diff options
| author | Christian Grothoff <christian@grothoff.org> | 2020-02-17 21:20:12 +0100 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2020-02-17 21:20:12 +0100 |
| commit | 21c6b40156db5a505215d4ce57fcab0ff6691300 (patch) | |
| tree | 9dd8b61796c86e1b6694406ad3660cf64d00ce09 /guix/etc/nginx | |
| parent | be061b4da9a8850412c216bdf49589e6951527c5 (diff) | |
| download | deployment-21c6b40156db5a505215d4ce57fcab0ff6691300.tar.gz deployment-21c6b40156db5a505215d4ce57fcab0ff6691300.tar.bz2 deployment-21c6b40156db5a505215d4ce57fcab0ff6691300.zip | |
move unmaintained files to historic/
Diffstat (limited to 'guix/etc/nginx')
63 files changed, 0 insertions, 3944 deletions
diff --git a/guix/etc/nginx/apps/drupal/admin_basic_auth.conf b/guix/etc/nginx/apps/drupal/admin_basic_auth.conf deleted file mode 100644 index cc796ce..0000000 --- a/guix/etc/nginx/apps/drupal/admin_basic_auth.conf +++ /dev/null @@ -1,12 +0,0 @@ -# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*- - -## Protect the /admin URIs with a basic auth. -location ^~ /admin { - auth_basic "Restricted access"; #realm - auth_basic_user_file .htpasswd-users; - - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; -} diff --git a/guix/etc/nginx/apps/drupal/cron_allowed_hosts.conf b/guix/etc/nginx/apps/drupal/cron_allowed_hosts.conf deleted file mode 100644 index bdb3dd9..0000000 --- a/guix/etc/nginx/apps/drupal/cron_allowed_hosts.conf +++ /dev/null @@ -1,10 +0,0 @@ -# -*- mode: nginx; mode:autopair; mode: flyspell-prog; ispell-local-dictionary: "american" -*- -### Configuration file for specifying which hosts can invoke Drupal's -### cron. This only applies if you're not using drush to run cron. - -geo $not_allowed_cron { - default 1; - ## Add your set of hosts. - 127.0.0.1 0; # allow the localhost - 192.168.1.0/24 0; # allow on an internal network -} diff --git a/guix/etc/nginx/apps/drupal/drupal.conf b/guix/etc/nginx/apps/drupal/drupal.conf deleted file mode 100644 index e65024f..0000000 --- a/guix/etc/nginx/apps/drupal/drupal.conf +++ /dev/null @@ -1,347 +0,0 @@ -# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*- -### Nginx configuration for Drupal. This configuration makes use of -### drush (http:///drupal.org/project/drush) for site maintenance -### and like tasks: -### -### 1. Run the cronjobs. -### 2. Run the DB and code updates: drush up or drush upc followed by -### drush updb to run any DB updates required by the code upgrades -### that were performed. -### 3. Disabling of xmlrpc.xml, install.php (needed only for -### installing the site) and update.php: all updates are now -### handled through drush. - -## The 'default' location. -location / { - - ## Drupal 404 from can impact performance. If using a module like - ## search404 then 404's *have *to be handled by Drupal. Uncomment to - ## relay the handling of 404's to Drupal. - ## error_page 404 /index.php; - - ## Using a nested location is the 'correct' way to use regexes. - - ## Regular private file serving (i.e. handled by Drupal). - location ^~ /system/files/ { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## If proxying to apache comment the two lines above and - ## uncomment the two lines below. - #proxy_pass http://phpapache/index.php?q=$uri; - #proxy_set_header Connection ''; - - ## For not signaling a 404 in the error log whenever the - ## system/files directory is accessed add the line below. - ## Note that the 404 is the intended behavior. - log_not_found off; - } - - ## Trying to access private files directly returns a 404. - location ^~ /sites/default/files/private/ { - internal; - } - - ## Support for the file_force module - ## http://drupal.org/project/file_force. - location ^~ /system/files_force/ { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## If proxying to apache comment the two lines above and - ## uncomment the two lines below. - #proxy_pass http://phpapache/index.php?q=$uri; - #proxy_set_header Connection ''; - - ## For not signaling a 404 in the error log whenever the - ## system/files directory is accessed add the line below. - ## Note that the 404 is the intended behavior. - log_not_found off; - } - - ## If accessing an image generated by