diff options
author | Martina Pietruschka | 2015-07-22 00:19:30 +0000 |
---|---|---|
committer | Martina Pietruschka | 2015-07-22 00:19:30 +0000 |
commit | 1504bbd5949682e78bf5f59c1ac38150d6e84f9a (patch) | |
tree | f9a8119a39aa4d5f60f574d1d5e5a7f53f36b336 | |
parent | a3f9695e498917be0d558b8fc59308472a9efc7f (diff) | |
download | aur-1504bbd5949682e78bf5f59c1ac38150d6e84f9a.tar.gz |
nginx.config adjusted
-rw-r--r-- | .SRCINFO | 4 | ||||
-rw-r--r-- | PKGBUILD | 4 | ||||
-rw-r--r-- | nginx-ssl.example.conf | 86 |
3 files changed, 46 insertions, 48 deletions
@@ -1,5 +1,3 @@ -# Generated by makepkg 4.2.1 -# Wed May 13 01:19:20 UTC 2015 pkgbase = zarafa-webapp pkgdesc = WebApp for Zarafa pkgver = 2.0.2.48619 @@ -20,7 +18,7 @@ pkgbase = zarafa-webapp source = zarafa-webapp.ini md5sums = 0d384708bd97d52fc2f9eb651f6f6f1e md5sums = eac81900679ed0fc111fcaa1171bbd32 - md5sums = 73451bc5c35072b22b0b2925c5920978 + md5sums = 1bdab5b1e4473c1b0f6ce2e5c8f1da61 md5sums = 7adcf5e023718421a5e8e07e5e9a2480 md5sums = cc8143c1fa12911a17578c1e775225fe md5sums = daedd4114b213e9279806ee720eeb1ef @@ -6,7 +6,7 @@ pkgname=('zarafa-webapp' 'zarafa-webapp-plugins') pkgver=2.0.2.48619 _pkgrel=2.0.2 -pkgrel=3 +pkgrel=4 pkgdesc=('WebApp for Zarafa') arch=('any') url=('http://www.zarafa.com/') @@ -26,7 +26,7 @@ source=("webapp-${pkgver}.tar.gz::http://download.zarafa.com/community/final/Web md5sums=('0d384708bd97d52fc2f9eb651f6f6f1e' 'eac81900679ed0fc111fcaa1171bbd32' - '73451bc5c35072b22b0b2925c5920978' + '1bdab5b1e4473c1b0f6ce2e5c8f1da61' '7adcf5e023718421a5e8e07e5e9a2480' 'cc8143c1fa12911a17578c1e775225fe' 'daedd4114b213e9279806ee720eeb1ef') diff --git a/nginx-ssl.example.conf b/nginx-ssl.example.conf index a37c2447634a..24d366e810e0 100644 --- a/nginx-ssl.example.conf +++ b/nginx-ssl.example.conf @@ -1,48 +1,49 @@ server { # server_name YOUR_SERVER_FQDN; ## uncomment replace this with something like www.example.com - listen 443; - - server_tokens off; ## Don't show the nginx version number, a security best practice - root /var/lib/nginx/http - - ## Strong SSL Security - ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/ - ## - ## Generate a strong SSL-Certificate and DHE parameter: - ## openssl genrsa -out /etc/ssl/private/zarafa.key 4096 - ## openssl req -new -sha512 -key /etc/ssl/private/zarafa.key -out /tmp/zarafa.csr - ## openssl x509 -req -days 3650 -in /tmp/zarafa.csr -signkey /etc/ssl/private/zarafa.key -out /etc/ssl/private/zarafa.crt + listen 443; + + server_tokens off; ## Don't show the nginx version number, a security best practice + root /usr/share/nginx/html; + index index.html index.htm; + + ## Strong SSL Security + ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/ + ## + ## Generate a strong SSL-Certificate and DHE parameter: + ## openssl genrsa -out /etc/ssl/private/zarafa.key 4096 + ## openssl req -new -sha512 -key /etc/ssl/private/zarafa.key -out /tmp/zarafa.csr + ## openssl x509 -req -days 3650 -in /tmp/zarafa.csr -signkey /etc/ssl/private/zarafa.key -out /etc/ssl/private/zarafa.crt ## openssl dhparam -out /etc/ssl/private/zarafa.dh 4096 - ## chmod go-rwx /etc/ssl/private/zarafa.*; - ## chmod u+rw /etc/ssl/private/zarafa.* - ## chown root:root /etc/ssl/private/zarafa.* - ## - ssl on; - ssl_certificate_key /etc/ssl/private/zarafa.key; - ssl_certificate /etc/ssl/private/zarafa.crt; - ssl_dhparam /etc/ssl/private/zarafa.dh; + ## chmod go-rwx /etc/ssl/private/zarafa.*; + ## chmod u+rw /etc/ssl/private/zarafa.* + ## chown root:root /etc/ssl/private/zarafa.* + ## + ssl on; + ssl_certificate_key /etc/ssl/private/zarafa.key; + ssl_certificate /etc/ssl/private/zarafa.crt; + ssl_dhparam /etc/ssl/private/zarafa.dh; + + ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html + ## The recommended cipher suite for backwards compatibility (IE6/WinXP): + ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL'; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 5m; - ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html - ## The recommended cipher suite for backwards compatibility (IE6/WinXP): - ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL'; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:50m; - ssl_session_timeout 5m; - - ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL. - ## Replace with your ssl_trusted_certificate. For more info see: - ## - https://medium.com/devops-programming/4445f4862461 - ## - https://www.ruby-forum.com/topic/4419319 - ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx - ## - https://raymii.org/s/tutorials/OCSP_Stapling_on_nginx.html - ## - http://freiburg79.de/ocsp-stapling-mit-nginx/ - # ssl_stapling on; - # ssl_stapling_verify on; - # ssl_stapling_file /etc/ssl/private/de-autorisation-m.ocsp; - # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired - # resolver_timeout 5s; + ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL. + ## Replace with your ssl_trusted_certificate. For more info see: + ## - https://medium.com/devops-programming/4445f4862461 + ## - https://www.ruby-forum.com/topic/4419319 + ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx + ## - https://raymii.org/s/tutorials/OCSP_Stapling_on_nginx.html + ## - http://freiburg79.de/ocsp-stapling-mit-nginx/ + # ssl_stapling on; + # ssl_stapling_verify on; + # ssl_stapling_file /etc/ssl/private/de-autorisation-m.ocsp; + # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired + # resolver_timeout 5s; # HIDDEN FILES AND FOLDERS rewrite ^(.*)\/\.(.*)$ @404 break; @@ -50,7 +51,6 @@ location = @404 { return 404; } - - include ${PATH_TO_ATTACHED_LOCATION_FILE}; - include ${PATH_TO_ANOTHER_LOCATION_FILE}; + + include ${PATH_TO_ATTACHED_LOCATION_FILE}; }
\ No newline at end of file |