diff options
| author | mia <mia@mia.jetzt> | 2024-11-23 18:52:51 -0800 |
|---|---|---|
| committer | mia <mia@mia.jetzt> | 2024-11-23 18:52:51 -0800 |
| commit | 233e2c655cc64627a021c6baabe25e0ab7a4e134 (patch) | |
| tree | 69ac40d2b815f5f28a69598e4c88ea1c41cec0ab /nginx/terminate.conf | |
| parent | d1522b9a71c08977a00a9e0ed03048509e91e4bf (diff) | |
| download | asylum-233e2c655cc64627a021c6baabe25e0ab7a4e134.tar.gz asylum-233e2c655cc64627a021c6baabe25e0ab7a4e134.zip | |
terminate tls on asylum for secure local connections
Diffstat (limited to 'nginx/terminate.conf')
| -rw-r--r-- | nginx/terminate.conf | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/nginx/terminate.conf b/nginx/terminate.conf new file mode 100644 index 0000000..731feb2 --- /dev/null +++ b/nginx/terminate.conf @@ -0,0 +1,22 @@ +# %HOST% internal +server { + listen 443 quic; + listen [::]:443 quic; + listen 443 ssl; + listen [::]:443 ssl; + server_name %HOST% *.%HOST%; + add_header alt-svc 'h3=":443"; ma=86400'; + ssl_certificate /etc/tls/%HOST%.crt; + ssl_certificate_key /etc/tls/%HOST%.key; + location / { + proxy_pass http://127.0.0.1:80; + proxy_http_version 1.1; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } +} |