Code: |
# Redirect default http to https server { listen 80 default_server; listen [::]:80 default_server; # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response. return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name taniere-va.ddns.net; # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate ssl_certificate Moncertificat.pem; ssl_certificate_key maClefPrivee.pem; ssl_session_tickets off; ssl_session_cache shared:le_nginx_SSL:1m; ssl_session_timeout 1440m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-EC DSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-A ES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA -DES-CBC3-SHA"; # # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits ssl_dhparam /etc/nginx/ssl/dhparams.pem; # Add headers to serve security related headers # Before enabling Strict-Transport-Security headers please read into this # topic first. #add_header Strict-Transport-Security "max-age=15768000; # includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; root /usr/share/nginx/html; # ============================================================ # NextCLoud # ============================================================ location /nextcloud/ { add_header Strict-Transport-Security "max-age=15768000; preload"; gzip off; rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; rewrite ^/apps/calendar/caldav.php /remote.php/caldav/ last; rewrite ^/apps/contacts/carddav.php /remote.php/carddav/ last; rewrite ^/remote/(.*) /remote.php last; rewrite ^/.well-known/host-meta /public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; try_files $uri $uri/ /index.php$is_args$args; error_page 403 = /core/templates/403.php; error_page 404 = /core/templates/404.php; location ~ ^/(data|config|\.ht|db_structure\.xml|README) { deny all; } location ~ ^(.+?\.php)(/.*)?$ { try_files $1 =404; include fastcgi_params; # fastcgi_pass_header Authorization fastcgi_param SCRIPT_FILENAME $document_root$1; fastcgi_param PATH_INFO $2; fastcgi_param HTTPS $https; fastcgi_pass unix:/run/php-fpm/php-fpm.sock; # specific to Arch fastcgi_intercept_errors on; fastcgi_index index.php; fastcgi_buffers 64 4K; } location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { expires 30d; access_log off; } } # ============================================================ |
Code: |
<?php $CONFIG = array ( 'instanceid' => '', 'passwordsalt' => '', 'secret' => '', 'trusted_domains' => '', 'datadirectory' => 'mydataDir', 'overwritehost' => 'taniere-va.ddns.net', 'overwrite.cli.url' => 'https://taniere-va.ddns.net/nextcloud', 'dbtype' => 'mysql', 'version' => '9.1.1.5', 'dbname' => 'nextcloud', 'dbhost' => 'localhost', 'dbport' => '', 'dbtableprefix' => 'oc_', 'dbuser' => '', 'dbpassword' => '', 'logtimezone' => 'UTC', 'installed' => true, 'memcache.local' => '\\OC\\Memcache\\APCu', 'mail_domain' => '', 'mail_smtpmode' => '', 'mail_from_address' => '', 'loglevel' => 0, 'maintenance' => false, 'mail_smtpauth' => 1, 'mail_smtpauthtype' => 'PLAIN', 'mail_smtphost' => '', 'mail_smtpsecure' => '', 'mail_smtpport' => '', 'mail_smtpname' => '', 'mail_smtppassword' => '', ); Voilà, bon courage ! |
noursferoce a écrit: |
J'arrive à me connecter à ton site en https à la condition que j'ajoute une exception pour le certificat.
J'aurai tendance à penser que ta config est correcte, mais que ton problème vient du fait que ton certificat n'est pas enregistré en donc pas reconnu par le navigateur. - Tu utilises quoi comme certificat ? S'il est auto-signé je pense que c'est ton soucis - Tu testes avec quel navigateur ? Avec firefox il est possible d'ajouter un exceptions pour passer outre un certificat non reconnus (ce que je viens de faire). Mais je sais que Chromium par exemple refuse de passer outre et renvois une erreur àlacow. |
Sujets similaires |
|||||
Sujet | Auteur | Forum | Réponses | Posté le | |
---|---|---|---|---|---|
RDS depuis un mac sans Windows Remote desktop | gautierS | Questions diverses... | 11 | 24 avril 2024 à 17:45 | |
[NGINX] renforcement de la securité et exclusions. | Comias | NAS | 11 | 09 février 2024 à 12:49 | |
Probleme wifi depuis instalation win10 | BINGO | Questions diverses... | 0 | 31 janvier 2024 à 10:34 | |
Test alimentation CHIEFTEC POLARIS 3.0 : Accessible, mais... | mantidor | Alimentations | 0 | 19 juin 2023 à 13:18 | |
soucis jeu depuis installation amd software | Mauny | GameLand | 8 | 19 octobre 2022 à 18:06 |