Better with HTTPS.

Please generate certificates with Let's encrypt and remplace certs paths in the nginx configuration file.

Better with HTTPS.
Please generate certificates with Let's encrypt and remplace certs paths in the nginx configuration file.
85216305 · Luclu7 · e9b2870e · 85216305
Commit 85216305 authored 7 years ago by Luclu7
--- a/deploy/nginx.conf
+++ b/deploy/nginx.conf
@@ -4,9 +4,29 @@ upstream funkwhale-api {
 }

 server {
-    listen      80;
+  listen 80;
+  listen [::]:80;
+  server_name demo.funkwhale.audio;
+  # useful for Let's Encrypt
+  location /.well-known/acme-challenge/ { allow all; }
+  location / { return 301 https://$host$request_uri; }
+}
+
+server {
+    listen      443 ssl http2;
+    listen [::]:443 ssl http2;
    server_name demo.funkwhale.audio;

+    # TLS
+    ssl_protocols TLSv1.2;
+    ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
+    # HSTS
+    add_header Strict-Transport-Security "max-age=31536000";
+
    root /srv/funkwhale/front/dist;

    location / {