readme

2017-11-28 15:40:46 +01:00 · 2017-11-28 15:40:46 +01:00 · 757270c53f
parent 63884e696b
commit 757270c53f
1 changed files with 39 additions and 39 deletions
--- a/README.md
+++ b/README.md
@ -176,48 +176,48 @@ You can use nginx to proxy your website, and add https-support (instead of plain
 files efficiently. Make sure nginx is installed and configure the website, for example by creating the
 `/etc/nginx/conf.d/yourwebsite.conf` file on centos:

-# Make sure the port matches
-upstream yourwebsiteupstream {
-    server 127.0.0.1:8890;
-}
-
-# Forward http to https
-server {
-    listen 80;
-    server_name cosmo.service.rug.nl;
-    return 301 https://$host$request_uri;
-}
-
-server {
-    client_max_body_size 64M;
-    proxy_connect_timeout       300;
-    proxy_send_timeout          300;
-    proxy_read_timeout          300;
-    send_timeout                300;
-    listen              443 ssl;
-    server_name         cosmo.service.rug.nl;
-    ssl_certificate     /etc/nginx/conf.d/cosmo.service.rug.nl.pem;
-    ssl_certificate_key /etc/nginx/conf.d/cosmo.service.rug.nl.key;
-    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
-    ssl_prefer_server_ciphers on;
-    ssl_dhparam /etc/nginx/conf.d/dhparams.pem;
-
-    location = /favicon.ico { access_log off; log_not_found off; }
-    location /static/ {
-        alias absolute-path-to/rugwebsite/static/;
+    # Make sure the port matches
+    upstream yourwebsiteupstream {
+        server 127.0.0.1:8890;
    }

-    location / {
-        proxy_pass http://yourwebsiteupstream/;
-        proxy_set_header Host            cosmo.service.rug.nl;
-        proxy_set_header X-Forwarded-For $remote_addr;
-
-        # This setting is important, it allows SAML2 to verify the provider url, whithout getting into trouble because
-        # the https-part is handled by nginx, and hence not seen by the django SAML2 code.
-        proxy_set_header X_FORWARDED_PROTO https;
+    # Forward http to https
+    server {
+        listen 80;
+        server_name cosmo.service.rug.nl;
+        return 301 https://$host$request_uri;
+    }
+
+    server {
+        client_max_body_size 64M;
+        proxy_connect_timeout       300;
+        proxy_send_timeout          300;
+        proxy_read_timeout          300;
+        send_timeout                300;
+        listen              443 ssl;
+        server_name         cosmo.service.rug.nl;
+        ssl_certificate     /etc/nginx/conf.d/cosmo.service.rug.nl.pem;
+        ssl_certificate_key /etc/nginx/conf.d/cosmo.service.rug.nl.key;
+        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
+        ssl_prefer_server_ciphers on;
+        ssl_dhparam /etc/nginx/conf.d/dhparams.pem;
+
+        location = /favicon.ico { access_log off; log_not_found off; }
+        location /static/ {
+            alias absolute-path-to/rugwebsite/static/;
+        }
+
+        location / {
+            proxy_pass http://yourwebsiteupstream/;
+            proxy_set_header Host            cosmo.service.rug.nl;
+            proxy_set_header X-Forwarded-For $remote_addr;
+
+            # This setting is important, it allows SAML2 to verify the provider url, whithout getting into trouble because
+            # the https-part is handled by nginx, and hence not seen by the django SAML2 code.
+            proxy_set_header X_FORWARDED_PROTO https;
+        }
    }
-}

 Restart nginx to load the settings `sudo service nginx restart` (or `reload`, to only reload the settings instaed of a
 full restart)