iniciativa.conf 2.2 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
  1. ## Configuração para iniciativa.partidopirata.org
  2. server {
  3. listen 80;
  4. listen [::]:80;
  5. server_name iniciativa.partidopirata.org;
  6. location / {
  7. proxy_set_header Host $host;
  8. proxy_set_header X-Real-IP $remote_addr;
  9. proxy_set_header X-Forwarded-For $remote_addr;
  10. proxy_set_header X-Forwarded-Proto https; #$scheme;
  11. proxy_set_header X-Forwarded-HTTPS "on";
  12. proxy_pass http://iniciativa;
  13. }
  14. location ~ /\.ht {
  15. deny all;
  16. }
  17. }
  18. server {
  19. listen 80;
  20. listen [::]:80;
  21. server_name *.iniciativa.partidopirata.org;
  22. return 301 http://iniciativa.partidopirata.org$request_uri;
  23. }
  24. ## SSL
  25. server {
  26. listen 443 ssl;
  27. listen [::]:443 ssl;
  28. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  29. ssl_prefer_server_ciphers on;
  30. ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  31. ssl_ecdh_curve secp384r1;
  32. ssl_session_cache shared:SSL:10m;
  33. ssl_session_tickets off;
  34. ssl_stapling on;
  35. ssl_stapling_verify on;
  36. resolver 208.67.220.220 208.67.222.222 valid=300s;
  37. resolver_timeout 5s;
  38. add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
  39. add_header X-Frame-Options SAMEORIGIN;
  40. add_header X-Content-Type-Options nosniff;
  41. ssl_certificate /etc/letsencrypt/live/partidopirata.org-0001/fullchain.pem;
  42. ssl_certificate_key /etc/letsencrypt/live/partidopirata.org-0001/privkey.pem;
  43. ssl_trusted_certificate /etc/letsencrypt/live/partidopirata.org-0001/chain.pem;
  44. server_name iniciativa.partidopirata.org;
  45. location / {
  46. proxy_set_header Host $host;
  47. proxy_set_header X-Real-IP $remote_addr;
  48. proxy_set_header X-Forwarded-For $remote_addr;
  49. proxy_set_header X-Forwarded-Proto $scheme;
  50. proxy_pass http://iniciativa;
  51. }
  52. location ~ /\.ht {
  53. deny all;
  54. }
  55. }
  56. ## Tor
  57. server {
  58. listen 127.0.0.1:42982;
  59. allow 127.0.0.1;
  60. deny all;
  61. add_header X-Frame-Options SAMEORIGIN;
  62. add_header X-Content-Type-Options nosniff;
  63. server_name iniadkcgvnqvz7fv.onion;
  64. location / {
  65. proxy_set_header Host $host;
  66. proxy_set_header X-Real-IP $remote_addr;
  67. proxy_set_header X-Forwarded-For $remote_addr;
  68. proxy_set_header X-Forwarded-Proto $scheme;
  69. proxy_pass http://iniciativa;
  70. }
  71. location ~ /\.ht {
  72. deny all;
  73. }
  74. }