nginx: Enable HTTPS

coala · May 24, 2017 · fff04c3 · fff04c3
1 parent 85af168
commit fff04c3
Show file tree

Hide file tree

Showing 9 changed files with 22 additions and 5 deletions.
diff --git a/nginx/docker-compose.yml b/nginx/docker-compose.yml
@@ -6,8 +6,10 @@ services:
     volumes:
       - ./nginx.conf:/etc/nginx/nginx.conf:ro
       - ./nginx.conf.d:/etc/nginx/conf.d:ro
+      - /etc/ssl/private/coala.io:/etc/ssl/private/coala.io:ro
     ports:
       - 80:80
+      - 443:443
     networks:
       - outside
 networks:

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
@@ -27,5 +27,13 @@ http {
     resolver         127.0.0.11 valid=300s;
     resolver_timeout 30s;
 
+    ssl_session_cache   shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    ssl_certificate     /etc/ssl/private/coala.io/cert.pem;
+    ssl_certificate_key /etc/ssl/private/coala.io/cert.key;
+
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+
     include /etc/nginx/conf.d/*.conf;
 }
diff --git a/nginx/nginx.conf.d/blog.coala.io.conf b/nginx/nginx.conf.d/blog.coala.io.conf
@@ -1,4 +1,5 @@
 server {
+    listen 443 ssl;
     server_name blog.coala.io;
 
     location / {

diff --git a/nginx/nginx.conf.d/coala.io.conf b/nginx/nginx.conf.d/coala.io.conf
@@ -1,5 +1,5 @@
 server {
-    listen 80;
+    listen 443 ssl;
     server_name coala.io www.coala.io;
 
     location / {

diff --git a/nginx/nginx.conf.d/http_redir.conf b/nginx/nginx.conf.d/http_redir.conf
@@ -0,0 +1,5 @@
+server {
+    listen 80;
+
+    return 301 https://$host$request_uri;
+}
diff --git a/nginx/nginx.conf.d/list.coala.io.conf b/nginx/nginx.conf.d/list.coala.io.conf
@@ -1,4 +1,5 @@
 server {
+    listen 443 ssl;
     server_name list.coala.io;
 
     location = / { return 301 https://list.coala.io/mailman; }

diff --git a/nginx/nginx.conf.d/mumble.coala.io.conf b/nginx/nginx.conf.d/mumble.coala.io.conf
@@ -1,5 +1,5 @@
 server {
-    listen 80;
+    listen 443 ssl;
     server_name mumble.coala.io;
 
     location / { return 302 mumble://mumble.coala.io/?version=1.2; }

diff --git a/nginx/nginx.conf.d/default.conf → nginx/nginx.conf.d/solar.coala.io.conf b/nginx/nginx.conf.d/default.conf → nginx/nginx.conf.d/solar.coala.io.conf
@@ -1,7 +1,6 @@
-# Default server for every "available" sub-domains or direct access.
-
 server {
-    listen 80 default_server;
+    listen 443 ssl;
+    server_name solar.coala.io;
 
     location / {
         proxy_pass             http://192.30.252.153;

diff --git a/nginx/nginx.conf.d/webservices.coala.io.conf b/nginx/nginx.conf.d/webservices.coala.io.conf
@@ -1,4 +1,5 @@
 server {
+    listen 443 ssl;
     server_name webservices.coala.io;
 
     location / {