40 lines
1.1 KiB
Plaintext
40 lines
1.1 KiB
Plaintext
server {
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
|
|
ssl_certificate /etc/ssl/dev.cac.atat.codes.crt;
|
|
ssl_certificate_key /etc/ssl/dev.cac.atat.codes.key;
|
|
ssl_session_timeout 1d;
|
|
ssl_session_cache shared:SSL:50m;
|
|
ssl_session_tickets off;
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
ssl_verify_client optional;
|
|
ssl_verify_depth 10;
|
|
ssl_client_certificate /etc/ssl/ca-chain.pem;
|
|
error_log /var/log/nginx/authnid.error.log debug;
|
|
|
|
add_header Strict-Transport-Security max-age=15768000;
|
|
#ssl_stapling on;
|
|
#ssl_stapling_verify on;
|
|
|
|
location / {
|
|
try_files $uri @app;
|
|
}
|
|
|
|
location @app {
|
|
include uwsgi_params;
|
|
uwsgi_pass unix:///tmp/uwsgi.sock;
|
|
uwsgi_param HTTP_X_SSL_CLIENT_VERIFY $ssl_client_verify;
|
|
uwsgi_param HTTP_X_SSL_CLIENT_CERT $ssl_client_raw_cert;
|
|
uwsgi_param HTTP_X_SSL_CLIENT_S_DN $ssl_client_s_dn;
|
|
}
|
|
|
|
location /static {
|
|
alias /app/static;
|
|
}
|
|
}
|