server configs: drop and redirect-HTTPS

2019-01-04 02:36:58 -07:00 · 2019-01-04 02:36:58 -07:00 · 2a556f4721
parent e7a41c03d1
commit 2a556f4721
2 changed files with 45 additions and 0 deletions
--- a/availableSites/catch-all_dropConnection.conf
+++ b/availableSites/catch-all_dropConnection.conf
@ -0,0 +1,29 @@
+#######
+### NGINX server configuration
+### Drop all connections that do not match configured servers
+#######
+
+# Drop connections over HTTP by default
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    # have nginx silently drop the connection
+    return 444;
+}
+
+# Drop connections over HTTPS by default
+# This could only happen after user proceeds past certificate mismatch warning
+# or if using a wildcard certificate where obviously not all possible hosts
+# could be configured.
+# Respond with default certificates then drop connection
+server {
+    listen 443 default_server ssl http2;
+    listen [::]:443 default_server ssl http2;
+
+    # SSL certificates for this server
+    include /etc/nginx/snippets/ssl/ssl_certs.conf;
+
+    # have nginx silently drop the connection
+    return 444;
+}
--- a/availableSites/redirectHTTPS.conf
+++ b/availableSites/redirectHTTPS.conf
@ -0,0 +1,16 @@
+#######
+### NGINX server configuration
+### Redirect to secure connection
+#######
+
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name server.domain.tld
+        subdomain.server.domain.tld
+        subdomain2.server.domain.tld;
+
+    # redirect to properly formed HTTPS request
+    return 301 https://$host$request_uri;
+}