add whole nginx config

author: Florian Dold <florian.dold@gmail.com> 2016-03-01 23:28:27 +0100
committer: Florian Dold <florian.dold@gmail.com> 2016-03-01 23:28:27 +0100
commit: b03a3623188e2f7e32ca226877f6f4a28d4471db (patch)
tree: e73c13da151657b1d19ccd04305615c7f5de4b92 /etc/nginx/sites-enabled
parent: 34dd2a1d412b77fa0bc8cde77fe579aef63455aa (diff)
download: deployment-b03a3623188e2f7e32ca226877f6f4a28d4471db.tar.gz
deployment-b03a3623188e2f7e32ca226877f6f4a28d4471db.tar.bz2
deployment-b03a3623188e2f7e32ca226877f6f4a28d4471db.zip
43 files changed, 1198 insertions, 0 deletions
diff --git a/etc/nginx/sites-enabled/api-ssl.site b/etc/nginx/sites-enabled/api-ssl.site
new file mode 100644
index 0000000..853a108
--- /dev/null
+++ b/etc/nginx/sites-enabled/api-ssl.site
@@ -0,0 +1,26 @@
+server {
+	listen   443 ssl; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /var/www/api.taler.net/_build/html;
+
+	# Make site accessible from http://localhost/
+	server_name api.taler.net;
+	server_name www.api.taler.net;
+
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+
+	location / {
+	    autoindex off;
+	    ssi on;
+#	    ssi_last_modified on;
+	}
+}
diff --git a/etc/nginx/sites-enabled/api.site b/etc/nginx/sites-enabled/api.site
new file mode 100644
index 0000000..1ca56bd
--- /dev/null
+++ b/etc/nginx/sites-enabled/api.site
@@ -0,0 +1,16 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /var/www/api.taler.net/_build/html;
+
+	# Make site accessible from http://localhost/
+	server_name api.taler.net;
+	server_name www.api.taler.net;
+
+	location / {
+	    autoindex off;
+	    ssi on;
+#	    ssi_last_modified on;
+	}
+}
diff --git a/etc/nginx/sites-enabled/bank-demo-ssl.site b/etc/nginx/sites-enabled/bank-demo-ssl.site
new file mode 100644
index 0000000..e682d08
--- /dev/null
+++ b/etc/nginx/sites-enabled/bank-demo-ssl.site
@@ -0,0 +1,28 @@
+server {
+	listen   443 ssl; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /home/demo/bank/website;
+        index index.php;
+
+	# Make site accessible from http://localhost/
+	server_name bank.demo.taler.net;
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+
+        location ~ \.php$ {
+            fastcgi_pass unix:/var/run/php5-fpm.sock;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include fastcgi_params;
+        }
+
+	rewrite ^/shop $scheme://shop.demo.taler.net/ redirect;
+
+}
diff --git a/etc/nginx/sites-enabled/bank-demo.site b/etc/nginx/sites-enabled/bank-demo.site
new file mode 100644
index 0000000..12781ab
--- /dev/null
+++ b/etc/nginx/sites-enabled/bank-demo.site
@@ -0,0 +1,31 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /home/demo/bank/website;
+        index index.php;
+
+	# Make site accessible from http://localhost/
+	server_name bank.demo.taler.net;
+
+        location ~ \.php$ {
+            fastcgi_pass unix:/var/run/php5-fpm.sock;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include fastcgi_params;
+        }
+
+# To be uncommented when testing Django bank
+#        location ~ ^/auth/static  {
+#            root /home/demo/bank/TalerBank/Bank/templates;
+#            rewrite /auth/static/(.*) /$1 break;
+#        }
+#
+#	# Reach Django
+#	location ~ ^/(auth|admin) {
+#		uwsgi_pass  django;
+#		include     /home/demo/bank/TalerBank/uwsgi_params;
+#	}
+
+	rewrite ^/shop $scheme://shop.demo.taler.net/ redirect;
+
+}
diff --git a/etc/nginx/sites-enabled/bank-test-ssl.site b/etc/nginx/sites-enabled/bank-test-ssl.site
new file mode 100644
index 0000000..5975adc
--- /dev/null
+++ b/etc/nginx/sites-enabled/bank-test-ssl.site
@@ -0,0 +1,28 @@
+server {
+	listen   443 ssl; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /home/test/bank/website;
+        index index.php;
+
+	# Make site accessible from http://localhost/
+	server_name bank.test.taler.net;
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+
+        location ~ \.php$ {
+            fastcgi_pass unix:/var/run/php5-fpm.sock;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include fastcgi_params;
+        }
+
+	rewrite ^/shop $scheme://shop.test.taler.net/ redirect;
+	rewrite ^/mint $scheme://mint.demo.taler.net/ redirect;
+}
diff --git a/etc/nginx/sites-enabled/bank-test.site b/etc/nginx/sites-enabled/bank-test.site
new file mode 100644
index 0000000..2664780
--- /dev/null
+++ b/etc/nginx/sites-enabled/bank-test.site
@@ -0,0 +1,37 @@
+upstream django {
+	server 127.0.0.1:8000;
+}
+
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /home/test/bank/website;
+        index index.php;
+
+	# Make site accessible from http://localhost/
+	server_name bank.test.taler.net;
+
+        location ~ \.php$ {
+            fastcgi_pass unix:/var/run/php5-fpm.sock;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include fastcgi_params;
+        }
+
+        location ~ ^/auth/static  {
+            rewrite /auth/static/(.*) /static/$1 break;
+            uwsgi_pass  django;
+            include /home/test/bank/TalerBank/uwsgi_params;
+
+        }
+
+	# Reach Django
+	location ~ ^/(auth|admin|static) {
+		uwsgi_pass  django;
+		include     /home/test/bank/TalerBank/uwsgi_params;
+	}
+
+	rewrite ^/shop$ $scheme://shop.test.taler.net/ redirect;
+	rewrite ^/mint$ $scheme://mint.demo.taler.net/ redirect;
+	rewrite ^/mint/(.*)$ $scheme://mint.demo.taler.net/$1 redirect;
+}
diff --git a/etc/nginx/sites-enabled/blog-demo-ssl.site b/etc/nginx/sites-enabled/blog-demo-ssl.site
new file mode 100644
index 0000000..447b295
--- /dev/null
+++ b/etc/nginx/sites-enabled/blog-demo-ssl.site
@@ -0,0 +1,50 @@
+server {
+	#listen 80;
+	listen 443 ssl; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	server_name blog.demo.taler.net;
+
+	root /home/demo/merchant/examples/blog/;
+        index index.html;
+
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+
+	# Make site accessible from http://localhost/
+
+	location / {
+            try_files $uri $uri/ =404;
+            rewrite /taler/pay /pay.php;
+            rewrite /taler/contract /generate_taler_contract.php;
+	}
+
+	location /fullfillment {
+            rewrite /(.*) /$1.php;	
+	}
+
+        location /articles {
+
+            internal;
+        }
+
+	location ~ \.php$ {
+        	fastcgi_pass unix:/var/run/php5-fpm.sock;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+                include fastcgi_params;
+        }
+
+       	location /backend {
+                rewrite /backend/(.*) /$1 break;
+	        proxy_pass http://127.0.0.1:19966;
+	        proxy_redirect off;
+	        proxy_set_header Host $host;
+	}
+}
diff --git a/etc/nginx/sites-enabled/blog-demo.site b/etc/nginx/sites-enabled/blog-demo.site
new file mode 100644
index 0000000..e28303a
--- /dev/null
+++ b/etc/nginx/sites-enabled/blog-demo.site
@@ -0,0 +1,43 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	server_name blog.demo.taler.net;
+
+	root /home/demo/merchant/examples/blog;
+        index index.html;
+
+	# Make site accessible from http://localhost/
+
+	location / {
+            try_files $uri $uri/ =404;
+            rewrite /taler/pay /pay.php;
+            rewrite /taler/contract /generate_taler_contract.php;
+	
+	}
+
+	location /fullfillment {
+            rewrite /(.*) /$1.php;
+	
+	}
+        
+        location /articles {
+
+            internal;
+        }
+
+	location ~ \.php$ {
+
+        	fastcgi_pass unix:/var/run/php5-fpm.sock;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+                include fastcgi_params;
+	
+        }
+
+       	location /backend {
+                rewrite /backend/(.*) /$1 break;
+	        proxy_pass http://127.0.0.1:9966;
+	        proxy_redirect off;
+	        proxy_set_header Host $host;
+	}
+}
diff --git a/etc/nginx/sites-enabled/blog-test-ssl.site b/etc/nginx/sites-enabled/blog-test-ssl.site
new file mode 100644
index 0000000..c3d84f2
--- /dev/null
+++ b/etc/nginx/sites-enabled/blog-test-ssl.site
@@ -0,0 +1,49 @@
+server {
+	listen   443 ssl; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	server_name blog.test.taler.net;
+
+	root /home/test/merchant/examples/blog/;
+        index index.html;
+
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+
+	# Make site accessible from http://localhost/
+
+	location / {
+            try_files $uri $uri/ =404;
+            rewrite /taler/pay /pay.php;
+            rewrite /taler/contract /generate_taler_contract.php;
+	}
+
+	location /fullfillment {
+            rewrite /(.*) /$1.php;	
+	}
+
+        location /articles {
+
+            internal;
+        }
+
+	location ~ \.php$ {
+        	fastcgi_pass unix:/var/run/php5-fpm.sock;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+                include fastcgi_params;
+        }
+
+       	location /backend {
+                rewrite /backend/(.*) /$1 break;
+	        proxy_pass http://127.0.0.1:19966;
+	        proxy_redirect off;
+	        proxy_set_header Host $host;
+	}
+}
diff --git a/etc/nginx/sites-enabled/blog-test.site b/etc/nginx/sites-enabled/blog-test.site
new file mode 100644
index 0000000..2937763
--- /dev/null
+++ b/etc/nginx/sites-enabled/blog-test.site
@@ -0,0 +1,43 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	server_name blog.test.taler.net;
+
+	root /home/test/merchant/examples/blog;
+        index index.html;
+
+	# Make site accessible from http://localhost/
+
+	location / {
+            try_files $uri $uri/ =404;
+            rewrite /taler/pay /pay.php;
+            rewrite /taler/contract /generate_taler_contract.php;
+	
+	}
+
+	location /fullfillment {
+            rewrite /(.*) /$1.php;
+	
+	}
+        
+        location /articles {
+
+            internal;
+        }
+
+	location ~ \.php$ {
+
+        	fastcgi_pass unix:/var/run/php5-fpm.sock;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+                include fastcgi_params;
+	
+        }
+
+       	location /backend {
+                rewrite /backend/(.*) /$1 break;
+	        proxy_pass http://127.0.0.1:19966;
+	        proxy_redirect off;
+	        proxy_set_header Host $host;
+	}
+}
diff --git a/etc/nginx/sites-enabled/buildbot-ssl.site b/etc/nginx/sites-enabled/buildbot-ssl.site
new file mode 100644
index 0000000..cbbef7b
--- /dev/null
+++ b/etc/nginx/sites-enabled/buildbot-ssl.site
@@ -0,0 +1,25 @@
+server {
+	listen   443 ssl; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /var/www/buildbot/;
+
+	# Make site accessible from http://localhost/
+	server_name buildbot.taler.net;
+	server_name www.buildbot.taler.net;
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+
+	location / {
+	    proxy_pass http://localhost:1802;
+	    proxy_redirect off;
+	    proxy_set_header Host $host;
+	}
+}
diff --git a/etc/nginx/sites-enabled/buildbot.site b/etc/nginx/sites-enabled/buildbot.site
new file mode 100644
index 0000000..bec2149
--- /dev/null
+++ b/etc/nginx/sites-enabled/buildbot.site
@@ -0,0 +1,16 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /var/www/buildbot/;
+
+	# Make site accessible from http://localhost/
+	server_name buildbot.taler.net;
+	server_name www.buildbot.taler.net;
+
+	location / {
+	    proxy_pass http://localhost:1802;
+	    proxy_redirect off;
+	    proxy_set_header Host $host;
+	}
+}
diff --git a/etc/nginx/sites-enabled/decentralise-ssl.site b/etc/nginx/sites-enabled/decentralise-ssl.site
new file mode 100644
index 0000000..952986f
--- /dev/null
+++ b/etc/nginx/sites-enabled/decentralise-ssl.site
@@ -0,0 +1,21 @@
+server {
+	listen   443 ssl; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /var/www/decentralise;
+
+	# Make site accessible from http://localhost/
+	server_name www.decentralise.rennes.inria.fr;
+	server_name decentralise.rennes.inria.fr;
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+
+	rewrite / http://www.inria.fr/en/teams/decentralise redirect;
+}
diff --git a/etc/nginx/sites-enabled/decentralise.site b/etc/nginx/sites-enabled/decentralise.site
new file mode 100644
index 0000000..61c1976
--- /dev/null
+++ b/etc/nginx/sites-enabled/decentralise.site
@@ -0,0 +1,12 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /var/www/decentralise;
+
+	# Make site accessible from http://localhost/
+	server_name www.decentralise.rennes.inria.fr;
+	server_name decentralise.rennes.inria.fr;
+
+	rewrite / http://www.inria.fr/en/teams/decentralise redirect;
+}
diff --git a/etc/nginx/sites-enabled/demo-ssl.site b/etc/nginx/sites-enabled/demo-ssl.site
new file mode 100644
index 0000000..0b2b8da
--- /dev/null
+++ b/etc/nginx/sites-enabled/demo-ssl.site
@@ -0,0 +1,34 @@
+server {
+	listen   443 ssl; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /home/test/landing/;
+        index index.html;
+
+	# Make site accessible from http://localhost/
+	server_name demo.taler.net;
+	server_name www.demo.taler.net;
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+
+        location ~ \.php$ {
+            fastcgi_pass unix:/var/run/php5-fpm.sock;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include fastcgi_params;
+        }
+
+        location /extension {
+            root /home/demo/wallet/wallet_button/firefox_src/xpi/;
+            rewrite /extension /taler-wallet.xpi break;
+        }
+
+	rewrite ^/bank $scheme://bank.demo.taler.net/ redirect;
+	rewrite ^/shop $scheme://shop.demo.taler.net/ redirect;
+}
diff --git a/etc/nginx/sites-enabled/demo.site b/etc/nginx/sites-enabled/demo.site
new file mode 100644
index 0000000..f08f8cd
--- /dev/null
+++ b/etc/nginx/sites-enabled/demo.site
@@ -0,0 +1,20 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /home/demo/landing/;
+        index index.html;
+
+	# Make site accessible from http://localhost/
+	server_name demo.taler.net;
+	server_name www.demo.taler.net;
+
+	rewrite ^/bank $scheme://bank.demo.taler.net/ redirect;
+	rewrite ^/shop $scheme://shop.demo.taler.net/ redirect;
+
+        location ~ \.php$ {
+            fastcgi_pass unix:/var/run/php5-fpm.sock;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include fastcgi_params;
+        }
+}
diff --git a/etc/nginx/sites-enabled/drupal-demo-ssl.site b/etc/nginx/sites-enabled/drupal-demo-ssl.site
new file mode 100644
index 0000000..400020e
--- /dev/null
+++ b/etc/nginx/sites-enabled/drupal-demo-ssl.site
@@ -0,0 +1,49 @@
+server {
+	listen   443 ssl; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	server_name drupal.demo.taler.net;
+
+	root /home/demo/drupal-demo;
+
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+
+	# Make site accessible from http://localhost/
+
+#	location / {
+#            try_files $uri $uri/ =404;
+#            rewrite /taler/pay /pay.php;
+#            rewrite /taler/contract /generate_taler_contract.php;
+#	}
+
+#	location /fullfillment {
+#            rewrite /(.*) /$1.php;	
+#	}
+
+	location ~ \.php$ {
+		fastcgi_index index.php;
+        	fastcgi_pass unix:/var/run/php5-fpm.sock;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+                include fastcgi_params;
+        }
+
+#      	location /backend {
+#                rewrite /backend/(.*) /$1 break;
+#	        proxy_pass http://127.0.0.1:19966;
+#	        proxy_redirect off;
+#	        proxy_set_header Host $host;
+#	}
+
+	client_max_body_size 10M;
+	client_body_buffer_size 128k;
+
+	include apps/drupal/drupal.conf;
+}
diff --git a/etc/nginx/sites-enabled/drupal-demo.site b/etc/nginx/sites-enabled/drupal-demo.site
new file mode 100644
index 0000000..d91c3f7
--- /dev/null
+++ b/etc/nginx/sites-enabled/drupal-demo.site
@@ -0,0 +1,40 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	server_name drupal.demo.taler.net;
+
+	root /home/demo/drupal-demo;
+
+	# Make site accessible from http://localhost/
+
+#	location / {
+#            try_files $uri $uri/ =404;
+#            rewrite /taler/pay /pay.php;
+#            rewrite /taler/contract /generate_taler_contract.php;
+#	}
+
+#	location /fullfillment {
+#            rewrite /(.*) /$1.php;
+#	}
+        
+
+	location ~ \.php$ {
+		fastcgi_index index.php;
+        	fastcgi_pass unix:/var/run/php5-fpm.sock;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+                include fastcgi_params;
+        }
+
+#      	location /backend {
+#               rewrite /backend/(.*) /$1 break;
+#	        proxy_pass http://127.0.0.1:19966;
+#	        proxy_redirect off;
+#	        proxy_set_header Host $host;
+#	}
+
+	client_max_body_size 10M;
+	client_body_buffer_size 128k;
+
+	include apps/drupal/drupal.conf;
+}
diff --git a/etc/nginx/sites-enabled/exchange-demo-ssl.site b/etc/nginx/sites-enabled/exchange-demo-ssl.site
new file mode 100644
index 0000000..5761d4f
--- /dev/null
+++ b/etc/nginx/sites-enabled/exchange-demo-ssl.site
@@ -0,0 +1,25 @@
+server {
+	listen   443 ssl; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /dev/null;
+
+	server_name exchange.demo.taler.net;
+
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+
+	location / {
+	    proxy_pass http://localhost:4241;
+	    proxy_redirect off;
+	    proxy_set_header Host $host;
+	}
+
+}
diff --git a/etc/nginx/sites-enabled/exchange-demo.site b/etc/nginx/sites-enabled/exchange-demo.site
new file mode 100644
index 0000000..5e8f1b0
--- /dev/null
+++ b/etc/nginx/sites-enabled/exchange-demo.site
@@ -0,0 +1,15 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /dev/null;
+
+	server_name exchange.demo.taler.net;
+
+	location / {
+	    proxy_pass http://localhost:4241;
+	    proxy_redirect off;
+	    proxy_set_header Host $host;
+	}
+
+}
diff --git a/etc/nginx/sites-enabled/exchange-test-ssl.site b/etc/nginx/sites-enabled/exchange-test-ssl.site
new file mode 100644
index 0000000..029bce0
--- /dev/null
+++ b/etc/nginx/sites-enabled/exchange-test-ssl.site
@@ -0,0 +1,24 @@
+server {
+	listen   443 ssl; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /dev/null;
+
+	server_name exchange.test.taler.net;
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+
+	location / {
+	    proxy_pass http://localhost:14241;
+	    proxy_redirect off;
+	    proxy_set_header Host $host;
+	}
+
+}
diff --git a/etc/nginx/sites-enabled/exchange-test.site b/etc/nginx/sites-enabled/exchange-test.site
new file mode 100644
index 0000000..2841980
--- /dev/null
+++ b/etc/nginx/sites-enabled/exchange-test.site
@@ -0,0 +1,15 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /dev/null;
+
+	server_name exchange.test.taler.net;
+
+	location / {
+	    proxy_pass http://localhost:14241;
+	    proxy_redirect off;
+	    proxy_set_header Host $host;
+	}
+
+}
diff --git a/etc/nginx/sites-enabled/gauger-ssl.site b/etc/nginx/sites-enabled/gauger-ssl.site
new file mode 100644
index 0000000..42c40ef
--- /dev/null
+++ b/etc/nginx/sites-enabled/gauger-ssl.site
@@ -0,0 +1,25 @@
+server {
+	listen   443 ssl; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /var/www/gauger/;
+
+	# Make site accessible from http://localhost/
+	server_name gauger.taler.net;
+	server_name www.gauger.taler.net;
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+
+	location / {
+	    proxy_pass http://localhost:1801;
+	    proxy_redirect off;
+	    proxy_set_header Host $host;
+	}
+}
diff --git a/etc/nginx/sites-enabled/gauger.site b/etc/nginx/sites-enabled/gauger.site
new file mode 100644
index 0000000..63e0cdb
--- /dev/null
+++ b/etc/nginx/sites-enabled/gauger.site
@@ -0,0 +1,16 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /var/www/gauger/;
+
+	# Make site accessible from http://localhost/
+	server_name gauger.taler.net;
+	server_name www.gauger.taler.net;
+
+	location / {
+	    proxy_pass http://localhost:1801;
+	    proxy_redirect off;
+	    proxy_set_header Host $host;
+	}
+}
diff --git a/etc/nginx/sites-enabled/git-ssl.site b/etc/nginx/sites-enabled/git-ssl.site
new file mode 100644
index 0000000..3ea1af2
--- /dev/null
+++ b/etc/nginx/sites-enabled/git-ssl.site
@@ -0,0 +1,21 @@
+server {
+	listen   443 ssl; ## listen for ipv4; this line is default and implied
+	# listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /var/git;
+	# Make site accessible from http://localhost/
+	server_name git.taler.net;
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+
+	location / {
+	    autoindex off;
+	}
+}
diff --git a/etc/nginx/sites-enabled/git.site b/etc/nginx/sites-enabled/git.site
new file mode 100644
index 0000000..c194202
--- /dev/null
+++ b/etc/nginx/sites-enabled/git.site
@@ -0,0 +1,12 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+	# listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /var/git;
+	# Make site accessible from http://localhost/
+	server_name git.taler.net;
+
+	location / {
+	    autoindex off;
+	}
+}
diff --git a/etc/nginx/sites-enabled/lcov-ssl.site b/etc/nginx/sites-enabled/lcov-ssl.site
new file mode 100644
index 0000000..d85486e
--- /dev/null
+++ b/etc/nginx/sites-enabled/lcov-ssl.site
@@ -0,0 +1,25 @@
+server {
+	listen   443 ssl; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /var/www/lcov.taler.net/;
+
+	# Make site accessible from http://localhost/
+	server_name lcov.taler.net;
+	server_name www.lcov.taler.net;
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+
+	location / {
+	    autoindex off;
+	    ssi off;
+#	    ssi_last_modified on;
+	}
+}
diff --git a/etc/nginx/sites-enabled/lcov.site b/etc/nginx/sites-enabled/lcov.site
new file mode 100644
index 0000000..1ddfd83
--- /dev/null
+++ b/etc/nginx/sites-enabled/lcov.site
@@ -0,0 +1,16 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /var/www/lcov.taler.net/;
+
+	# Make site accessible from http://localhost/
+	server_name lcov.taler.net;
+	server_name www.lcov.taler.net;
+
+	location / {
+	    autoindex off;
+	    ssi off;
+#	    ssi_last_modified on;
+	}
+}
diff --git a/etc/nginx/sites-enabled/mint-demo-ssl.site b/etc/nginx/sites-enabled/mint-demo-ssl.site
new file mode 100644
index 0000000..8eeb3c5
--- /dev/null
+++ b/etc/nginx/sites-enabled/mint-demo-ssl.site
@@ -0,0 +1,24 @@
+server {
+	listen   443 ssl; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /dev/null;
+
+	server_name mint.demo.taler.net;
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+
+	location / {
+	    proxy_pass http://localhost:4241;
+	    proxy_redirect off;
+	    proxy_set_header Host $host;
+	}
+
+}
diff --git a/etc/nginx/sites-enabled/mint-demo.site b/etc/nginx/sites-enabled/mint-demo.site
new file mode 100644
index 0000000..070d0c9
--- /dev/null
+++ b/etc/nginx/sites-enabled/mint-demo.site
@@ -0,0 +1,15 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /dev/null;
+
+	server_name mint.demo.taler.net;
+
+	location / {
+	    proxy_pass http://localhost:4241;
+	    proxy_redirect off;
+	    proxy_set_header Host $host;
+	}
+
+}
diff --git a/etc/nginx/sites-enabled/mint-test-ssl.site b/etc/nginx/sites-enabled/mint-test-ssl.site
new file mode 100644
index 0000000..2eeea19
--- /dev/null
+++ b/etc/nginx/sites-enabled/mint-test-ssl.site
@@ -0,0 +1,24 @@
+server {
+	listen   443 ssl; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /dev/null;
+
+	server_name mint.test.taler.net;
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+
+	location / {
+	    proxy_pass http://localhost:14241;
+	    proxy_redirect off;
+	    proxy_set_header Host $host;
+	}
+
+}
diff --git a/etc/nginx/sites-enabled/mint-test.site b/etc/nginx/sites-enabled/mint-test.site
new file mode 100644
index 0000000..332d72c
--- /dev/null
+++ b/etc/nginx/sites-enabled/mint-test.site
@@ -0,0 +1,15 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /dev/null;
+
+	server_name mint.test.taler.net;
+
+	location / {
+	    proxy_pass http://localhost:14241;
+	    proxy_redirect off;
+	    proxy_set_header Host $host;
+	}
+
+}
diff --git a/etc/nginx/sites-enabled/shop-demo-ssl.site b/etc/nginx/sites-enabled/shop-demo-ssl.site
new file mode 100644
index 0000000..8d34446
--- /dev/null
+++ b/etc/nginx/sites-enabled/shop-demo-ssl.site
@@ -0,0 +1,54 @@
+server {
+	listen   443 ssl; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	server_name shop.demo.taler.net;
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+
+	root /home/demo/merchant/examples/shop/;
+        index index.php;
+
+	# Make site accessible from http://localhost/
+
+	location / {
+            try_files $uri $uri/ =404;
+            rewrite /taler/pay /pay.php;
+            rewrite /taler/contract /generate_taler_contract.php;
+	
+	}
+
+	location /fullfillment {
+            rewrite /(.*) /$1.php;	
+	}
+
+        location /test/contract {
+                rewrite (.*) /generate_taler_contract.php?cli_debug=yes;
+        }
+
+        location /test/contract/frontend {
+                rewrite (.*) /generate_taler_contract.php?backend_test=no;
+        }
+
+	location ~ \.php$ {
+        	fastcgi_pass unix:/var/run/php5-fpm.sock;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+                include fastcgi_params;
+        }
+
+       	location /backend {
+                rewrite /backend/(.*) /$1 break;
+	        proxy_pass http://127.0.0.1:9966;
+	        proxy_redirect off;
+	        proxy_set_header Host $host;
+	}
+
+	rewrite ^/shop $scheme://shop.demo.taler.net/ redirect;
+}
diff --git a/etc/nginx/sites-enabled/shop-demo.site b/etc/nginx/sites-enabled/shop-demo.site
new file mode 100644
index 0000000..818c13f
--- /dev/null
+++ b/etc/nginx/sites-enabled/shop-demo.site
@@ -0,0 +1,47 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	server_name shop.demo.taler.net;
+
+	root /home/demo/merchant/examples/shop;
+        index index.php;
+
+	# Make site accessible from http://localhost/
+
+	location / {
+            try_files $uri $uri/ =404;
+            rewrite /taler/pay /pay.php;
+            rewrite /taler/contract /generate_taler_contract.php;
+	
+	}
+
+	location /fullfillment {
+            rewrite /(.*) /$1.php;
+	
+	}
+
+        location /test/contract {
+                rewrite (.*) /generate_taler_contract.php?cli_debug=yes;
+        }
+
+        location /test/contract/frontend {
+                rewrite (.*) /generate_taler_contract.php?backend_test=no;
+        }
+
+	location ~ \.php$ {
+
+        	fastcgi_pass unix:/var/run/php5-fpm.sock;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+                include fastcgi_params;
+        }
+
+       	location /backend {
+                rewrite /backend/(.*) /$1 break;
+	        proxy_pass http://127.0.0.1:9966;
+	        proxy_redirect off;
+	        proxy_set_header Host $host;
+	}
+
+	rewrite ^/shop $scheme://shop.demo.taler.net/ redirect;
+}
diff --git a/etc/nginx/sites-enabled/shop-test-ssl.site b/etc/nginx/sites-enabled/shop-test-ssl.site
new file mode 100644
index 0000000..5889f02
--- /dev/null
+++ b/etc/nginx/sites-enabled/shop-test-ssl.site
@@ -0,0 +1,54 @@
+server {
+	listen   443 ssl; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	server_name shop.test.taler.net;
+
+	root /home/test/merchant/examples/shop/;
+        index index.php;
+
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+
+	# Make site accessible from http://localhost/
+
+	location / {
+            try_files $uri $uri/ =404;
+            rewrite /taler/pay /pay.php;
+            rewrite /taler/contract /generate_taler_contract.php;
+	}
+
+	location /fullfillment {
+            rewrite /(.*) /$1.php;	
+	}
+
+        location /test/contract {
+                rewrite (.*) /generate_taler_contract.php?cli_debug=yes;
+        }
+
+        location /test/contract/frontend {
+                rewrite (.*) /generate_taler_contract.php?backend_test=no;
+        }
+
+	location ~ \.php$ {
+        	fastcgi_pass unix:/var/run/php5-fpm.sock;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+                include fastcgi_params;
+        }
+
+       	location /backend {
+                rewrite /backend/(.*) /$1 break;
+	        proxy_pass http://127.0.0.1:19966;
+	        proxy_redirect off;
+	        proxy_set_header Host $host;
+	}
+
+	rewrite ^/shop $scheme://shop.test.taler.net/ redirect;
+}
diff --git a/etc/nginx/sites-enabled/shop-test.site b/etc/nginx/sites-enabled/shop-test.site
new file mode 100644
index 0000000..58fe8c1
--- /dev/null
+++ b/etc/nginx/sites-enabled/shop-test.site
@@ -0,0 +1,48 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	server_name shop.test.taler.net;
+
+	root /home/test/merchant/examples/shop;
+        index index.php;
+
+	# Make site accessible from http://localhost/
+
+	location / {
+            try_files $uri $uri/ =404;
+            rewrite /taler/pay /pay.php;
+            rewrite /taler/contract /generate_taler_contract.php;
+	
+	}
+
+	location /fullfillment {
+            rewrite /(.*) /$1.php;
+	
+	}
+
+        location /test/contract {
+                rewrite (.*) /generate_taler_contract.php?cli_debug=yes;
+        }
+
+        location /test/contract/frontend {
+                rewrite (.*) /generate_taler_contract.php?backend_test=no;
+        }
+
+	location ~ \.php$ {
+
+        	fastcgi_pass unix:/var/run/php5-fpm.sock;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+                include fastcgi_params;
+	
+        }
+
+       	location /backend {
+                rewrite /backend/(.*) /$1 break;
+	        proxy_pass http://127.0.0.1:19966;
+	        proxy_redirect off;
+	        proxy_set_header Host $host;
+	}
+
+	rewrite ^/shop $scheme://shop.test.taler.net/ redirect;
+}
diff --git a/etc/nginx/sites-enabled/test b/etc/nginx/sites-enabled/test
new file mode 100644
index 0000000..629b69d
--- /dev/null
+++ b/etc/nginx/sites-enabled/test
@@ -0,0 +1,15 @@
+root /home/test/landing/;
+index index.html;
+
+# Make site accessible from http://localhost/
+server_name test.taler.net;
+server_name www.test.taler.net;
+
+rewrite ^/bank $scheme://bank.test.taler.net/ redirect;
+rewrite ^/shop $scheme://shop.test.taler.net/ redirect;
+
+location ~ \.php$ {
+    fastcgi_pass unix:/var/run/php5-fpm.sock;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    include fastcgi_params;
+}
diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site
new file mode 100644
index 0000000..1a277c6
--- /dev/null
+++ b/etc/nginx/sites-enabled/test.site
@@ -0,0 +1,9 @@
+server {
+  listen 80;
+  include sites-enabled/test;
+}
+server {
+  listen 443 ssl;
+  include sites-enabled/test;
+  include talerssl;
+}
diff --git a/etc/nginx/sites-enabled/trollslayer.site b/etc/nginx/sites-enabled/trollslayer.site
new file mode 100644
index 0000000..c7d5de9
--- /dev/null
+++ b/etc/nginx/sites-enabled/trollslayer.site
@@ -0,0 +1,15 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /var/www/trollslayer/;
+
+	# Make site accessible from http://localhost/
+	server_name trollslayer.decentralise.rennes.inria.fr;
+
+	location / {
+	    proxy_pass http://gnunet.org:20070/shell/;
+	    proxy_redirect off;
+	    proxy_set_header Host $host;
+	}
+}
diff --git a/etc/nginx/sites-enabled/www-ssl.site b/etc/nginx/sites-enabled/www-ssl.site
new file mode 100644
index 0000000..e86cafd
--- /dev/null
+++ b/etc/nginx/sites-enabled/www-ssl.site
@@ -0,0 +1,36 @@
+server {
+	listen   443 ssl; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+
+	# Make site accessible from http://localhost/
+	server_name taler.net;
+	server_name www.taler.net;
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+        
+	location / {
+	    root /var/www/taler.net;
+	    autoindex off;
+	    ssi on;
+#	    ssi_last_modified on;
+ 	    rewrite /citizens /citizens.html break;
+	    rewrite /developers /developers.html break;
+	    rewrite /merchants /merchants.html break;
+            rewrite /governments /governments.html break;
+            rewrite /investors /investors.html break;
+            rewrite /about /about.html break;
+	    rewrite /news /news.html break;
+	}
+# Note: this will go to /var/www/videos, which we took out of Git
+        location /videos/ {
+            root /var/www;
+        }
+}
diff --git a/etc/nginx/sites-enabled/www.git-ssl.site b/etc/nginx/sites-enabled/www.git-ssl.site
new file mode 100644
index 0000000..78c4091
--- /dev/null
+++ b/etc/nginx/sites-enabled/www.git-ssl.site
@@ -0,0 +1,32 @@
+server {
+	listen   443 ssl; ## listen for ipv4; this line is default and implied
+	# listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	# Make site accessible from http://localhost/
+	server_name www.git.taler.net;
+	
+	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
+	ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+	add_header Strict-Transport-Security "max-age=63072000; preload";
+
+	location /index.cgi {
+            root /usr/share/gitweb/;
+
+            include fastcgi_params;
+            gzip off;
+	    fastcgi_param SCRIPT_NAME $uri;
+            fastcgi_param   GITWEB_CONFIG  /etc/gitweb.conf;
+            fastcgi_pass    unix:/var/run/fcgiwrap.socket;
+	}
+	
+        location / {
+            root /usr/share/gitweb/;
+            index index.cgi;
+        }
+}
diff --git a/etc/nginx/sites-enabled/www.git.site b/etc/nginx/sites-enabled/www.git.site
new file mode 100644
index 0000000..54f932f
--- /dev/null
+++ b/etc/nginx/sites-enabled/www.git.site
@@ -0,0 +1,23 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+	# listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	# Make site accessible from http://localhost/
+	server_name www.git.taler.net;
+	
+
+	location /index.cgi {
+            root /usr/share/gitweb/;
+
+            include fastcgi_params;
+            gzip off;
+	    fastcgi_param SCRIPT_NAME $uri;
+            fastcgi_param   GITWEB_CONFIG  /etc/gitweb.conf;
+            fastcgi_pass    unix:/var/run/fcgiwrap.socket;
+	}
+	
+        location / {
+            root /usr/share/gitweb/;
+            index index.cgi;
+        }
+}
diff --git a/etc/nginx/sites-enabled/www.site b/etc/nginx/sites-enabled/www.site
new file mode 100644
index 0000000..c438e7f
--- /dev/null
+++ b/etc/nginx/sites-enabled/www.site
@@ -0,0 +1,25 @@
+server {
+	listen   80; ## listen for ipv4; this line is default and implied
+ 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
+
+	root /var/www/taler.net;
+
+	# Make site accessible from http://localhost/
+	server_name taler.net;
+	server_name www.taler.net;
+
+	rewrite ^ https://$server_name$request_uri? permanent;
+
+#	location / {
+#	    autoindex off;
+#	    ssi on;
+##	    ssi_last_modified on;
+# 	    rewrite /citizens /citizens.html break;
+#	    rewrite /developers /developers.html break;
+#	    rewrite /merchants /merchants.html break;
+#            rewrite /governments /governments.html break;
+#            rewrite /investors /investors.html break;
+#            rewrite /about /about.html break;
+#	    rewrite /news /news.html break;
+#	}
+}
author	Florian Dold <florian.dold@gmail.com>	2016-03-01 23:28:27 +0100
committer	Florian Dold <florian.dold@gmail.com>	2016-03-01 23:28:27 +0100
commit	b03a3623188e2f7e32ca226877f6f4a28d4471db (patch)
tree	e73c13da151657b1d19ccd04305615c7f5de4b92 /etc/nginx/sites-enabled
parent	34dd2a1d412b77fa0bc8cde77fe579aef63455aa (diff)
download	deployment-b03a3623188e2f7e32ca226877f6f4a28d4471db.tar.gz deployment-b03a3623188e2f7e32ca226877f6f4a28d4471db.tar.bz2 deployment-b03a3623188e2f7e32ca226877f6f4a28d4471db.zip