relayd.conf (1184B)
1 ipv4="152.53.196.107" 2 ipv6="2a03:4000:0:170d::1" 3 table <httpd> { 127.0.0.1 } 4 http protocol https { 5 tls { no tlsv1.0, tlsv1.1, ciphers "ECDHE+AESGCM:ECDHE+CHACHA20:!aNULL:!MD5:!DSS" } 6 tls keypair "s2.dalliard.ch" 7 tls keypair "bitcoinwallis.ch" 8 tls keypair "bibeltreu.com" 9 tls keypair "die-maltherapie.ch" 10 tls keypair "die-sexualberatung.ch" 11 12 match response header set "Strict-Transport-Security" \ 13 value "max-age=63072000; includeSubDomains" 14 match response header set "X-Content-Type-Options" value "nosniff" 15 match response header set "X-Frame-Options" value "deny" 16 match response header set "Referrer-Policy" value "no-referrer" 17 match response header set "Content-Security-Policy" value \ 18 "default-src 'self'; base-uri 'none'; img-src 'self' data:; form-action 'none'; frame-ancestors 'none'" 19 20 match request path "/*.css" tag "static" 21 match response tagged "static" header set "Cache-Control" value "public, max-age=31536000, immutable" 22 23 pass request forward to <httpd> 24 } 25 relay wwwtls4 { 26 listen on $ipv4 port https tls 27 protocol https 28 forward to <httpd> port https 29 } 30 relay wwwtls6 { 31 listen on $ipv6 port https tls 32 protocol https 33 forward to <httpd> port https 34 }