From 233e2c655cc64627a021c6baabe25e0ab7a4e134 Mon Sep 17 00:00:00 2001
From: mia <mia@mia.jetzt>
Date: Sat, 23 Nov 2024 18:52:51 -0800
Subject: terminate tls on asylum for secure local connections

---
 nginx/terminate.conf | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 nginx/terminate.conf

(limited to 'nginx/terminate.conf')

diff --git a/nginx/terminate.conf b/nginx/terminate.conf
new file mode 100644
index 0000000..731feb2
--- /dev/null
+++ b/nginx/terminate.conf
@@ -0,0 +1,22 @@
+# %HOST% internal
+server {
+    listen 443 quic;
+    listen [::]:443 quic;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name %HOST% *.%HOST%;
+    add_header alt-svc 'h3=":443"; ma=86400';
+    ssl_certificate /etc/tls/%HOST%.crt;
+    ssl_certificate_key /etc/tls/%HOST%.key;
+    location / {
+        proxy_pass http://127.0.0.1:80;
+        proxy_http_version 1.1;
+        proxy_redirect off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+}
-- 
cgit 1.4.1