|
|
@ -92,6 +92,7 @@ server { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
server { |
|
|
|
server_name __DOMAIN__ www.__DOMAIN__; |
|
|
|
include includes/port; |
|
|
@ -99,13 +100,6 @@ server { |
|
|
|
ssl_certificate_key /etc/letsencrypt/live/www.__DOMAIN__/privkey.pem; |
|
|
|
include includes/proxy_params; |
|
|
|
|
|
|
|
# ssl_protocols TLSv1.2 TLSv1.3; |
|
|
|
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; |
|
|
|
# ssl_prefer_server_ciphers off; |
|
|
|
# ssl_stapling on; |
|
|
|
# ssl_stapling_verify on; |
|
|
|
# ssl_trusted_certificate /etc/letsencrypt/live/__DOMAIN__/fullchain.pem; |
|
|
|
|
|
|
|
include includes/allow_ip; |
|
|
|
# XXX >>> |
|
|
|
# A concerver jusqu'en juin 2021 |
|
|
@ -223,8 +217,6 @@ server { |
|
|
|
{{framadate |
|
|
|
server { |
|
|
|
server_name __DATE_HOST__.__DOMAIN__; |
|
|
|
# pb nom en dur |
|
|
|
server_name kazdate.__DOMAIN__; |
|
|
|
include includes/port; |
|
|
|
ssl_certificate /etc/letsencrypt/live/__DOMAIN__/fullchain.pem; |
|
|
|
ssl_certificate_key /etc/letsencrypt/live/__DOMAIN__/privkey.pem; |
|
|
@ -290,14 +282,6 @@ server { |
|
|
|
# mais c'est pas grave pour nous. Il n'y a pas de domaine kazXbzh à la racine du NIC |
|
|
|
server_name ~^(?<asso>.+)-__PAHEKO_HOST__\.__DOMAIN__$; |
|
|
|
|
|
|
|
# # capture des domaines extérieurs vers des paheko locaux |
|
|
|
# include includes/paheko_kaz_name; |
|
|
|
|
|
|
|
# if ($asso = '') { |
|
|
|
# set $asso $paheko_kaz_map; |
|
|
|
# # XXX a tester |
|
|
|
# #set $http_host $asso; |
|
|
|
# } |
|
|
|
include includes/port; |
|
|
|
ssl_certificate /etc/letsencrypt/live/$ssl_local_cert/fullchain.pem; |
|
|
|
ssl_certificate_key /etc/letsencrypt/live/$ssl_local_cert/privkey.pem; |
|
|
|