max-mapper · August 29, 2015 14:20
diff --git a/app.conf b/app.conf
 # generated by taco-nginx
 upstream signalhub {
  server 127.0.0.1:54082;
 }

 server {
  listen 80;
  server_name signalhub.*;
  location / {
    proxy_pass http://signalhub;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_buffering off;
    proxy_request_buffering off;
    proxy_http_version 1.1;
    
  }
  listen 443;
 }
diff --git a/ssl.conf b/ssl.conf
 server {
  listen 80;
  server_name *.publicbits.org;
  return 301 https://$host$request_uri;
 }  
  
 server {
  listen 443 default ssl;
  server_name _;

  ssl_certificate_key /home/max/keys/*.publicbits.org.key;
  ssl_certificate /home/max/keys/*.publicbits.org.chained.crt;
  # Recommended security settings from https://wiki.mozilla.org/Security/Server_Side_TLS
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
  ssl_prefer_server_ciphers on;
  ssl_session_timeout 5m;
  ssl_session_cache shared:SSL:5m;
  # Enable this if you want HSTS (recommended)
  add_header Strict-Transport-Security max-age=15768000;

  # from https://gist.github.com/konklone/6532544
  # Generated by OpenSSL with the following command:
  #   openssl dhparam -outform pem -out dhparam2048.pem 2048
  ssl_dhparam /home/max/keys/dhparam2048.pem;
 }
	# generated by taco-nginx
	upstream signalhub {
	server 127.0.0.1:54082;
	}

	server {
	listen 80;
	server_name signalhub.*;
	location / {
	proxy_pass http://signalhub;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_buffering off;
	proxy_request_buffering off;
	proxy_http_version 1.1;

	}
	listen 443;
	}
	server {
	listen 80;
	server_name *.publicbits.org;
	return 301 https://$host$request_uri;
	}

	server {
	listen 443 default ssl;
	server_name _;

	ssl_certificate_key /home/max/keys/*.publicbits.org.key;
	ssl_certificate /home/max/keys/*.publicbits.org.chained.crt;
	# Recommended security settings from https://wiki.mozilla.org/Security/Server_Side_TLS
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
	ssl_prefer_server_ciphers on;
	ssl_session_timeout 5m;
	ssl_session_cache shared:SSL:5m;
	# Enable this if you want HSTS (recommended)
	add_header Strict-Transport-Security max-age=15768000;

	# from https://gist.github.com/konklone/6532544
	# Generated by OpenSSL with the following command:
	# openssl dhparam -outform pem -out dhparam2048.pem 2048
	ssl_dhparam /home/max/keys/dhparam2048.pem;
	}