Skip to content

Commit

Permalink
Redirect to https
Browse files Browse the repository at this point in the history
  • Loading branch information
Arts committed Dec 13, 2020
1 parent be8558e commit 92b87fc
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 5 deletions.
6 changes: 3 additions & 3 deletions core/etc/systemd/system/point.service
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ Description=Point.im
After=network.target
RequiresMountsFor=/home

[Install]
WantedBy=multi-user.target
#[Install]
#WantedBy=multi-user.target

[Service]
Type=simple
Expand All @@ -13,5 +13,5 @@ Group=docker
WorkingDirectory=/home/point/point
ExecStart=/usr/local/bin/docker-compose -f /home/point/point/docker-compose.yml -f /home/point/point/docker-compose-production.yml up www bot imgproc nginx
ExecStop=/usr/local/bin/docker-compose -f /home/point/point/docker-compose.yml -f /home/point/point/docker-compose-production.yml stop www bot imgproc nginx
Restart=always
#Restart=always
OOMScoreAdjust=-100
Binary file removed docker-entrypoint-initdb.d/dump.sql.gz
View file
Binary file not shown.
7 changes: 7 additions & 0 deletions www/etc/nginx/10-point.im.conf
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
server {
listen [::]:80 ipv6only=on;
listen *:80;
server_name point.im *.point.im;
rewrite ^/(.*)$ https://$host/$1 permanent;
}
server {
listen [::]:443 ipv6only=on ssl;
listen *:443 ssl;
#listen [2a01:4f8:161:9402::2]:443;
Expand All @@ -14,6 +18,9 @@ server {
ssl_prefer_server_ciphers on;
ssl_session_tickets on;


add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

#add_header X-Frame-Options DENY;

#real_ip_header X-Forwarded-For;
Expand Down
16 changes: 14 additions & 2 deletions www/etc/nginx/www.conf
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,17 @@
server {
include conf.d/www.vars;
listen 80;
rewrite ^/(.*)$ https://$host/$1 permanent;
}
server {
include conf.d/www.vars;

#listen [::]:80 ipv6only=on;
listen 80;
# listen 80;
#listen [::]:443 ipv6only=on ssl;
listen 443 ssl;
# http2;
# ^ ломает тишкоклиент! Не включать пока тишка не починит. А то юзеры ноют.
#server_name *;

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
Expand All @@ -15,12 +22,17 @@ server {
ssl_prefer_server_ciphers on;
ssl_session_tickets on;

charset utf-8;
source_charset utf-8;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

location / {
proxy_pass http://www:8088;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 10m;
client_max_body_size 25m;

if ($http_user_agent ~* "Dalvik(.*?)" ) {
access_log off; return 403;
Expand Down

0 comments on commit 92b87fc

Please sign in to comment.