[Git][reproducible-builds/debian-rebuilder-setup][master] Move nginx to https

kpcyrd gitlab at salsa.debian.org
Tue Nov 6 00:47:35 CET 2018 

kpcyrd pushed to branch master at Reproducible Builds / debian-rebuilder-setup


Commits:
d864a11c by kpcyrd at 2018-11-05T23:48:25Z
Move nginx to https

- - - - -


3 changed files:

- roles/visualizers/files/default.conf
- roles/visualizers/files/gunicorn-accumulator.service
- roles/visualizers/files/gunicorn-visualizer.service


Changes:

=====================================
roles/visualizers/files/default.conf
=====================================
@@ -1,8 +1,19 @@
 server {
-    listen 80;
+    listen 443 ssl http2;
 
     server_name _;
 
+    ssl_certificate /var/lib/acme/live/reproducible-builds.engineering.nyu.edu/fullchain;
+    ssl_certificate_key /var/lib/acme/live/reproducible-builds.engineering.nyu.edu/privkey;
+
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+
+    ssl_protocols TLSv1.2;
+    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+    ssl_prefer_server_ciphers on;
+
     access_log  /var/log/nginx/access.log;
     error_log  /var/log/nginx/error.log;
 
@@ -28,4 +39,8 @@ server {
         proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Proto    $scheme;
     }
+
+    location /.well-known/acme-challenge/ {
+		alias /var/run/acme/acme-challenge/;
+	}
 }


=====================================
roles/visualizers/files/gunicorn-accumulator.service
=====================================
@@ -2,6 +2,7 @@
 Description=Gunicorn server for Accumulator
 
 [Service]
+User=www-data
 WorkingDirectory=/var/accumulator
 Restart=on-failure
 ExecStart=/usr/local/bin/gunicorn --bind 127.0.0.1:4000 accumulator:app


=====================================
roles/visualizers/files/gunicorn-visualizer.service
=====================================
@@ -2,6 +2,7 @@
 Description=Gunicorn server for Visualizer
 
 [Service]
+User=www-data
 WorkingDirectory=/var/visualizer
 Restart=on-failure
 ExecStart=/usr/local/bin/gunicorn --bind 127.0.0.1:8000 visualizer:app



View it on GitLab: https://salsa.debian.org/reproducible-builds/debian-rebuilder-setup/commit/d864a11ce2e4a70611106883210d8e1436d5aed6

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/debian-rebuilder-setup/commit/d864a11ce2e4a70611106883210d8e1436d5aed6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20181105/49347a13/attachment.html>

More information about the rb-commits mailing list