diff --git a/sites-available/everun b/sites-available/everun new file mode 100644 index 0000000..4d0510f --- /dev/null +++ b/sites-available/everun @@ -0,0 +1,80 @@ +server { + # allow access from localhost + listen 443 ssl http2; + server_name www.everun.club; + + ssl_certificate /etc/lego/.lego/certificates/_.everun.club.crt; + ssl_certificate_key /etc/lego/.lego/certificates/_.everun.club.key; + ssl_dhparam /etc/lego/dhparams_4096.pem; + + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:3m; + ssl_buffer_size 4k; + ssl_session_tickets off; + + ssl_protocols TLSv1.3 TLSv1.2; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + + ssl_stapling on; + ssl_stapling_verify on; + + resolver 8.8.4.4 8.8.8.8 valid=300s; + resolver_timeout 10s; + + # Enable HSTS (HTTP Strict Transport Security) + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; + + root /var/www/everun; + index index.html index.htm; + + access_log /var/log/nginx/everun.access.log ltsv; + error_log /var/log/nginx/everun.error.log; + + http2_max_field_size 256k; + http2_max_header_size 256k; + + # To allow POST on static pages + error_page 405 =200 $uri; + + location / { + try_files $uri $uri/ /index.html; + } +} + +server { + # allow access from localhost + listen 443 ssl http2; + server_name everun.club; + + ssl_certificate /etc/lego/.lego/certificates/_.everun.club.crt; + ssl_certificate_key /etc/lego/.lego/certificates/_.everun.club.key; + ssl_dhparam /etc/lego/dhparams_4096.pem; + + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:3m; + ssl_buffer_size 4k; + ssl_session_tickets off; + + ssl_protocols TLSv1.3 TLSv1.2; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + + ssl_stapling on; + ssl_stapling_verify on; + + resolver 8.8.4.4 8.8.8.8 valid=300s; + resolver_timeout 10s; + + # Enable HSTS (HTTP Strict Transport Security) + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; + + access_log /var/log/nginx/everun.access.log ltsv; + error_log /var/log/nginx/everun.error.log; + + http2_max_field_size 256k; + http2_max_header_size 256k; + + location / { + rewrite ^/$ https://www.everun.club; + } +} + diff --git a/sites-available/everun-staging b/sites-available/everun-staging new file mode 100644 index 0000000..0503393 --- /dev/null +++ b/sites-available/everun-staging @@ -0,0 +1,45 @@ +server { + # allow access from localhost + listen 443 ssl http2; + server_name staging.everun.club; + + ssl_certificate /etc/lego/.lego/certificates/_.everun.club.crt; + ssl_certificate_key /etc/lego/.lego/certificates/_.everun.club.key; + ssl_dhparam /etc/lego/dhparams_4096.pem; + + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:3m; + ssl_buffer_size 4k; + ssl_session_tickets off; + + ssl_protocols TLSv1.3 TLSv1.2; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + + ssl_stapling on; + ssl_stapling_verify on; + + resolver 8.8.4.4 8.8.8.8 valid=300s; + resolver_timeout 10s; + + # Enable HSTS (HTTP Strict Transport Security) + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; + + root /var/www/test-everun; + index index.html index.htm; + + access_log /var/log/nginx/stag-everun.access.log ltsv; + error_log /var/log/nginx/stag-everun.error.log; + + http2_max_field_size 256k; + http2_max_header_size 256k; + + # To allow POST on static pages + error_page 405 =200 $uri; + + location / { + auth_basic "限定公開中なのでユーザー名とパスワードを入れてください"; + auth_basic_user_file "/etc/nginx/basic-auth"; + + try_files $uri $uri/ /index.html; + } +}