server {
listen 80;
+ listen [::]:80;
server_name <%= @name %> a.<%= @name %> b.<%= @name %> c.<%= @name %><% @aliases.each do |alias_name| %> <%= alias_name %> a.<%= alias_name %> b.<%= alias_name %> c.<%= alias_name %><%- end -%>;
rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent;
server {
listen 443 ssl http2;
+ listen [::]:443 ssl http2;
server_name <%= @name %> a.<%= @name %> b.<%= @name %> c.<%= @name %><% @aliases.each do |alias_name| %> <%= alias_name %> a.<%= alias_name %> b.<%= alias_name %> c.<%= alias_name %><%- end -%>;
ssl_certificate /etc/ssl/certs/<%= @name %>.pem;
add_header Strict-Transport-Security "<%= node[:ssl][:strict_transport_security] %>" always;
<% end -%>
- # CSP report only policy
- add_header Content-Security-Policy-Report-Only "default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://openstreetmap.report-uri.com/r/d/csp/wizard";
- # Add NEL reporting
- add_header Report-To "{\"group\":\"default\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://openstreetmap.report-uri.com/a/d/g\"}],\"include_subdomains\":true}";
- add_header NEL "{\"report_to\":\"default\",\"max_age\":604800,\"include_subdomains\":true}";
-
# Requests sent within early data are subject to replay attacks.
# See: http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
ssl_early_data on;
projects / chef.git / blobdiff