=31536000; | |
| add_header X-Frame-Options DENY; | |
| access_log /var/log/nginx/eatabrick.org.access.log; | |
| error_log /var/log/nginx/eatabrick.org.error.log; | |
| root /srv/http/eatabrick.org/htdocs/; | |
| index index.html; | |
| error_page 404 /404.html; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment