first commit

dockers/proxy/todo-ssl

@@ -0,0 +1,68 @@
+Exemple pour nginx en ssl
+
+server {
+listen 80;
+listen [::]:80;
+
+server_name your_domain www.your_domain;
+
+location ~ /.well-known/acme-challenge {
+allow all;
+root /var/www/html;
+}
+
+location / {
+rewrite ^ https://$host$request_uri? permanent;
+}
+}
+server {
+listen 443 ssl;
+listen [::]:443 ssl;
+server_name your_domain www.your_domain;
+
+index index.php index.html index.htm;
+
+root /var/www/html;
+
+server_tokens off;
+
+ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem;
+ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem;
+
+add_header X-Frame-Options "SAMEORIGIN" always;
+add_header X-XSS-Protection "1; mode=block" always;
+add_header X-Content-Type-Options "nosniff" always;
+add_header Referrer-Policy "no-referrer-when-downgrade" always;
+add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
+
+<location / {
+try_files $uri $uri/ /index.php$is_args$args;
+}
+
+rewrite ^/core/authorize.php/core/authorize.php(.*)$ /core/authorize.php$1;
+
+location ~ \.php$ {
+try_files $uri =404;
+fastcgi_split_path_info ^(.+\.php)(/.+)$;
+fastcgi_pass drupal:9000;
+fastcgi_index index.php;
+include fastcgi_params;
+fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+fastcgi_param PATH_INFO $fastcgi_path_info;
+}
+
+location ~ /\.ht {
+deny all;
+}
+
+location = /favicon.ico {
+log_not_found off; access_log off;
+}
+location = /robots.txt {
+log_not_found off; access_log off; allow all;
+}
+location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
+expires max;
+log_not_found off;
+}
+}