diff --git a/nginx-rp/nginx.conf b/nginx-rp/nginx.conf index 1ba27dc..439cf65 100644 --- a/nginx-rp/nginx.conf +++ b/nginx-rp/nginx.conf @@ -46,7 +46,7 @@ http { # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam ssl_dhparam /etc/nginx/dhparam.txt; - ssl_prefer_server_ciphers off; + ssl_prefer_server_ciphers off; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; @@ -68,7 +68,7 @@ http { resolver 185.12.64.12 [a01:4ff:ff00::add:2] [2a01:4ff:ff00::add:1]; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header X-Robots-Tag "noindex, nofollow" always; add_header Set-Cookie "Path=/; HttpOnly; Secure"; diff --git a/nginx-rp/reverse-proxy.conf b/nginx-rp/reverse-proxy.conf index 3ae1354..db4ad1c 100644 --- a/nginx-rp/reverse-proxy.conf +++ b/nginx-rp/reverse-proxy.conf @@ -51,9 +51,9 @@ server { # Vaultwarden upstream vaultwarden-default { - zone vaultwarden-default 64k; - server localhost:8081; - keepalive 2; + zone vaultwarden-default 64k; + server localhost:8081; + keepalive 2; } server { listen 443 ssl http2; @@ -150,6 +150,23 @@ server { +# Collabora +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name collabora.viyurz.fr; + + location / { + proxy_pass http://localhost:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_read_timeout 36000s; + } +} + + + # Homepage server { listen 443 ssl http2; @@ -175,7 +192,7 @@ server { default_type application/json; return 200 '{ "m.server": "matrix.viyurz.fr:443" }'; } - + location ~ ^/.well-known/matrix/client$ { default_type application/json; add_header Access-Control-Allow-Origin '*'; @@ -184,7 +201,7 @@ server { return 200 '{ "m.homeserver": { "base_url": "https://matrix.viyurz.fr" } }'; } - location / { + location / { return 308 https://www.viyurz.fr$request_uri; } }