diff options
author | Florian Dold <florian.dold@gmail.com> | 2016-04-26 03:52:24 +0200 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2016-04-26 03:52:24 +0200 |
commit | c6cee9b50a7ca256474e9b46aab360841ca95f41 (patch) | |
tree | 9f0d7e6dda9df7bb91eb66ac0ba89bc466df6c64 /etc | |
parent | 0c2c8a5786eef10ff2225ff9dadb34e24e3cd808 (diff) | |
download | deployment-c6cee9b50a7ca256474e9b46aab360841ca95f41.tar.gz deployment-c6cee9b50a7ca256474e9b46aab360841ca95f41.tar.bz2 deployment-c6cee9b50a7ca256474e9b46aab360841ca95f41.zip |
Simplify configuration.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/nginx/sites-enabled/bank-test-ssl.site | 18 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/bank-test.site | 5 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/blog-test-ssl.site | 22 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/exchange-test-ssl.site | 24 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/mint-test-ssl.site | 24 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/mint-test.site | 15 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/shop-test-ssl.site | 26 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/shop-test.site | 5 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/test-ssl.site | 34 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/test.site | 93 |
10 files changed, 89 insertions, 177 deletions
diff --git a/etc/nginx/sites-enabled/bank-test-ssl.site b/etc/nginx/sites-enabled/bank-test-ssl.site deleted file mode 100644 index 26de0d7..0000000 --- a/etc/nginx/sites-enabled/bank-test-ssl.site +++ /dev/null @@ -1,18 +0,0 @@ -upstream talerbank-test { - server 127.0.0.1:8000; -} - -server { - listen 443 ssl; - - server_name bank.test.taler.net; - ssi on; - - location / { - uwsgi_pass talerbank-test; - include /etc/nginx/uwsgi_params; - } - - include conf.d/test.redirects; - include conf.d/talerssl; -} diff --git a/etc/nginx/sites-enabled/bank-test.site b/etc/nginx/sites-enabled/bank-test.site deleted file mode 100644 index 6da16d2..0000000 --- a/etc/nginx/sites-enabled/bank-test.site +++ /dev/null @@ -1,5 +0,0 @@ -server { - listen 80; - server_name bank.test.taler.net; - rewrite ^ https://$server_name$request_uri? permanent; -} diff --git a/etc/nginx/sites-enabled/blog-test-ssl.site b/etc/nginx/sites-enabled/blog-test-ssl.site deleted file mode 100644 index 7ebb86c..0000000 --- a/etc/nginx/sites-enabled/blog-test-ssl.site +++ /dev/null @@ -1,22 +0,0 @@ -server { - listen 443 ssl; - - server_name blog.test.taler.net; - ssi on; - - location / { - uwsgi_pass unix:/home/test/sockets/blog.uwsgi; - include /etc/nginx/uwsgi_params; - } - - - location /backend { - rewrite /backend/(.*) /$1 break; - proxy_pass http://unix:/home/test/sockets/merchant.http:/; - proxy_redirect off; - proxy_set_header Host $host; - } - - include conf.d/test.redirects; - include conf.d/talerssl; -} diff --git a/etc/nginx/sites-enabled/exchange-test-ssl.site b/etc/nginx/sites-enabled/exchange-test-ssl.site deleted file mode 100644 index 0567a80..0000000 --- a/etc/nginx/sites-enabled/exchange-test-ssl.site +++ /dev/null @@ -1,24 +0,0 @@ -server { - listen 443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /dev/null; - - server_name exchange.test.taler.net; - ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - ssl_dhparam /etc/ssl/certs/dhparam.pem; - ssl_protocols TLSv1.2 TLSv1.1 TLSv1; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - add_header Strict-Transport-Security "max-age=63072000; preload"; - - location / { - proxy_pass http://unix:/home/test/sockets/exchange.http:/; - proxy_redirect off; - proxy_set_header Host $host; - } - -} diff --git a/etc/nginx/sites-enabled/mint-test-ssl.site b/etc/nginx/sites-enabled/mint-test-ssl.site deleted file mode 100644 index 2eeea19..0000000 --- a/etc/nginx/sites-enabled/mint-test-ssl.site +++ /dev/null @@ -1,24 +0,0 @@ -server { - listen 443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /dev/null; - - server_name mint.test.taler.net; - ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - ssl_dhparam /etc/ssl/certs/dhparam.pem; - ssl_protocols TLSv1.2 TLSv1.1 TLSv1; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - add_header Strict-Transport-Security "max-age=63072000; preload"; - - location / { - proxy_pass http://localhost:14241; - proxy_redirect off; - proxy_set_header Host $host; - } - -} diff --git a/etc/nginx/sites-enabled/mint-test.site b/etc/nginx/sites-enabled/mint-test.site deleted file mode 100644 index 332d72c..0000000 --- a/etc/nginx/sites-enabled/mint-test.site +++ /dev/null @@ -1,15 +0,0 @@ -server { - listen 80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /dev/null; - - server_name mint.test.taler.net; - - location / { - proxy_pass http://localhost:14241; - proxy_redirect off; - proxy_set_header Host $host; - } - -} diff --git a/etc/nginx/sites-enabled/shop-test-ssl.site b/etc/nginx/sites-enabled/shop-test-ssl.site deleted file mode 100644 index 2c93bbf..0000000 --- a/etc/nginx/sites-enabled/shop-test-ssl.site +++ /dev/null @@ -1,26 +0,0 @@ -upstream talershop-test { - server 127.0.0.1:8003; -} - -server { - listen 443 ssl; - - server_name shop.test.taler.net; - ssi on; - - location / { - uwsgi_pass unix:/home/test/sockets/donations.uwsgi; - include /etc/nginx/uwsgi_params; - } - - - location /backend { - rewrite /backend/(.*) /$1 break; - proxy_pass http://unix:/home/test/sockets/merchant.http:/; - proxy_redirect off; - proxy_set_header Host $host; - } - - include conf.d/test.redirects; - include conf.d/talerssl; -} diff --git a/etc/nginx/sites-enabled/shop-test.site b/etc/nginx/sites-enabled/shop-test.site deleted file mode 100644 index e066710..0000000 --- a/etc/nginx/sites-enabled/shop-test.site +++ /dev/null @@ -1,5 +0,0 @@ -server { - listen 80; - server_name shop.test.taler.net; - rewrite ^ https://$server_name$request_uri? permanent; -} diff --git a/etc/nginx/sites-enabled/test-ssl.site b/etc/nginx/sites-enabled/test-ssl.site deleted file mode 100644 index ec58ae6..0000000 --- a/etc/nginx/sites-enabled/test-ssl.site +++ /dev/null @@ -1,34 +0,0 @@ -server { - listen 443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - ssi on; - root /home/test/landing/; - index index.html; - - # Make site accessible from http://localhost/ - server_name test.taler.net; - server_name www.test.taler.net; - ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - ssl_dhparam /etc/ssl/certs/dhparam.pem; - ssl_protocols TLSv1.2 TLSv1.1 TLSv1; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - add_header Strict-Transport-Security "max-age=63072000; preload"; - - location ~ \.php$ { - fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - } - - location /extension { - root /home/test/wallet/wallet_button/firefox_src/xpi/; - rewrite /extension /taler-wallet.xpi break; - } - - include conf.d/test.redirects; -} diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site index b1392a2..9d38737 100644 --- a/etc/nginx/sites-enabled/test.site +++ b/etc/nginx/sites-enabled/test.site @@ -1,6 +1,91 @@ server { - listen 80; - server_name test.taler.net; - server_name www.test.taler.net; - rewrite ^ https://$server_name$request_uri? permanent; + listen 80; + server_name *.taler.net; + rewrite ^ https://$server_name$request_uri? permanent; +} + + +server { + listen 443 ssl; + server_name test.taler.net www.test.taler.net; + root /home/test/landing/; + include conf.d/test.redirects; + include conf.d/talerssl; + ssi on; + index index.html; +} + + +server { + listen 443 ssl; + server_name exchange.test.taler.net; + root /dev/null; + include conf.d/talerssl; + + location / { + proxy_pass http://unix:/home/test/sockets/exchange.http:/; + proxy_redirect off; + proxy_set_header Host $host; + } +} + + +server { + listen 443 ssl; + server_name blog.test.taler.net; + root /dev/null; + include conf.d/test.redirects; + include conf.d/talerssl; + ssi on; + + location / { + uwsgi_pass unix:/home/test/sockets/blog.uwsgi; + include /etc/nginx/uwsgi_params; + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://unix:/home/test/sockets/merchant.http:/; + proxy_redirect off; + proxy_set_header Host $host; + } +} + + +server { + listen 443 ssl; + server_name shop.test.taler.net; + ssi on; + include conf.d/test.redirects; + include conf.d/talerssl; + + location / { + uwsgi_pass unix:/home/test/sockets/donations.uwsgi; + include /etc/nginx/uwsgi_params; + } + + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://unix:/home/test/sockets/merchant.http:/; + proxy_redirect off; + proxy_set_header Host $host; + } +} + + +server { + listen 443 ssl; + server_name bank.test.taler.net; + ssi on; + include conf.d/test.redirects; + include conf.d/talerssl; + + location / { + uwsgi_pass talerbank-test; + include /etc/nginx/uwsgi_params; + } + + include conf.d/test.redirects; + include conf.d/talerssl; } |