savely-krasovsky/nginx proxy

## nginx proxy
sudo letsencrypt certonly --standalone --email savely@krasovsky.me -d kraso.xyz --rsa-key-size 4096
sudo openssl dhparam -dsaparam -out /etc/letsencrypt/live/kraso.xyz/dhparam.pem 4096

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;

# Uncomment for SSLLabs.com x4 100.
#ssl_protocols TLSv1.2;
#ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!AES128';

# With AES128 for better compability.
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

ssl_prefer_server_ciphers on;

ssl_ecdh_curve secp384r1;

# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;

server {
	listen 80;
	listen [::]:80;
	server_name kraso.xyz;
	return 301 https://$server_name$request_uri;
}

server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name kraso.xyz;

	error_log /var/log/nginx/yacy.error.log error;

	### START OF SSL CONFIGURATION ###

	ssl on;

	ssl_certificate /etc/letsencrypt/live/kraso.xyz/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/kraso.xyz/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/kraso.xyz/fullchain.pem;
	ssl_dhparam /etc/letsencrypt/live/kraso.xyz/dhparam.pem;

	### END OF SSL CONFIGURATION ###

	add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";

	location / {
		include ./proxy_params;
		proxy_pass http://localhost:8080;
		location ~* \.(html|css|jpg|jpeg|png|pdf|gif|ico|js)$ {
			proxy_cache_valid 200 301 302 1d;
			expires 1d;
			proxy_pass http://localhost:8080;
		}
	}
}
	sudo letsencrypt certonly --standalone --email savely@krasovsky.me -d kraso.xyz --rsa-key-size 4096
	sudo openssl dhparam -dsaparam -out /etc/letsencrypt/live/kraso.xyz/dhparam.pem 4096

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 1d;

	# Uncomment for SSLLabs.com x4 100.
	#ssl_protocols TLSv1.2;
	#ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!AES128';

	# With AES128 for better compability.
	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

	ssl_prefer_server_ciphers on;

	ssl_ecdh_curve secp384r1;

	# OCSP Stapling
	ssl_stapling on;
	ssl_stapling_verify on;

	server {
	listen 80;
	listen [::]:80;
	server_name kraso.xyz;
	return 301 https://$server_name$request_uri;
	}

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name kraso.xyz;

	error_log /var/log/nginx/yacy.error.log error;

	### START OF SSL CONFIGURATION ###

	ssl on;

	ssl_certificate /etc/letsencrypt/live/kraso.xyz/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/kraso.xyz/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/kraso.xyz/fullchain.pem;
	ssl_dhparam /etc/letsencrypt/live/kraso.xyz/dhparam.pem;

	### END OF SSL CONFIGURATION ###

	add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";

	location / {
	include ./proxy_params;
	proxy_pass http://localhost:8080;
	location ~* \.(html\|css\|jpg\|jpeg\|png\|pdf\|gif\|ico\|js)$ {
	proxy_cache_valid 200 301 302 1d;
	expires 1d;
	proxy_pass http://localhost:8080;
	}
	}
	}