]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/imagery/templates/default/nginx_imagery.conf.erb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
put pummelzacken back into update mode
[chef.git] / cookbooks / imagery / templates / default / nginx_imagery.conf.erb
diff --git a/cookbooks/imagery/templates/default/nginx_imagery.conf.erb b/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
index 42994a6fca9f5c87797f35ebdd6f67eb61b82761..5c740cdc966df395ebba5024194a566de6c2efb4 100644 (file)
--- a/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
+++ b/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
@@ -1,17 +1,32 @@
 server {
 server {
-    listen       80;
-    server_name  <%= @name %> a.<%= @name %> b.<%= @name %> c.<%= @name %><% @aliases.each do |alias_name| %> <%= alias_name %><%- end -%>;
+    listen [::]:80;
+    listen *:80;
+    listen [::]:443 ssl;
+    listen *:443 ssl;
+    server_name  <%= @name %> a.<%= @name %> b.<%= @name %> c.<%= @name %><% @aliases.each do |alias_name| %> <%= alias_name %> a.<%= alias_name %> b.<%= alias_name %> c.<%= alias_name %><%- end -%>;
+
+    ssl_certificate /etc/ssl/certs/<%= @name %>.pem;
+    ssl_certificate_key /etc/ssl/private/<%= @name %>.key;
+
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers <%= node[:ssl][:ciphers] -%>;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_timeout 30m;
+    ssl_stapling on;
+    ssl_dhparam /etc/ssl/certs/dhparam.pem;
+    resolver <%= @resolvers.join(" ") %>;
+    resolver_timeout 5s;
 
     root "/srv/<%= @name %>";
 
     root "/srv/<%= @name %>";
+    rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent;
 
     gzip on;
 
     gzip on;
-    gzip_disable "msie6";
-    # text/html is implicit
-    gzip_types text/plain text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml image/svg+xml;
-    gzip_min_length 1024;
+    gzip_types text/plain text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml image/svg+xml; # text/html is implicit
+    gzip_min_length 512;
     gzip_http_version 1.0;
     gzip_proxied any;
     gzip_http_version 1.0;
     gzip_proxied any;
-    gzip_comp_level 6;
+    gzip_comp_level 9;
     gzip_vary on;
 
     sendfile   on;
     gzip_vary on;
 
     sendfile   on;
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.