Vendredi 23 novembre 2018

oli.ovh

Ajout domaine oli.ovh (DNS OVH) + certificat letsencrypt
Modification fichier de configuration /etc/nginx/conf.d/oli.ovh.conf pour un accès direct à la maquette A20-Olinuxino-Micro via proxy
Cette maquette peut ne pas être accessible (pas sous tension en permanence)

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name oli.ovh;

    ssl_certificate /etc/yunohost/certs/oli.ovh/crt.pem;
    ssl_certificate_key /etc/yunohost/certs/oli.ovh/key.pem;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;

    ssl_prefer_server_ciphers on;

    # Ciphers with modern compatibility
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1t&hsts=yes&profile=modern
    # Uncomment the following to use modern ciphers, but remove compatibility with some old clients (android < 5.0, Internet Explorer < 10, ...)
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

    # Uncomment the following directive after DH generation
    # > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
    ssl_dhparam /etc/ssl/private/dh4096.pem;

    add_header Strict-Transport-Security "max-age=31536000;";
    location / {
	    proxy_pass http://192.168.0.43;
    }
    location /netdata {
	    proxy_pass http://192.168.0.43:19999;
    }
    access_log /var/log/nginx/oli.ovh-access.log;
    error_log /var/log/nginx/oli.ovh-error.log;
}