raspiblitz/home.admin/assets/blitzweb.conf

## RaspiBlitz NGINX config: blitzweb.conf

server {

    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;

    server_name _;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRS
A+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";

    add_header Strict-Transport-Security "max-age=31536000";

    # ToDo(frennkie) might make sense to use lua to check if files are there (e.g. no disk) and use fallback certs)
    ssl_certificate /mnt/hdd/app-data/nginx/tls.cert;
    ssl_certificate_key /mnt/hdd/app-data/nginx/tls.key;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access_raspiblitz.log;
    error_log /var/log/nginx/error_raspiblitz.log;

    root /var/www/blitzweb;

}
add blitzweb 2020-05-17 13:43:52 +01:00			`## RaspiBlitz NGINX config: blitzweb.conf`

			`server {`

			`listen 443 ssl default_server;`
			`listen [::]:443 ssl default_server;`

			`server_name _;`

			`ssl_protocols TLSv1 TLSv1.1 TLSv1.2;`
			`ssl_prefer_server_ciphers on;`
			`ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRS`
			`A+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";`

			`add_header Strict-Transport-Security "max-age=31536000";`

			`# ToDo(frennkie) might make sense to use lua to check if files are there (e.g. no disk) and use fallback certs)`
			`ssl_certificate /mnt/hdd/app-data/nginx/tls.cert;`
			`ssl_certificate_key /mnt/hdd/app-data/nginx/tls.key;`

			`##`
			`# Logging Settings`
			`##`

			`access_log /var/log/nginx/access_raspiblitz.log;`
			`error_log /var/log/nginx/error_raspiblitz.log;`

			`root /var/www/blitzweb;`

			`}`