Add ajour-sync.cyb.no to nginx-front

nginx-front/nginx/conf.d/ajour-sync.conf

@@ -0,0 +1,38 @@
+# See https://github.com/cybernetisk/okotools/tree/master/ajour-sync/server
+
+server {
+    listen 443 ssl;
+    server_name ajour-sync.cyb.no;
+
+    ssl_certificate /opt/letsencrypt.sh/certs/ajour-sync.cyb.no/fullchain.pem;
+    ssl_certificate_key /opt/letsencrypt.sh/certs/ajour-sync.cyb.no/privkey.pem;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_dhparam /etc/ssl/certs/dhparam.pem;
+
+    # enable HSTS
+    add_header Strict-Transport-Security 'max-age=31536000';
+
+    location /.well-known/acme-challenge {
+        alias /var/www/letsencrypt;
+    }
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+
+        proxy_redirect off;
+        proxy_pass http://cyb-ajour-sync-server:8000$request_uri;
+    }
+}
+
+server {
+    listen 80;
+    server_name ajour-sync.cyb.no;
+    return 301 https://ajour-sync.cyb.no$request_uri;
+}