From 6b83183a205cb1e90c690c7e7f71c447cfae9a32 Mon Sep 17 00:00:00 2001
From: Bryan Newbold <bnewbold@archive.org>
Date: Sat, 5 Aug 2017 13:07:50 -0700
Subject: backup adze nginx config

---
 adze_extras/nginx-sites/know.bnewbold.net | 40 +++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 adze_extras/nginx-sites/know.bnewbold.net

(limited to 'adze_extras/nginx-sites/know.bnewbold.net')

diff --git a/adze_extras/nginx-sites/know.bnewbold.net b/adze_extras/nginx-sites/know.bnewbold.net
new file mode 100644
index 0000000..9ff0771
--- /dev/null
+++ b/adze_extras/nginx-sites/know.bnewbold.net
@@ -0,0 +1,40 @@
+upstream bnewbold-gitit {
+    server 127.0.0.1:5006;
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+     listen 443 ssl spdy;
+     listen [::]:443 ssl spdy;
+    server_name  know.bnewbold.net;
+
+     ssl_certificate /etc/letsencrypt/live/bnewbold.net/fullchain.pem;
+     ssl_certificate_key /etc/letsencrypt/live/bnewbold.net/privkey.pem;
+
+     add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'";
+     add_header X-Frame-Options "SAMEORIGIN";       # 'always' if nginx > 1.7.5
+     add_header X-Content-Type-Options "nosniff";   # 'always' if nginx > 1.7.5
+     add_header X-Xss-Protection "1";
+     # Enable STS with one year period (breaks http; optional)
+     #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
+
+    access_log  /var/log/nginx/access.log;
+
+    location / {
+        root   /srv/http/default/www/;
+        proxy_set_header  X-Real-IP  $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $http_host;
+        proxy_redirect off;
+        proxy_pass http://bnewbold-gitit;
+    }
+
+    # Let's Encrypt SSL Certs
+    location /.well-known/acme-challenge/ {
+        root /var/www/letsencrypt;
+        autoindex off;
+    }
+
+}
+
-- 
cgit v1.2.3