diff --git a/nextcloud/README.md b/nextcloud/README.md index 60df49c..73bee81 100644 --- a/nextcloud/README.md +++ b/nextcloud/README.md @@ -20,6 +20,7 @@ nginx: image: nginx:alpine volumes: - ./nginx.conf:/etc/nginx/conf.d/default.conf + - ./ssl:/etc/nginx/ssl volumes_from: - nextcloud net: host diff --git a/nextcloud/docker-compose.yml b/nextcloud/docker-compose.yml index 42d0c97..9164d65 100644 --- a/nextcloud/docker-compose.yml +++ b/nextcloud/docker-compose.yml @@ -12,6 +12,7 @@ nginx: image: nginx:alpine volumes: - ./nginx.conf:/etc/nginx/conf.d/default.conf + - ./ssl:/etc/nginx/ssl volumes_from: - nextcloud net: host diff --git a/nextcloud/nginx.conf b/nextcloud/nginx.conf index 72815e8..4a28545 100644 --- a/nextcloud/nginx.conf +++ b/nextcloud/nginx.conf @@ -1,6 +1,21 @@ server { listen 80; server_name cloud.easypi.info; + location / { + return 301 https://$server_name$request_uri; + } +} + +server { + listen 443 ssl; + server_name cloud.easypi.info; + + ssl_certificate /etc/nginx/ssl/nextcloud.crt; + ssl_certificate_key /etc/nginx/ssl/nextcloud.key; + ssl_session_timeout 5m; + ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL'; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; @@ -49,7 +64,7 @@ server { include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param HTTPS off; + fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice fastcgi_pass 127.0.0.1:9000; fastcgi_intercept_errors on; diff --git a/nextcloud/ssl/nextcloud.crt b/nextcloud/ssl/nextcloud.crt new file mode 100644 index 0000000..e69de29 diff --git a/nextcloud/ssl/nextcloud.key b/nextcloud/ssl/nextcloud.key new file mode 100644 index 0000000..e69de29