Add https of doc.r-l.o

znz · znz · commit 1c8f8e324f76 · 2020-02-18T21:08:13.000+09:00
diff --git a/conf/docs.ruby-lang.org b/conf/docs.ruby-lang.org
@@ -112,3 +112,35 @@
         add_header Cache-Control "public, max-age=3600, s-maxage=172800, stale-while-revalidate=86400, stale-if-error=60";
         add_header Surrogate-Key "rurema-search-app";
     }
+
+    server {
+        listen 443 ssl http2;
+        listen [::]:443 ssl http2;
+
+        server_name doc.ruby-lang.org;
+
+        ssl on;
+        ssl_certificate /etc/letsencrypt/live/doc.ruby-lang.org/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/doc.ruby-lang.org/privkey.pem;
+        ssl_session_timeout 1d;
+        ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
+        ssl_session_tickets off;
+
+        ssl_dhparam /etc/nginx/dhparam.pem;
+
+        # intermediate configuration
+        ssl_protocols TLSv1.2;
+        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+        ssl_prefer_server_ciphers off;
+
+        # OCSP stapling
+        ssl_stapling on;
+        ssl_stapling_verify on;
+
+        # verify chain of trust of OCSP response using Root CA and Intermediate certs
+        ssl_trusted_certificate /etc/letsencrypt/live/doc.ruby-lang.org/chain.pem;
+
+        resolver 8.8.8.8;
+
+        return 301 https://docs.ruby-lang.org$request_uri;
+    }
