From 3717faa71269590eb682b40855b587bd1164d7d5 Mon Sep 17 00:00:00 2001 From: nickschneider Date: Thu, 31 Oct 2024 11:48:20 +0100 Subject: [PATCH] use of https --- docker-compose.yml | 4 ++-- nginx.conf | 27 ++++++++++++++++++++++++++- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 5cfdd01..fd99a78 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,9 +3,9 @@ services: image: "ghcr.io/ls1intum/angelos-ui:latest" container_name: angelos-ui ports: - - "80:80" + - "443:443" expose: - - "80" + - "443" networks: - angelos-network diff --git a/nginx.conf b/nginx.conf index 441e3f6..d313dcb 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,6 +1,31 @@ server { + listen 80; + listen [::]:80; + server_name chatbot.ase.cit.tum.de www.chatbot.ase.cit.tum.de; - listen 80; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name chatbot.ase.cit.tum.de www.chatbot.ase.cit.tum.de; + + # SSL Certificate files + ssl_certificate /var/lib/rbg-cert/live/host:f:asevm83.cit.tum.de.cert.pem; + ssl_certificate_key /var/lib/rbg-cert/live/host:f:asevm83.cit.tum.de.privkey.pem; + + # SSL Settings (recommended for security) + # ssl_dhparam /etc/nginx/dhparam.pem; + ssl_prefer_server_ciphers on; + ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; + ssl_ecdh_curve secp384r1; + ssl_session_timeout 10m; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + ssl_stapling on; + ssl_stapling_verify on; +# ssl_early_data on; location / { root /usr/share/nginx/html; index index.html;