2025-01-27 19:27:24 +01:00
3 changed files with 192 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -40,6 +40,10 @@ The following settings are required to be adapted:
 - `DJANGO_SECRET_KEY`: Provide a secret, and randomly generated key. Do not share this with anybody!
 - `DJANGO_ALLOWED_HOST`: Set this to the domain, the application will be reached at. E.g: `lab.example.com`
 - `DJANGO_MEDIA_URL`: Set this to the media URL at which your webserver serves the `DJANGO_MEDIA_VOL` diretory. E.g: `media.lab.example.com/` Note the **slash at the end**. It is important.
 - `DJANGO_USER_ID`: The user ID to run the application inside the docker container. This is the user id, that is used to write the to `DJANGO_STATIC_VOL` and `DJANGO_MEDIA_VOL`. Make sure the user has access.
 - `DJANGO_USER_GID`: The group ID to run the application inside the docker container. This is the group id, that is used to write the to `DJANGO_STATIC_VOL` and `DJANGO_MEDIA_VOL`.
 > Note: It is not recommended to run the docker container without a set `DJANGO_USER_ID` and `DJANGO_USER_GID`. It will default to `0 (root)`.
 Once the environment is set up, the docker containers can be built and started. Run
 ```
@@ -96,18 +100,18 @@ server {
 # Reverse Proxy for application
 server {
-   listen       443 ssl;
+        listen       443 ssl;
-   listen       [::]:443 ssl;
+        listen       [::]:443 ssl;
-   http2        on;
+        http2        on;
   # Add this for HTTP3. If your nginx is older than 2.25 this might not be available
 ######################################################################################
-   # listen       443 quic reuseport;
+        # listen       443 quic reuseport;
-   # listen       [::]:443 quic reuseport;
+        # listen       [::]:443 quic reuseport;
-   # Enable QUIC and HTTP/3
+        # Enable QUIC and HTTP/3
-   # ssl_early_data on;
+        # ssl_early_data on;
-   # add_header Alt-Svc 'h3=":443"; ma=86400';
+        # add_header Alt-Svc 'h3=":443"; ma=86400';
 #######################################################################################
    server_name  lab.example.com; # Adapt domain
@@ -146,7 +150,7 @@ server {
 server {
        listen       443 ssl;
        listen       [::]:443 ssl;
-   # Add this for HTTP3. If your nginx is older than 2.25 this might not be available
+        # Add this for HTTP3. If your nginx is older than 2.25 this might not be available
 ######################################################################################
        # listen       443 quic reuseport;
        # listen       [::]:443 quic reuseport;
@@ -158,15 +162,15 @@ server {
        server_name  media.lab.example.com; # Adapt according to DJANGO_MEDIA_URL
-    # Use letsencrypt as SSL certificate provider. 
+        # Use letsencrypt as SSL certificate provider. 
-    ssl_certificate      /etc/letsencrypt/live/media.lab.example.com/fullchain.pem;
+        ssl_certificate      /etc/letsencrypt/live/media.lab.example.com/fullchain.pem;
-    ssl_certificate_key  /etc/letsencrypt/live/media.lab.example.com/privkey.pem;
+        ssl_certificate_key  /etc/letsencrypt/live/media.lab.example.com/privkey.pem;
-    ssl_protocols TLSv1.3;
+        ssl_protocols TLSv1.3;
-    ssl_prefer_server_ciphers on;
+        ssl_prefer_server_ciphers on;
-    ssl_session_cache    shared:SSL:1m;
+        ssl_session_cache    shared:SSL:1m;
-    ssl_session_timeout  5m;
+        ssl_ession_timeout  5m;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        error_page 502 /lab_down.html;