summaryrefslogtreecommitdiff
path: root/kvmd/configs
diff options
context:
space:
mode:
Diffstat (limited to 'kvmd/configs')
-rw-r--r--kvmd/configs/nginx/nginx.conf.example (renamed from kvmd/configs/nginx/nginx.conf)31
1 files changed, 21 insertions, 10 deletions
diff --git a/kvmd/configs/nginx/nginx.conf b/kvmd/configs/nginx/nginx.conf.example
index 51c52c46..cd30f572 100644
--- a/kvmd/configs/nginx/nginx.conf
+++ b/kvmd/configs/nginx/nginx.conf.example
@@ -10,13 +10,26 @@ events {
}
http {
+ access_log off;
+
include mime.types;
default_type application/octet-stream;
charset utf-8;
sendfile on;
keepalive_timeout 10;
- # gzip on;
+
+ client_body_temp_path /tmp/nginx.client_body_temp;
+ fastcgi_temp_path /tmp/nginx.fastcgi_temp;
+ proxy_temp_path /tmp/nginx.proxy_temp;
+ scgi_temp_path /tmp/nginx.scgi_temp;
+ uwsgi_temp_path /tmp/nginx.uwsgi_temp;
+
+ server {
+ listen 80;
+ server_name localhost;
+ return 301 https://$host$request_uri;
+ }
upstream kvmd {
server localhost:8081 fail_timeout=0s max_fails=0;
@@ -27,17 +40,15 @@ http {
}
server {
- # access_log /tmp/nginx.access.log;
- access_log off;
-
- listen 80;
+ listen 443 ssl http2;
server_name localhost;
- client_body_temp_path /tmp/nginx.client_body_temp;
- fastcgi_temp_path /tmp/nginx.fastcgi_temp;
- proxy_temp_path /tmp/nginx.proxy_temp;
- scgi_temp_path /tmp/nginx.scgi_temp;
- uwsgi_temp_path /tmp/nginx.uwsgi_temp;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+ ssl_certificate ssl/server.crt;
+ ssl_certificate_key ssl/server.key;
+
+ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
root /usr/share/kvmd/web;