Add 'sites-enabled/gitea'

3 years ago · 0366a5b380
parent 3eb51cfb9e
commit 0366a5b380
1 changed files with 29 additions and 0 deletions
--- a/sites-enabled/gitea
+++ b/sites-enabled/gitea
@ -0,0 +1,29 @@
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;                  
+    server_name git.thelyoncompany.com;
+    root /dev/null;
+
+    # SSL
+    ssl_certificate /etc/letsencrypt/live/thelyoncompany.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/thelyoncompany.com/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/thelyoncompany.com/fullchain.pem;
+    ssl_dhparam /etc/nginx/dhparam.pem;
+
+    ssl_client_certificate /etc/nginx/ssl/cloudflare.crt;
+    ssl_verify_client on;
+
+    # security headers
+    add_header X-Frame-Options           "SAMEORIGIN";
+    add_header X-XSS-Protection          "1; mode=block";
+    add_header X-Content-Type-Options    "nosniff";
+    add_header X-UA-Compatible           "IE=Edge";
+    add_header Referrer-Policy           "no-referrer-when-downgrade";
+    add_header Content-Security-Policy   "upgrade-insecure-requests";
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+
+    location / {
+        proxy_pass http://localhost:3000;
+        include    snippets/proxy.conf;
+    }
+}