Drupal 6 imagecache, serve it - ## directly if available, if not relay the request to Drupal to (re)generate - ## the image. - location ~* /imagecache/ { - ## Image hotlinking protection. If you want hotlinking - ## protection for your images uncomment the following line. - #include apps/drupal/hotlinking_protection.conf; - - access_log off; - expires 30d; - try_files $uri @drupal; - } - - ## Drupal 7 generated image handling, i.e., imagecache in core. See: - ## http://drupal.org/node/371374. - location ~* /files/styles/ { - ## Image hotlinking protection. If you want hotlinking - ## protection for your images uncomment the following line. - #include apps/drupal/hotlinking_protection.conf; - - access_log off; - expires 30d; - try_files $uri @drupal; - } - - ## Advanced Aggregation module CSS - ## support. http://drupal.org/project/advagg. - location ^~ /sites/default/files/advagg_css/ { - expires max; - add_header ETag ''; - add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT'; - add_header Accept-Ranges ''; - - location ~* /sites/default/files/advagg_css/css[_[:alnum:]]+\.css$ { - access_log off; - try_files $uri @drupal; - } - } - - ## Advanced Aggregation module JS - ## support. http://drupal.org/project/advagg. - location ^~ /sites/default/files/advagg_js/ { - expires max; - add_header ETag ''; - add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT'; - add_header Accept-Ranges ''; - - location ~* /sites/default/files/advagg_js/js[_[:alnum:]]+\.js$ { - access_log off; - try_files $uri @drupal; - } - } - - ## All static files will be served directly. - location ~* ^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|svg)$ { - - access_log off; - expires 30d; - ## No need to bleed constant updates. Send the all shebang in one - ## fell swoop. - tcp_nodelay off; - ## Set the OS file cache. - open_file_cache max=3000 inactive=120s; - open_file_cache_valid 45s; - open_file_cache_min_uses 2; - open_file_cache_errors off; - } - - ## PDFs and powerpoint files handling. - location ~* ^.+\.(?:pdf|pptx?)$ { - expires 30d; - ## No need to bleed constant updates. Send the all shebang in one - ## fell swoop. - tcp_nodelay off; - } - - ## MP3 and Ogg/Vorbis files are served using AIO when supported. Your OS must support it. - location ^~ /sites/default/files/audio/mp3 { - location ~* ^/sites/default/files/audio/mp3/.*\.mp3$ { - directio 4k; # for XFS - ## If you're using ext3 or similar uncomment the line below and comment the above. - #directio 512; # for ext3 or similar (block alignments) - tcp_nopush off; -# aio on; - output_buffers 1 2M; - } - } - - location ^~ /sites/default/files/audio/ogg { - location ~* ^/sites/default/files/audio/ogg/.*\.ogg$ { - directio 4k; # for XFS - ## If you're using ext3 or similar uncomment the line below and comment the above. - #directio 512; # for ext3 or similar (block alignments) - tcp_nopush off; -# aio on; - output_buffers 1 2M; - } - } - - ## Pseudo streaming of FLV files: - ## http://wiki.nginx.org/HttpFlvStreamModule. - ## If pseudo streaming isn't working, try to comment - ## out in nginx.conf line with: - ## add_header X-Frame-Options SAMEORIGIN; - location ^~ /sites/default/files/video/flv { - location ~* ^/sites/default/files/video/flv/.*\.flv$ { -# flv; - } - } - - ## Pseudo streaming of H264/AAC files. This requires an Nginx - ## version greater or equal to 1.0.7 for the stable branch and - ## greater or equal to 1.1.3 for the development branch. - ## Cf. http://nginx.org/en/docs/http/ngx_http_mp4_module.html. - location ^~ /sites/default/files/video/mp4 { # videos - location ~* ^/sites/default/files/video/mp4/.*\.(?:mp4|mov)$ { -# mp4; -# mp4_buffer_size 1M; -# mp4_max_buffer_size 5M; - } - } - - location ^~ /sites/default/files/audio/m4a { # audios - location ~* ^/sites/default/files/audio/m4a/.*\.m4a$ { -# mp4; -# mp4_buffer_size 1M; -# mp4_max_buffer_size 5M; - } - } - - ## Advanced Help module makes each module provided README available. - location ^~ /help/ { - location ~* ^/help/[^/]*/README\.txt$ { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## If proxying to apache comment the two lines above and - ## uncomment the two lines below. - #proxy_pass http://phpapache/index.php?q=$uri; - #proxy_set_header Connection ''; - } - } - - ## Replicate the Apache <FilesMatch> directive of Drupal standard - ## .htaccess. Disable access to any code files. Return a 404 to curtail - ## information disclosure. Hide also the text files. - location ~* ^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|pot|sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ { - return 404; - } - - ## First we try the URI and relay to the /index.php?q=$uri&$args if not found. - try_files $uri @drupal; -} - -########### Security measures ########## - -## Uncomment the line below if you want to enable basic auth for -## access to all /admin URIs. Note that this provides much better -## protection if use HTTPS. Since it can easily be eavesdropped if you -## use HTTP. -#include apps/drupal/admin_basic_auth.conf; - -## Restrict access to the strictly necessary PHP files. Reducing the -## scope for exploits. Handling of PHP code and the Drupal event loop. -location @drupal { - ## Include the FastCGI config. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## FastCGI microcache. -# include apps/drupal/microcache_fcgi.conf; - ## FCGI microcache for authenticated users also. - #include apps/drupal/microcache_fcgi_auth.conf; - - ## If proxying to apache comment the two lines above and - ## uncomment the two lines below. - #proxy_pass http://phpapache/index.php?q=$uri; - #proxy_set_header Connection ''; - - ## Proxy microcache. - #include apps/drupal/microcache_proxy.conf; - ## Proxy microcache for authenticated users also. - #include apps/drupal/microcache_proxy_auth.conf; - - ## Filefield Upload progress - ## http://drupal.org/project/filefield_nginx_progress support - ## through the NginxUploadProgress modules. -# track_uploads uploads 60s; -} - -location @drupal-no-args { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_no_args_drupal.conf; - fastcgi_pass phpcgi; - - ## FastCGI microcache. -# include apps/drupal/microcache_fcgi.conf; - ## FCGI microcache for authenticated users also. - #include apps/drupal/microcache_fcgi_auth.conf; - - ## If proxying to apache comment the two lines above and - ## uncomment the two lines below. - #proxy_pass http://phpapache/index.php?q=$uri; - #proxy_set_header Connection ''; - - ## Proxy microcache. - #include apps/drupal/microcache_proxy.conf; - ## Proxy microcache for authenticated users also. - #include apps/drupal/microcache_proxy_auth.conf; -} - -## Disallow access to .bzr, .git, .hg, .svn, .cvs directories: return -## 404 as not to disclose information. -location ^~ /.bzr { - return 404; -} - -location ^~ /.git { - return 404; -} - -location ^~ /.hg { - return 404; -} - -location ^~ /.svn { - return 404; -} - -location ^~ /.cvs { - return 404; -} - -## Disallow access to patches directory. -location ^~ /patches { - return 404; -} - -## Disallow access to drush backup directory. -location ^~ /backup { - return 404; -} - -## Disable access logs for robots.txt. -location = /robots.txt { - access_log off; - ## Add support for the robotstxt module - ## http://drupal.org/project/robotstxt. - try_files $uri @drupal-no-args; -} - -## RSS feed support. -location = /rss.xml { - try_files $uri @drupal-no-args; -} - -## XML Sitemap support. -location = /sitemap.xml { - try_files $uri @drupal-no-args; -} - -## Support for favicon. Return an 1x1 transparent GIF if it doesn't -## exist. -location = /favicon.ico { - expires 30d; - try_files /favicon.ico @empty; -} - -## Return an in memory 1x1 transparent GIF. -location @empty { - expires 30d; - empty_gif; -} - -## Any other attempt to access PHP files returns a 404. -location ~* ^.