nginx.conf

listen 443 ssl http2;
listen [::]:443 ssl http2;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

Viz koha-usti:
`server {
listen 192.168.1.110:443 ssl http2;
server_name koha-lanskroun.knihovna-uo.cz katalog-lanskroun.knihovna-uo.cz;
ssl_certificate /etc/letsencrypt/live/koha-lanskroun.knihovna-uo.cz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/koha-lanskroun.knihovna-uo.cz/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_pass http://koha;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_buffering off;
}
}

Koha Jablonne

server {
listen 192.168.1.110:80;
server_name koha-jablonne.knihovna-uo.cz;
return 301 https://koha-jablonne.knihovna-uo.cz$request_uri;
}

server {
listen 192.168.1.110:80;
server_name katalog-jablonne.knihovna-uo.cz;
return 301 https://katalog-jablonne.knihovna-uo.cz$request_uri;
}

server {
listen 192.168.1.110:443 ssl http2;
server_name koha-jablonne.knihovna-uo.cz katalog-jablonne.knihovna-uo.cz;
ssl_certificate /etc/letsencrypt/live/koha-jablonne.knihovna-uo.cz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/koha-jablonne.knihovna-uo.cz/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_pass http://koha;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_buffering off;
}
}`

v tomhle případě je to jedno jestli tam apostrofy jsou nebo ne ;)

…

On Tue, Oct 8, 2019 at 1:18 PM fraktik ***@***.***> wrote: V našem nginx.conf jsou šifry hozeny do apostrofu - překlep? ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <https://gist.github.com/9abf6f26d4e8cfe7b1e2ab69c021ae26?email_source=notifications&email_token=AANRRUTQVYPG5YS6MHNHO2TQNRT7LA5CNFSM4I6QMELKYY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAF2DCQ#gistcomment-3049000>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AANRRUTSWPV66GRIHPVDO7LQNRT7LANCNFSM4I6QMELA> .

-- Josef Moravec josef.moravec@gmail.com

listen má jediný možný kontext a to "server" http://nginx.org/en/docs/http/ngx_http_core_module.html#listen

…

On Tue, Oct 8, 2019 at 1:22 PM fraktik ***@***.***> wrote: - porty i protokoly jsou definovány v jednotlivých instancích - když řádky 2-5 přidám do toho zákl. nging.conf, nebudou mít ty lokální pravidla přednost? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <https://gist.github.com/9abf6f26d4e8cfe7b1e2ab69c021ae26?email_source=notifications&email_token=AANRRUULKYKH3MYUDCIP23TQNRUQ3A5CNFSM4I6QMELKYY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAF2DCW#gistcomment-3049003>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AANRRUSW5IXWXDDO54I3UEDQNRUQ3ANCNFSM4I6QMELA> .

-- Josef Moravec josef.moravec@gmail.com