Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
staging.biuro
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Biuro
staging.biuro
Commits
65d1d7ed
Commit
65d1d7ed
authored
Nov 25, 2019
by
Simon
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
release 1.12.0
parent
82ff785b
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
27 additions
and
49 deletions
+27
-49
.env
.env
+1
-1
server-shared.conf
nginx/conf.d/server-shared.conf
+0
-1
ocsp_stapling.conf
nginx/h5bp/ssl/ocsp_stapling.conf
+22
-5
policy_deprecated.conf
nginx/h5bp/ssl/policy_deprecated.conf
+1
-1
nginx.conf
nginx/nginx.conf
+3
-41
No files found.
.env
View file @
65d1d7ed
...
@@ -2,7 +2,7 @@ PROJECT=biuro-staging
...
@@ -2,7 +2,7 @@ PROJECT=biuro-staging
IMAGE_NGINX=fholzer/nginx-brotli
IMAGE_NGINX=fholzer/nginx-brotli
IMAGE_MYSQL=mariadb:10.3
IMAGE_MYSQL=mariadb:10.3
IMAGE_WORDPRESS=biuro/web:1.1
1.1
IMAGE_WORDPRESS=biuro/web:1.1
2.0
IMAGE_WORDPRESS_CLI=wordpress:cli-php7.3
IMAGE_WORDPRESS_CLI=wordpress:cli-php7.3
DB_NAME=staging_biuro
DB_NAME=staging_biuro
...
...
nginx/conf.d/server-shared.conf
View file @
65d1d7ed
...
@@ -24,7 +24,6 @@ location /wp-json/api/v1/contacts {
...
@@ -24,7 +24,6 @@ location /wp-json/api/v1/contacts {
try_files
$
uri
$
uri
/ /
index
.
php
?$
args
;
try_files
$
uri
$
uri
/ /
index
.
php
?$
args
;
auth_basic
"Basic auth"
;
auth_basic
"Basic auth"
;
auth_basic_user_file
/
etc
/
nginx
/.
htpasswd
;
auth_basic_user_file
/
etc
/
nginx
/.
htpasswd
;
# auth_basic_user_file /var/www/html/.htpasswd;
}
}
location
/
wp
-
json
/
api
/
v1
/
recommended
{
location
/
wp
-
json
/
api
/
v1
/
recommended
{
...
...
nginx/h5bp/ssl/ocsp_stapling.conf
View file @
65d1d7ed
...
@@ -2,17 +2,34 @@
...
@@ -2,17 +2,34 @@
# | Online Certificate Status Protocol stapling |
# | Online Certificate Status Protocol stapling |
# ----------------------------------------------------------------------
# ----------------------------------------------------------------------
# OCSP is a lightweight, only one record to help clients verify the
# OCSP is a lightweight, only one record to help clients verify the
validity of
#
validity of
the server certificate.
# the server certificate.
# OCSP stapling allow
the server to send its cached OCSP record during
# OCSP stapling allow
s the server to send its cached OCSP record during the TLS
#
the TLS handshake, wh
ithout the need of 3rd party OCSP responder.
#
handshake, w
ithout the need of 3rd party OCSP responder.
#
#
# https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling
# https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling
# https://tools.ietf.org/html/rfc6066#section-8
# https://tools.ietf.org/html/rfc6066#section-8
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
#
# (1) Use Cloudflare 1.1.1.1 DNS resolver
# https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/
#
# (2) Use Google 8.8.8.8 DNS resolver
# https://developers.google.com/speed/public-dns/docs/using
#
# (3) Use OpenDNS resolver
# https://use.opendns.com
ssl_stapling
on
;
ssl_stapling
on
;
ssl_stapling_verify
on
;
ssl_stapling_verify
on
;
resolver
8
.
8
.
8
.
8
8
.
8
.
4
.
4
216
.
146
.
35
.
35
216
.
146
.
36
.
36
valid
=
60
s
;
resolver
# (1)
1
.
1
.
1
.
1
1
.
0
.
0
.
1
[
2606
:
4700
:
4700
::
1111
] [
2606
:
4700
:
4700
::
1001
]
# (2)
8
.
8
.
8
.
8
8
.
8
.
4
.
4
[
2001
:
4860
:
4860
::
8888
] [
2001
:
4860
:
4860
::
8844
]
# (3)
# 208.67.222.222 208.67.220.220 [2620:119:35::35] [2620:119:53::53]
valid
=
60
s
ipv6
=
off
;
resolver_timeout
2
s
;
resolver_timeout
2
s
;
nginx/h5bp/ssl/policy_deprecated.conf
View file @
65d1d7ed
...
@@ -22,7 +22,7 @@
...
@@ -22,7 +22,7 @@
# https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
# https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html
ssl_protocols
TLSv1
TLSv1
.
1
TLSv1
.
2
;
ssl_protocols
TLSv1
TLSv1
.
1
TLSv1
.
2
TLSv1
.
3
;
ssl_ciphers
ECDHE
-
ECDSA
-
CHACHA20
-
POLY1305
:
ECDHE
-
RSA
-
CHACHA20
-
POLY1305
:
ECDHE
-
ECDSA
-
AES128
-
GCM
-
SHA256
:
ECDHE
-
RSA
-
AES128
-
GCM
-
SHA256
:
ECDHE
-
ECDSA
-
AES256
-
GCM
-
SHA384
:
ECDHE
-
RSA
-
AES256
-
GCM
-
SHA384
:
DHE
-
RSA
-
AES128
-
GCM
-
SHA256
:
DHE
-
RSA
-
AES256
-
GCM
-
SHA384
:
ECDHE
-
ECDSA
-
AES128
-
SHA
:
ECDHE
-
RSA
-
AES128
-
SHA
:
ECDHE
-
ECDSA
-
AES256
-
SHA
:
ECDHE
-
RSA
-
AES256
-
SHA
:
ECDHE
-
ECDSA
-
AES128
-
SHA256
:
ECDHE
-
RSA
-
AES128
-
SHA256
:
ECDHE
-
ECDSA
-
AES256
-
SHA384
:
ECDHE
-
RSA
-
AES256
-
SHA384
:
DHE
-
RSA
-
AES128
-
SHA
:
DHE
-
RSA
-
AES256
-
SHA
:
DHE
-
RSA
-
AES128
-
SHA256
:
DHE
-
RSA
-
AES256
-
SHA256
:
AES128
-
GCM
-
SHA256
:
AES256
-
GCM
-
SHA384
:
AES128
-
SHA
:
AES256
-
SHA
:
AES128
-
SHA256
:
AES256
-
SHA256
:
ECDHE
-
ECDSA
-
DES
-
CBC3
-
SHA
:
ECDHE
-
RSA
-
DES
-
CBC3
-
SHA
:
EDH
-
RSA
-
DES
-
CBC3
-
SHA
:
DES
-
CBC3
-
SHA
;
ssl_ciphers
ECDHE
-
ECDSA
-
CHACHA20
-
POLY1305
:
ECDHE
-
RSA
-
CHACHA20
-
POLY1305
:
ECDHE
-
ECDSA
-
AES128
-
GCM
-
SHA256
:
ECDHE
-
RSA
-
AES128
-
GCM
-
SHA256
:
ECDHE
-
ECDSA
-
AES256
-
GCM
-
SHA384
:
ECDHE
-
RSA
-
AES256
-
GCM
-
SHA384
:
DHE
-
RSA
-
AES128
-
GCM
-
SHA256
:
DHE
-
RSA
-
AES256
-
GCM
-
SHA384
:
ECDHE
-
ECDSA
-
AES128
-
SHA
:
ECDHE
-
RSA
-
AES128
-
SHA
:
ECDHE
-
ECDSA
-
AES256
-
SHA
:
ECDHE
-
RSA
-
AES256
-
SHA
:
ECDHE
-
ECDSA
-
AES128
-
SHA256
:
ECDHE
-
RSA
-
AES128
-
SHA256
:
ECDHE
-
ECDSA
-
AES256
-
SHA384
:
ECDHE
-
RSA
-
AES256
-
SHA384
:
DHE
-
RSA
-
AES128
-
SHA
:
DHE
-
RSA
-
AES256
-
SHA
:
DHE
-
RSA
-
AES128
-
SHA256
:
DHE
-
RSA
-
AES256
-
SHA256
:
AES128
-
GCM
-
SHA256
:
AES256
-
GCM
-
SHA384
:
AES128
-
SHA
:
AES256
-
SHA
:
AES128
-
SHA256
:
AES256
-
SHA256
:
ECDHE
-
ECDSA
-
DES
-
CBC3
-
SHA
:
ECDHE
-
RSA
-
DES
-
CBC3
-
SHA
:
EDH
-
RSA
-
DES
-
CBC3
-
SHA
:
DES
-
CBC3
-
SHA
;
ssl_ecdh_curve
X25519
:
prime256v1
:
secp521r1
:
secp384r1
;
ssl_ecdh_curve
X25519
:
prime256v1
:
secp521r1
:
secp384r1
;
...
...
nginx/nginx.conf
View file @
65d1d7ed
...
@@ -162,14 +162,15 @@ http {
...
@@ -162,14 +162,15 @@ http {
font/woff2
"*"
;
font/woff2
"*"
;
}
}
client_body_buffer_size
10M
;
#
client_body_buffer_size 10M;
client_max_body_size
10M
;
client_max_body_size
10M
;
# proxy_max_temp_file_size: 0;
# Include files in the conf.d folder.
# Include files in the conf.d folder.
# server{} configuration files should be placed in the conf.d folder.
# server{} configuration files should be placed in the conf.d folder.
# The configurations should be disabled by prefixing files with a dot.
# The configurations should be disabled by prefixing files with a dot.
include
h5bp/ssl/ocsp_stapling.conf
;
#
include h5bp/ssl/ocsp_stapling.conf;
# include h5bp/ssl/policy_modern.conf;
# include h5bp/ssl/policy_modern.conf;
# include h5bp/ssl/policy_deprecated.conf;
# include h5bp/ssl/policy_deprecated.conf;
include
h5bp/ssl/policy_intermediate.conf
;
include
h5bp/ssl/policy_intermediate.conf
;
...
@@ -177,42 +178,3 @@ http {
...
@@ -177,42 +178,3 @@ http {
include
/etc/nginx/conf.d/staging-biuro.conf
;
include
/etc/nginx/conf.d/staging-biuro.conf
;
}
}
# user nginx;
# worker_processes 1;
# error_log /var/log/nginx/error.log warn;
# pid /var/run/nginx.pid;
# events {
# worker_connections 1024;
# }
# http {
# include /etc/nginx/mime.types;
# default_type application/octet-stream;
# log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
# access_log /var/log/nginx/access.log main;
# sendfile on;
# #tcp_nopush on;
# keepalive_timeout 65;
# gzip on;
# brotli on;
# ################################
# # DO WHATEVER YOU WANT HERE :) #
# ################################
# include /etc/nginx/conf.d/*.conf;
# }
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment