Simplify configuration.

author: Florian Dold <florian.dold@gmail.com> 2016-04-26 03:52:24 +0200
committer: Florian Dold <florian.dold@gmail.com> 2016-04-26 03:52:24 +0200
commit: c6cee9b50a7ca256474e9b46aab360841ca95f41 (patch)
tree: 9f0d7e6dda9df7bb91eb66ac0ba89bc466df6c64 /etc
parent: 0c2c8a5786eef10ff2225ff9dadb34e24e3cd808 (diff)
download: deployment-c6cee9b50a7ca256474e9b46aab360841ca95f41.tar.gz
deployment-c6cee9b50a7ca256474e9b46aab360841ca95f41.tar.bz2
deployment-c6cee9b50a7ca256474e9b46aab360841ca95f41.zip
10 files changed, 89 insertions, 177 deletions
diff --git a/etc/nginx/sites-enabled/bank-test-ssl.site b/etc/nginx/sites-enabled/bank-test-ssl.site
deleted file mode 100644
index 26de0d7..0000000
--- a/etc/nginx/sites-enabled/bank-test-ssl.site
+++ /dev/null
@@ -1,18 +0,0 @@
-upstream talerbank-test {
-	server 127.0.0.1:8000;
-}
-
-server {
-	listen 443 ssl;
-
-	server_name bank.test.taler.net;
-        ssi on;
-
-	location / {
-		uwsgi_pass  talerbank-test;
-		include     /etc/nginx/uwsgi_params;
-	}
-
-	include conf.d/test.redirects;
-	include conf.d/talerssl;
-}
diff --git a/etc/nginx/sites-enabled/bank-test.site b/etc/nginx/sites-enabled/bank-test.site
deleted file mode 100644
index 6da16d2..0000000
--- a/etc/nginx/sites-enabled/bank-test.site
+++ /dev/null
@@ -1,5 +0,0 @@
-server {
-	listen 80;
-	server_name bank.test.taler.net;
-	rewrite ^ https://$server_name$request_uri? permanent;
-}
diff --git a/etc/nginx/sites-enabled/blog-test-ssl.site b/etc/nginx/sites-enabled/blog-test-ssl.site
deleted file mode 100644
index 7ebb86c..0000000
--- a/etc/nginx/sites-enabled/blog-test-ssl.site
+++ /dev/null
@@ -1,22 +0,0 @@
-server {
-	listen 443 ssl;
-
-	server_name blog.test.taler.net;
-        ssi on;
-
-	location / {
-		uwsgi_pass unix:/home/test/sockets/blog.uwsgi;
-		include /etc/nginx/uwsgi_params;
-	}
-
-
-       location /backend {
-                rewrite /backend/(.*) /$1 break;
-                proxy_pass http://unix:/home/test/sockets/merchant.http:/;
-                proxy_redirect off;
-                proxy_set_header Host $host;
-        }
-
-	include conf.d/test.redirects;
-	include conf.d/talerssl;
-}
diff --git a/etc/nginx/sites-enabled/exchange-test-ssl.site b/etc/nginx/sites-enabled/exchange-test-ssl.site
deleted file mode 100644
index 0567a80..0000000
--- a/etc/nginx/sites-enabled/exchange-test-ssl.site
+++ /dev/null
@@ -1,24 +0,0 @@
-server {
-	listen   443 ssl; ## listen for ipv4; this line is default and implied
- 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
-
-	root /dev/null;
-
-	server_name exchange.test.taler.net;
-	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
-	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
-	ssl_prefer_server_ciphers on;
-        ssl_session_cache shared:SSL:10m;
-        ssl_dhparam /etc/ssl/certs/dhparam.pem;
-	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
-	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
-
-	add_header Strict-Transport-Security "max-age=63072000; preload";
-
-	location / {
-	    proxy_pass http://unix:/home/test/sockets/exchange.http:/;
-	    proxy_redirect off;
-	    proxy_set_header Host $host;
-	}
-
-}
diff --git a/etc/nginx/sites-enabled/mint-test-ssl.site b/etc/nginx/sites-enabled/mint-test-ssl.site
deleted file mode 100644
index 2eeea19..0000000
--- a/etc/nginx/sites-enabled/mint-test-ssl.site
+++ /dev/null
@@ -1,24 +0,0 @@
-server {
-	listen   443 ssl; ## listen for ipv4; this line is default and implied
- 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
-
-	root /dev/null;
-
-	server_name mint.test.taler.net;
-	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
-	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
-	ssl_prefer_server_ciphers on;
-        ssl_session_cache shared:SSL:10m;
-        ssl_dhparam /etc/ssl/certs/dhparam.pem;
-	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
-	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
-
-	add_header Strict-Transport-Security "max-age=63072000; preload";
-
-	location / {
-	    proxy_pass http://localhost:14241;
-	    proxy_redirect off;
-	    proxy_set_header Host $host;
-	}
-
-}
diff --git a/etc/nginx/sites-enabled/mint-test.site b/etc/nginx/sites-enabled/mint-test.site
deleted file mode 100644
index 332d72c..0000000
--- a/etc/nginx/sites-enabled/mint-test.site
+++ /dev/null
@@ -1,15 +0,0 @@
-server {
-	listen   80; ## listen for ipv4; this line is default and implied
- 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
-
-	root /dev/null;
-
-	server_name mint.test.taler.net;
-
-	location / {
-	    proxy_pass http://localhost:14241;
-	    proxy_redirect off;
-	    proxy_set_header Host $host;
-	}
-
-}
diff --git a/etc/nginx/sites-enabled/shop-test-ssl.site b/etc/nginx/sites-enabled/shop-test-ssl.site
deleted file mode 100644
index 2c93bbf..0000000
--- a/etc/nginx/sites-enabled/shop-test-ssl.site
+++ /dev/null
@@ -1,26 +0,0 @@
-upstream talershop-test {
-	server 127.0.0.1:8003;
-}
-
-server {
-	listen 443 ssl;
-
-	server_name shop.test.taler.net;
-        ssi on;
-
-	location / {
-		uwsgi_pass unix:/home/test/sockets/donations.uwsgi;
-		include /etc/nginx/uwsgi_params;
-	}
-
-
-       location /backend {
-                rewrite /backend/(.*) /$1 break;
-                proxy_pass http://unix:/home/test/sockets/merchant.http:/;
-                proxy_redirect off;
-                proxy_set_header Host $host;
-        }
-
-	include conf.d/test.redirects;
-	include conf.d/talerssl;
-}
diff --git a/etc/nginx/sites-enabled/shop-test.site b/etc/nginx/sites-enabled/shop-test.site
deleted file mode 100644
index e066710..0000000
--- a/etc/nginx/sites-enabled/shop-test.site
+++ /dev/null
@@ -1,5 +0,0 @@
-server {
-	listen 80;
-	server_name shop.test.taler.net;
-	rewrite ^ https://$server_name$request_uri? permanent;
-}
diff --git a/etc/nginx/sites-enabled/test-ssl.site b/etc/nginx/sites-enabled/test-ssl.site
deleted file mode 100644
index ec58ae6..0000000
--- a/etc/nginx/sites-enabled/test-ssl.site
+++ /dev/null
@@ -1,34 +0,0 @@
-server {
-	listen   443 ssl; ## listen for ipv4; this line is default and implied
- 	# 	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6
-
-        ssi on;
-	root /home/test/landing/;
-        index index.html;
-
-	# Make site accessible from http://localhost/
-	server_name test.taler.net;
-	server_name www.test.taler.net;
-	ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
-	ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
-	ssl_prefer_server_ciphers on;
-        ssl_session_cache shared:SSL:10m;
-        ssl_dhparam /etc/ssl/certs/dhparam.pem;
-	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
-	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
-
-	add_header Strict-Transport-Security "max-age=63072000; preload";
-
-        location ~ \.php$ {
-            fastcgi_pass unix:/var/run/php5-fpm.sock;
-            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            include fastcgi_params;
-        }
-
-        location /extension {
-            root /home/test/wallet/wallet_button/firefox_src/xpi/;
-            rewrite /extension /taler-wallet.xpi break;
-        }
-
-        include conf.d/test.redirects;
-}
diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site
index b1392a2..9d38737 100644
--- a/etc/nginx/sites-enabled/test.site
+++ b/etc/nginx/sites-enabled/test.site
@@ -1,6 +1,91 @@
 server {
-	listen 80;
-	server_name test.taler.net;
-	server_name www.test.taler.net;
-	rewrite ^ https://$server_name$request_uri? permanent;
+  listen 80;
+  server_name *.taler.net;
+  rewrite ^ https://$server_name$request_uri? permanent;
+}
+
+
+server {
+  listen 443 ssl;
+  server_name test.taler.net www.test.taler.net;
+  root /home/test/landing/;
+  include conf.d/test.redirects;
+  include conf.d/talerssl;
+  ssi on;
+  index index.html;
+}
+
+
+server {
+  listen 443 ssl;
+  server_name exchange.test.taler.net;
+  root /dev/null;
+  include conf.d/talerssl;
+
+  location / {
+    proxy_pass http://unix:/home/test/sockets/exchange.http:/;
+    proxy_redirect off;
+    proxy_set_header Host $host;
+  }
+}
+
+
+server {
+  listen 443 ssl;
+  server_name blog.test.taler.net;
+  root /dev/null;
+  include conf.d/test.redirects;
+  include conf.d/talerssl;
+  ssi on;
+
+  location / {
+    uwsgi_pass unix:/home/test/sockets/blog.uwsgi;
+    include /etc/nginx/uwsgi_params;
+  }
+
+  location /backend {
+    rewrite /backend/(.*) /$1 break;
+    proxy_pass http://unix:/home/test/sockets/merchant.http:/;
+    proxy_redirect off;
+    proxy_set_header Host $host;
+  }
+}
+
+
+server {
+	listen 443 ssl;
+	server_name shop.test.taler.net;
+        ssi on;
+	include conf.d/test.redirects;
+	include conf.d/talerssl;
+
+	location / {
+		uwsgi_pass unix:/home/test/sockets/donations.uwsgi;
+		include /etc/nginx/uwsgi_params;
+	}
+
+
+       location /backend {
+                rewrite /backend/(.*) /$1 break;
+                proxy_pass http://unix:/home/test/sockets/merchant.http:/;
+                proxy_redirect off;
+                proxy_set_header Host $host;
+        }
+}
+
+
+server {
+  listen 443 ssl;
+  server_name bank.test.taler.net;
+  ssi on;
+  include conf.d/test.redirects;
+  include conf.d/talerssl;
+
+  location / {
+    uwsgi_pass  talerbank-test;
+    include     /etc/nginx/uwsgi_params;
+  }
+
+  include conf.d/test.redirects;
+  include conf.d/talerssl;
 }
author	Florian Dold <florian.dold@gmail.com>	2016-04-26 03:52:24 +0200
committer	Florian Dold <florian.dold@gmail.com>	2016-04-26 03:52:24 +0200
commit	c6cee9b50a7ca256474e9b46aab360841ca95f41 (patch)
tree	9f0d7e6dda9df7bb91eb66ac0ba89bc466df6c64 /etc
parent	0c2c8a5786eef10ff2225ff9dadb34e24e3cd808 (diff)
download	deployment-c6cee9b50a7ca256474e9b46aab360841ca95f41.tar.gz deployment-c6cee9b50a7ca256474e9b46aab360841ca95f41.tar.bz2 deployment-c6cee9b50a7ca256474e9b46aab360841ca95f41.zip