Skip to content

Instantly share code, notes, and snippets.

@tuxlinuxien

tuxlinuxien/crontab

Last active December 2, 2016 03:52
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tuxlinuxien/bb084dce9e3032c98e3705e93950014b to your computer and use it in GitHub Desktop.
Save tuxlinuxien/bb084dce9e3032c98e3705e93950014b to your computer and use it in GitHub Desktop.
Download ZIP
nginx_conf http/2
Raw
crontab
30 2 * * 1 /usr/bin/letsencrypt renew >> /var/log/le-renew.log
Raw
nginx.conf
http {
...
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
##
# Headers
##
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
...
}
Raw
site.conf
upstream app {
server 127.0.0.1:8080;
}
server {
listen 443 ssl default_server;
server_name mydomain.com;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
location / {
proxy_pass http://app;
}
location /static/ {
autoindex on;
root /go/src/github.com/mydomain.com/app/public/;
}
}
server {
listen 80 default_server;
server_name mydomain.com;
return 301 https://$server_name$request_uri;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment