diff options
author | Florian Dold <florian.dold@gmail.com> | 2016-03-01 23:28:27 +0100 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2016-03-01 23:28:27 +0100 |
commit | b03a3623188e2f7e32ca226877f6f4a28d4471db (patch) | |
tree | e73c13da151657b1d19ccd04305615c7f5de4b92 /etc/nginx/sites-enabled | |
parent | 34dd2a1d412b77fa0bc8cde77fe579aef63455aa (diff) | |
download | deployment-b03a3623188e2f7e32ca226877f6f4a28d4471db.tar.gz deployment-b03a3623188e2f7e32ca226877f6f4a28d4471db.tar.bz2 deployment-b03a3623188e2f7e32ca226877f6f4a28d4471db.zip |
add whole nginx config
Diffstat (limited to 'etc/nginx/sites-enabled')
43 files changed, 1198 insertions, 0 deletions
diff --git a/etc/nginx/sites-enabled/api-ssl.site b/etc/nginx/sites-enabled/api-ssl.site new file mode 100644 index 0000000..853a108 --- /dev/null +++ b/etc/nginx/sites-enabled/api-ssl.site @@ -0,0 +1,26 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/api.taler.net/_build/html; + + # Make site accessible from http://localhost/ + server_name api.taler.net; + server_name www.api.taler.net; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + autoindex off; + ssi on; +# ssi_last_modified on; + } +} diff --git a/etc/nginx/sites-enabled/api.site b/etc/nginx/sites-enabled/api.site new file mode 100644 index 0000000..1ca56bd --- /dev/null +++ b/etc/nginx/sites-enabled/api.site @@ -0,0 +1,16 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/api.taler.net/_build/html; + + # Make site accessible from http://localhost/ + server_name api.taler.net; + server_name www.api.taler.net; + + location / { + autoindex off; + ssi on; +# ssi_last_modified on; + } +} diff --git a/etc/nginx/sites-enabled/bank-demo-ssl.site b/etc/nginx/sites-enabled/bank-demo-ssl.site new file mode 100644 index 0000000..e682d08 --- /dev/null +++ b/etc/nginx/sites-enabled/bank-demo-ssl.site @@ -0,0 +1,28 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/demo/bank/website; + index index.php; + + # Make site accessible from http://localhost/ + server_name bank.demo.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; + +} diff --git a/etc/nginx/sites-enabled/bank-demo.site b/etc/nginx/sites-enabled/bank-demo.site new file mode 100644 index 0000000..12781ab --- /dev/null +++ b/etc/nginx/sites-enabled/bank-demo.site @@ -0,0 +1,31 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/demo/bank/website; + index index.php; + + # Make site accessible from http://localhost/ + server_name bank.demo.taler.net; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + +# To be uncommented when testing Django bank +# location ~ ^/auth/static { +# root /home/demo/bank/TalerBank/Bank/templates; +# rewrite /auth/static/(.*) /$1 break; +# } +# +# # Reach Django +# location ~ ^/(auth|admin) { +# uwsgi_pass django; +# include /home/demo/bank/TalerBank/uwsgi_params; +# } + + rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; + +} diff --git a/etc/nginx/sites-enabled/bank-test-ssl.site b/etc/nginx/sites-enabled/bank-test-ssl.site new file mode 100644 index 0000000..5975adc --- /dev/null +++ b/etc/nginx/sites-enabled/bank-test-ssl.site @@ -0,0 +1,28 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/test/bank/website; + index index.php; + + # Make site accessible from http://localhost/ + server_name bank.test.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + rewrite ^/shop $scheme://shop.test.taler.net/ redirect; + rewrite ^/mint $scheme://mint.demo.taler.net/ redirect; +} diff --git a/etc/nginx/sites-enabled/bank-test.site b/etc/nginx/sites-enabled/bank-test.site new file mode 100644 index 0000000..2664780 --- /dev/null +++ b/etc/nginx/sites-enabled/bank-test.site @@ -0,0 +1,37 @@ +upstream django { + server 127.0.0.1:8000; +} + +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/test/bank/website; + index index.php; + + # Make site accessible from http://localhost/ + server_name bank.test.taler.net; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location ~ ^/auth/static { + rewrite /auth/static/(.*) /static/$1 break; + uwsgi_pass django; + include /home/test/bank/TalerBank/uwsgi_params; + + } + + # Reach Django + location ~ ^/(auth|admin|static) { + uwsgi_pass django; + include /home/test/bank/TalerBank/uwsgi_params; + } + + rewrite ^/shop$ $scheme://shop.test.taler.net/ redirect; + rewrite ^/mint$ $scheme://mint.demo.taler.net/ redirect; + rewrite ^/mint/(.*)$ $scheme://mint.demo.taler.net/$1 redirect; +} diff --git a/etc/nginx/sites-enabled/blog-demo-ssl.site b/etc/nginx/sites-enabled/blog-demo-ssl.site new file mode 100644 index 0000000..447b295 --- /dev/null +++ b/etc/nginx/sites-enabled/blog-demo-ssl.site @@ -0,0 +1,50 @@ +server { + #listen 80; + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name blog.demo.taler.net; + + root /home/demo/merchant/examples/blog/; + index index.html; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + } + + location /fullfillment { + rewrite /(.*) /$1.php; + } + + location /articles { + + internal; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:19966; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx/sites-enabled/blog-demo.site b/etc/nginx/sites-enabled/blog-demo.site new file mode 100644 index 0000000..e28303a --- /dev/null +++ b/etc/nginx/sites-enabled/blog-demo.site @@ -0,0 +1,43 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name blog.demo.taler.net; + + root /home/demo/merchant/examples/blog; + index index.html; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + + } + + location /fullfillment { + rewrite /(.*) /$1.php; + + } + + location /articles { + + internal; + } + + location ~ \.php$ { + + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:9966; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx/sites-enabled/blog-test-ssl.site b/etc/nginx/sites-enabled/blog-test-ssl.site new file mode 100644 index 0000000..c3d84f2 --- /dev/null +++ b/etc/nginx/sites-enabled/blog-test-ssl.site @@ -0,0 +1,49 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name blog.test.taler.net; + + root /home/test/merchant/examples/blog/; + index index.html; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + } + + location /fullfillment { + rewrite /(.*) /$1.php; + } + + location /articles { + + internal; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:19966; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx/sites-enabled/blog-test.site b/etc/nginx/sites-enabled/blog-test.site new file mode 100644 index 0000000..2937763 --- /dev/null +++ b/etc/nginx/sites-enabled/blog-test.site @@ -0,0 +1,43 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name blog.test.taler.net; + + root /home/test/merchant/examples/blog; + index index.html; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + + } + + location /fullfillment { + rewrite /(.*) /$1.php; + + } + + location /articles { + + internal; + } + + location ~ \.php$ { + + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:19966; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx/sites-enabled/buildbot-ssl.site b/etc/nginx/sites-enabled/buildbot-ssl.site new file mode 100644 index 0000000..cbbef7b --- /dev/null +++ b/etc/nginx/sites-enabled/buildbot-ssl.site @@ -0,0 +1,25 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/buildbot/; + + # Make site accessible from http://localhost/ + server_name buildbot.taler.net; + server_name www.buildbot.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + proxy_pass http://localhost:1802; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx/sites-enabled/buildbot.site b/etc/nginx/sites-enabled/buildbot.site new file mode 100644 index 0000000..bec2149 --- /dev/null +++ b/etc/nginx/sites-enabled/buildbot.site @@ -0,0 +1,16 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/buildbot/; + + # Make site accessible from http://localhost/ + server_name buildbot.taler.net; + server_name www.buildbot.taler.net; + + location / { + proxy_pass http://localhost:1802; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx/sites-enabled/decentralise-ssl.site b/etc/nginx/sites-enabled/decentralise-ssl.site new file mode 100644 index 0000000..952986f --- /dev/null +++ b/etc/nginx/sites-enabled/decentralise-ssl.site @@ -0,0 +1,21 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/decentralise; + + # Make site accessible from http://localhost/ + server_name www.decentralise.rennes.inria.fr; + server_name decentralise.rennes.inria.fr; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + rewrite / http://www.inria.fr/en/teams/decentralise redirect; +} diff --git a/etc/nginx/sites-enabled/decentralise.site b/etc/nginx/sites-enabled/decentralise.site new file mode 100644 index 0000000..61c1976 --- /dev/null +++ b/etc/nginx/sites-enabled/decentralise.site @@ -0,0 +1,12 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/decentralise; + + # Make site accessible from http://localhost/ + server_name www.decentralise.rennes.inria.fr; + server_name decentralise.rennes.inria.fr; + + rewrite / http://www.inria.fr/en/teams/decentralise redirect; +} diff --git a/etc/nginx/sites-enabled/demo-ssl.site b/etc/nginx/sites-enabled/demo-ssl.site new file mode 100644 index 0000000..0b2b8da --- /dev/null +++ b/etc/nginx/sites-enabled/demo-ssl.site @@ -0,0 +1,34 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/test/landing/; + index index.html; + + # Make site accessible from http://localhost/ + server_name demo.taler.net; + server_name www.demo.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /extension { + root /home/demo/wallet/wallet_button/firefox_src/xpi/; + rewrite /extension /taler-wallet.xpi break; + } + + rewrite ^/bank $scheme://bank.demo.taler.net/ redirect; + rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; +} diff --git a/etc/nginx/sites-enabled/demo.site b/etc/nginx/sites-enabled/demo.site new file mode 100644 index 0000000..f08f8cd --- /dev/null +++ b/etc/nginx/sites-enabled/demo.site @@ -0,0 +1,20 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/demo/landing/; + index index.html; + + # Make site accessible from http://localhost/ + server_name demo.taler.net; + server_name www.demo.taler.net; + + rewrite ^/bank $scheme://bank.demo.taler.net/ redirect; + rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } +} diff --git a/etc/nginx/sites-enabled/drupal-demo-ssl.site b/etc/nginx/sites-enabled/drupal-demo-ssl.site new file mode 100644 index 0000000..400020e --- /dev/null +++ b/etc/nginx/sites-enabled/drupal-demo-ssl.site @@ -0,0 +1,49 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name drupal.demo.taler.net; + + root /home/demo/drupal-demo; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + # Make site accessible from http://localhost/ + +# location / { +# try_files $uri $uri/ =404; +# rewrite /taler/pay /pay.php; +# rewrite /taler/contract /generate_taler_contract.php; +# } + +# location /fullfillment { +# rewrite /(.*) /$1.php; +# } + + location ~ \.php$ { + fastcgi_index index.php; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + +# location /backend { +# rewrite /backend/(.*) /$1 break; +# proxy_pass http://127.0.0.1:19966; +# proxy_redirect off; +# proxy_set_header Host $host; +# } + + client_max_body_size 10M; + client_body_buffer_size 128k; + + include apps/drupal/drupal.conf; +} diff --git a/etc/nginx/sites-enabled/drupal-demo.site b/etc/nginx/sites-enabled/drupal-demo.site new file mode 100644 index 0000000..d91c3f7 --- /dev/null +++ b/etc/nginx/sites-enabled/drupal-demo.site @@ -0,0 +1,40 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name drupal.demo.taler.net; + + root /home/demo/drupal-demo; + + # Make site accessible from http://localhost/ + +# location / { +# try_files $uri $uri/ =404; +# rewrite /taler/pay /pay.php; +# rewrite /taler/contract /generate_taler_contract.php; +# } + +# location /fullfillment { +# rewrite /(.*) /$1.php; +# } + + + location ~ \.php$ { + fastcgi_index index.php; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + +# location /backend { +# rewrite /backend/(.*) /$1 break; +# proxy_pass http://127.0.0.1:19966; +# proxy_redirect off; +# proxy_set_header Host $host; +# } + + client_max_body_size 10M; + client_body_buffer_size 128k; + + include apps/drupal/drupal.conf; +} diff --git a/etc/nginx/sites-enabled/exchange-demo-ssl.site b/etc/nginx/sites-enabled/exchange-demo-ssl.site new file mode 100644 index 0000000..5761d4f --- /dev/null +++ b/etc/nginx/sites-enabled/exchange-demo-ssl.site @@ -0,0 +1,25 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name exchange.demo.taler.net; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + proxy_pass http://localhost:4241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx/sites-enabled/exchange-demo.site b/etc/nginx/sites-enabled/exchange-demo.site new file mode 100644 index 0000000..5e8f1b0 --- /dev/null +++ b/etc/nginx/sites-enabled/exchange-demo.site @@ -0,0 +1,15 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name exchange.demo.taler.net; + + location / { + proxy_pass http://localhost:4241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx/sites-enabled/exchange-test-ssl.site b/etc/nginx/sites-enabled/exchange-test-ssl.site new file mode 100644 index 0000000..029bce0 --- /dev/null +++ b/etc/nginx/sites-enabled/exchange-test-ssl.site @@ -0,0 +1,24 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name exchange.test.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + proxy_pass http://localhost:14241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx/sites-enabled/exchange-test.site b/etc/nginx/sites-enabled/exchange-test.site new file mode 100644 index 0000000..2841980 --- /dev/null +++ b/etc/nginx/sites-enabled/exchange-test.site @@ -0,0 +1,15 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name exchange.test.taler.net; + + location / { + proxy_pass http://localhost:14241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx/sites-enabled/gauger-ssl.site b/etc/nginx/sites-enabled/gauger-ssl.site new file mode 100644 index 0000000..42c40ef --- /dev/null +++ b/etc/nginx/sites-enabled/gauger-ssl.site @@ -0,0 +1,25 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/gauger/; + + # Make site accessible from http://localhost/ + server_name gauger.taler.net; + server_name www.gauger.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + proxy_pass http://localhost:1801; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx/sites-enabled/gauger.site b/etc/nginx/sites-enabled/gauger.site new file mode 100644 index 0000000..63e0cdb --- /dev/null +++ b/etc/nginx/sites-enabled/gauger.site @@ -0,0 +1,16 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/gauger/; + + # Make site accessible from http://localhost/ + server_name gauger.taler.net; + server_name www.gauger.taler.net; + + location / { + proxy_pass http://localhost:1801; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx/sites-enabled/git-ssl.site b/etc/nginx/sites-enabled/git-ssl.site new file mode 100644 index 0000000..3ea1af2 --- /dev/null +++ b/etc/nginx/sites-enabled/git-ssl.site @@ -0,0 +1,21 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/git; + # Make site accessible from http://localhost/ + server_name git.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + autoindex off; + } +} diff --git a/etc/nginx/sites-enabled/git.site b/etc/nginx/sites-enabled/git.site new file mode 100644 index 0000000..c194202 --- /dev/null +++ b/etc/nginx/sites-enabled/git.site @@ -0,0 +1,12 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/git; + # Make site accessible from http://localhost/ + server_name git.taler.net; + + location / { + autoindex off; + } +} diff --git a/etc/nginx/sites-enabled/lcov-ssl.site b/etc/nginx/sites-enabled/lcov-ssl.site new file mode 100644 index 0000000..d85486e --- /dev/null +++ b/etc/nginx/sites-enabled/lcov-ssl.site @@ -0,0 +1,25 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/lcov.taler.net/; + + # Make site accessible from http://localhost/ + server_name lcov.taler.net; + server_name www.lcov.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + autoindex off; + ssi off; +# ssi_last_modified on; + } +} diff --git a/etc/nginx/sites-enabled/lcov.site b/etc/nginx/sites-enabled/lcov.site new file mode 100644 index 0000000..1ddfd83 --- /dev/null +++ b/etc/nginx/sites-enabled/lcov.site @@ -0,0 +1,16 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/lcov.taler.net/; + + # Make site accessible from http://localhost/ + server_name lcov.taler.net; + server_name www.lcov.taler.net; + + location / { + autoindex off; + ssi off; +# ssi_last_modified on; + } +} diff --git a/etc/nginx/sites-enabled/mint-demo-ssl.site b/etc/nginx/sites-enabled/mint-demo-ssl.site new file mode 100644 index 0000000..8eeb3c5 --- /dev/null +++ b/etc/nginx/sites-enabled/mint-demo-ssl.site @@ -0,0 +1,24 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name mint.demo.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + proxy_pass http://localhost:4241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx/sites-enabled/mint-demo.site b/etc/nginx/sites-enabled/mint-demo.site new file mode 100644 index 0000000..070d0c9 --- /dev/null +++ b/etc/nginx/sites-enabled/mint-demo.site @@ -0,0 +1,15 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name mint.demo.taler.net; + + location / { + proxy_pass http://localhost:4241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx/sites-enabled/mint-test-ssl.site b/etc/nginx/sites-enabled/mint-test-ssl.site new file mode 100644 index 0000000..2eeea19 --- /dev/null +++ b/etc/nginx/sites-enabled/mint-test-ssl.site @@ -0,0 +1,24 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name mint.test.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + proxy_pass http://localhost:14241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx/sites-enabled/mint-test.site b/etc/nginx/sites-enabled/mint-test.site new file mode 100644 index 0000000..332d72c --- /dev/null +++ b/etc/nginx/sites-enabled/mint-test.site @@ -0,0 +1,15 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name mint.test.taler.net; + + location / { + proxy_pass http://localhost:14241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx/sites-enabled/shop-demo-ssl.site b/etc/nginx/sites-enabled/shop-demo-ssl.site new file mode 100644 index 0000000..8d34446 --- /dev/null +++ b/etc/nginx/sites-enabled/shop-demo-ssl.site @@ -0,0 +1,54 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name shop.demo.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + root /home/demo/merchant/examples/shop/; + index index.php; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + + } + + location /fullfillment { + rewrite /(.*) /$1.php; + } + + location /test/contract { + rewrite (.*) /generate_taler_contract.php?cli_debug=yes; + } + + location /test/contract/frontend { + rewrite (.*) /generate_taler_contract.php?backend_test=no; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:9966; + proxy_redirect off; + proxy_set_header Host $host; + } + + rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; +} diff --git a/etc/nginx/sites-enabled/shop-demo.site b/etc/nginx/sites-enabled/shop-demo.site new file mode 100644 index 0000000..818c13f --- /dev/null +++ b/etc/nginx/sites-enabled/shop-demo.site @@ -0,0 +1,47 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name shop.demo.taler.net; + + root /home/demo/merchant/examples/shop; + index index.php; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + + } + + location /fullfillment { + rewrite /(.*) /$1.php; + + } + + location /test/contract { + rewrite (.*) /generate_taler_contract.php?cli_debug=yes; + } + + location /test/contract/frontend { + rewrite (.*) /generate_taler_contract.php?backend_test=no; + } + + location ~ \.php$ { + + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:9966; + proxy_redirect off; + proxy_set_header Host $host; + } + + rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; +} diff --git a/etc/nginx/sites-enabled/shop-test-ssl.site b/etc/nginx/sites-enabled/shop-test-ssl.site new file mode 100644 index 0000000..5889f02 --- /dev/null +++ b/etc/nginx/sites-enabled/shop-test-ssl.site @@ -0,0 +1,54 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name shop.test.taler.net; + + root /home/test/merchant/examples/shop/; + index index.php; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + } + + location /fullfillment { + rewrite /(.*) /$1.php; + } + + location /test/contract { + rewrite (.*) /generate_taler_contract.php?cli_debug=yes; + } + + location /test/contract/frontend { + rewrite (.*) /generate_taler_contract.php?backend_test=no; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:19966; + proxy_redirect off; + proxy_set_header Host $host; + } + + rewrite ^/shop $scheme://shop.test.taler.net/ redirect; +} diff --git a/etc/nginx/sites-enabled/shop-test.site b/etc/nginx/sites-enabled/shop-test.site new file mode 100644 index 0000000..58fe8c1 --- /dev/null +++ b/etc/nginx/sites-enabled/shop-test.site @@ -0,0 +1,48 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name shop.test.taler.net; + + root /home/test/merchant/examples/shop; + index index.php; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + + } + + location /fullfillment { + rewrite /(.*) /$1.php; + + } + + location /test/contract { + rewrite (.*) /generate_taler_contract.php?cli_debug=yes; + } + + location /test/contract/frontend { + rewrite (.*) /generate_taler_contract.php?backend_test=no; + } + + location ~ \.php$ { + + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:19966; + proxy_redirect off; + proxy_set_header Host $host; + } + + rewrite ^/shop $scheme://shop.test.taler.net/ redirect; +} diff --git a/etc/nginx/sites-enabled/test b/etc/nginx/sites-enabled/test new file mode 100644 index 0000000..629b69d --- /dev/null +++ b/etc/nginx/sites-enabled/test @@ -0,0 +1,15 @@ +root /home/test/landing/; +index index.html; + +# Make site accessible from http://localhost/ +server_name test.taler.net; +server_name www.test.taler.net; + +rewrite ^/bank $scheme://bank.test.taler.net/ redirect; +rewrite ^/shop $scheme://shop.test.taler.net/ redirect; + +location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; +} diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site new file mode 100644 index 0000000..1a277c6 --- /dev/null +++ b/etc/nginx/sites-enabled/test.site @@ -0,0 +1,9 @@ +server { + listen 80; + include sites-enabled/test; +} +server { + listen 443 ssl; + include sites-enabled/test; + include talerssl; +} diff --git a/etc/nginx/sites-enabled/trollslayer.site b/etc/nginx/sites-enabled/trollslayer.site new file mode 100644 index 0000000..c7d5de9 --- /dev/null +++ b/etc/nginx/sites-enabled/trollslayer.site @@ -0,0 +1,15 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/trollslayer/; + + # Make site accessible from http://localhost/ + server_name trollslayer.decentralise.rennes.inria.fr; + + location / { + proxy_pass http://gnunet.org:20070/shell/; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx/sites-enabled/www-ssl.site b/etc/nginx/sites-enabled/www-ssl.site new file mode 100644 index 0000000..e86cafd --- /dev/null +++ b/etc/nginx/sites-enabled/www-ssl.site @@ -0,0 +1,36 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + + # Make site accessible from http://localhost/ + server_name taler.net; + server_name www.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + root /var/www/taler.net; + autoindex off; + ssi on; +# ssi_last_modified on; + rewrite /citizens /citizens.html break; + rewrite /developers /developers.html break; + rewrite /merchants /merchants.html break; + rewrite /governments /governments.html break; + rewrite /investors /investors.html break; + rewrite /about /about.html break; + rewrite /news /news.html break; + } +# Note: this will go to /var/www/videos, which we took out of Git + location /videos/ { + root /var/www; + } +} diff --git a/etc/nginx/sites-enabled/www.git-ssl.site b/etc/nginx/sites-enabled/www.git-ssl.site new file mode 100644 index 0000000..78c4091 --- /dev/null +++ b/etc/nginx/sites-enabled/www.git-ssl.site @@ -0,0 +1,32 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + # Make site accessible from http://localhost/ + server_name www.git.taler.net; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location /index.cgi { + root /usr/share/gitweb/; + + include fastcgi_params; + gzip off; + fastcgi_param SCRIPT_NAME $uri; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + location / { + root /usr/share/gitweb/; + index index.cgi; + } +} diff --git a/etc/nginx/sites-enabled/www.git.site b/etc/nginx/sites-enabled/www.git.site new file mode 100644 index 0000000..54f932f --- /dev/null +++ b/etc/nginx/sites-enabled/www.git.site @@ -0,0 +1,23 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + # Make site accessible from http://localhost/ + server_name www.git.taler.net; + + + location /index.cgi { + root /usr/share/gitweb/; + + include fastcgi_params; + gzip off; + fastcgi_param SCRIPT_NAME $uri; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + location / { + root /usr/share/gitweb/; + index index.cgi; + } +} diff --git a/etc/nginx/sites-enabled/www.site b/etc/nginx/sites-enabled/www.site new file mode 100644 index 0000000..c438e7f --- /dev/null +++ b/etc/nginx/sites-enabled/www.site @@ -0,0 +1,25 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/taler.net; + + # Make site accessible from http://localhost/ + server_name taler.net; + server_name www.taler.net; + + rewrite ^ https://$server_name$request_uri? permanent; + +# location / { +# autoindex off; +# ssi on; +## ssi_last_modified on; +# rewrite /citizens /citizens.html break; +# rewrite /developers /developers.html break; +# rewrite /merchants /merchants.html break; +# rewrite /governments /governments.html break; +# rewrite /investors /investors.html break; +# rewrite /about /about.html break; +# rewrite /news /news.html break; +# } +} |