You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23 lines
733 B
23 lines
733 B
5 years ago
|
$HTTP["host"] == "{{ fqdn }}" {
|
||
|
|
# Ensure the Pi-hole Block Page knows that this is not a blocked domain
|
||
|
|
setenv.add-environment = ("fqdn" => "true")
|
||
|
|
|
||
|
|
# Enable the SSL engine with a LE cert, only for this specific host
|
||
|
|
$SERVER["socket"] == ":443" {
|
||
|
|
ssl.engine = "enable"
|
||
|
|
ssl.pemfile = "/etc/letsencrypt/live/{{ fqdn }}/combined.pem"
|
||
|
|
ssl.ca-file = "/etc/letsencrypt/live/{{ fqdn }}/fullchain.pem"
|
||
|
|
ssl.honor-cipher-order = "enable"
|
||
|
|
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
|
||
|
|
ssl.use-sslv2 = "disable"
|
||
|
|
ssl.use-sslv3 = "disable"
|
||
|
|
}
|
||
|
|
|
||
|
|
# Redirect HTTP to HTTPS
|
||
|
|
$HTTP["scheme"] == "http" {
|
||
|
|
$HTTP["host"] =~ ".*" {
|
||
|
|
url.redirect = (".*" => "https://%0$0")
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|