Implement Auth0, + templates.

2025-06-04 16:09:53 +03:00
parent 735f419cd7
commit 2fbc789724
10 changed files with 943 additions and 101 deletions
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -1,6 +1,14 @@
-events {}
+events {
+    worker_connections 1024;
+}

 http {
+    proxy_buffer_size          16k;
+    proxy_buffers             4 16k;
+    proxy_busy_buffers_size   16k;
+
+    large_client_header_buffers 4 16k;
+
    upstream webapi {
        server webapi:8080;
    }
@@ -11,6 +19,24 @@ http {

    server {
        listen 80;
+        server_name impr.ink;
+        return 301 https://$server_name$request_uri;
+    }
+
+    server {
+        listen 443 ssl http2;
+        server_name impr.ink;
+
+        ssl_certificate /etc/ssl/certs/impr.ink.crt;
+        ssl_certificate_key /etc/ssl/private/impr.ink.key;
+
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
+        ssl_prefer_server_ciphers off;
+
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+        add_header X-Frame-Options DENY always;
+        add_header X-Content-Type-Options nosniff always;

        location /api/ {
            proxy_pass         http://webapi/;