+\.php$ { - return 404; -} - diff --git a/guix/etc/nginx/apps/drupal/drupal_boost.conf b/guix/etc/nginx/apps/drupal/drupal_boost.conf deleted file mode 100644 index 1cb10e1..0000000 --- a/guix/etc/nginx/apps/drupal/drupal_boost.conf +++ /dev/null @@ -1,377 +0,0 @@ -# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*- -### Nginx configuration for using Boost with Drupal. This -### configuration makes use of drush (http:///drupal.org/project/drush) -### for site maintenance and like tasks: -### -### 1. Run the cronjobs. -### 2. Run the DB and code updates: drush up or drush upc followed by -### drush updb to run any DB updates required by the code upgrades -### that were performed. -### 3. Disabling of xmlrpc.xml, install.php (needed only for -### installing the site) and update.php: all updates are now -### handled through drush. - -## The 'default' location. -location / { - - ## Drupal 404 from can impact performance. If using a module like - ## search404 then 404's *have *to be handled by Drupal. Uncomment to - ## relay the handling of 404's to Drupal. - ## error_page 404 /index.php; - - ## Using a nested location is the 'correct' way to use regexes. - - ## Regular private file serving (i.e. handled by Drupal). - location ^~ /system/files/ { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## If proxying to apache comment the two lines above and - ## uncomment the line below. - #proxy_pass http://phpapache/index.php?q=$uri; - #proxy_set_header Connection ''; - - ## For not signaling a 404 in the error log whenever the - ## system/files directory is accessed add the line below. - ## Note that the 404 is the intended behavior. - log_not_found off; - } - - ## Trying to access private files directly returns a 404. - location ^~ /sites/default/files/private/ { - internal; - } - - ## Support for the file_force module - ## http://drupal.org/project/file_force. - location ^~ /system/files_force/ { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## If proxying to apache comment the two lines above and - ## uncomment the line below. - #proxy_pass http://phpapache/index.php?q=$no_slash_uri; - #proxy_set_header Connection ''; - - ## For not signaling a 404 in the error log whenever the - ## system/files directory is accessed add the line below. - ## Note that the 404 is the intended behavior. - log_not_found off; - } - - ## If accessing an image generated by Drupal 6 imagecache, serve it - ## directly if available, if not relay the request to Drupal to (re)generate - ## the image. - location ~* /imagecache/ { - ## Image hotlinking protection. If you want hotlinking - ## protection for your images uncomment the following line. - #include apps/drupal/hotlinking_protection.conf; - - access_log off; - expires 30d; - try_files $uri @drupal; - } - - ## Drupal 7 generated image handling, i.e., imagecache in core. See: - ## http://drupal.org/node/371374. - location ~* /files/styles/ { - ## Image hotlinking protection. If you want hotlinking - ## protection for your images uncomment the following line. - #include apps/drupal/hotlinking_protection.conf; - - access_log off; - expires 30d; - try_files $uri @drupal; - } - - ## Advanced Aggregation module CSS - ## support. http://drupal.org/project/advagg. - location ^~ /sites/default/files/advagg_css/ { - expires max; - add_header ETag ''; - add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT'; - add_header Accept-Ranges ''; - - location ~* /sites/default/files/advagg_css/css[_[:alnum:]]+\.css$ { - access_log off; - try_files $uri @drupal; - } - } - - ## Advanced Aggregation module JS - ## support. http://drupal.org/project/advagg. - location ^~ /sites/default/files/advagg_js/ { - add_header Pragma ''; - add_header Cache-Control 'public, max-age=946080000'; - add_header Accept-Ranges ''; - - location ~* /sites/default/files/advagg_js/js[_[:alnum:]]+\.js$ { - access_log off; - try_files $uri @drupal; - } - } - - ## All static files will be served directly. - location ~* ^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|svg)$ { - access_log off; - expires 30d; - ## No need to bleed constant updates. Send the all shebang in one - ## fell swoop. - tcp_nodelay off; - } - - ## PDFs and powerpoint files handling. - location ~* ^.+\.(?:pdf|pptx?)$ { - expires 30d; - ## No need to bleed constant updates. Send the all shebang in one - ## fell swoop. - tcp_nodelay off; - } - - ## MP3 and Ogg/Vorbis files are served using AIO when supported. Your OS must support it. - location ^~ /sites/default/files/audio/mp3 { - location ~* ^/sites/default/files/audio/mp3/.*\.mp3$ { - directio 4k; # for XFS - ## If you're using ext3 or similar uncomment the line below and comment the above. - #directio 512; # for ext3 or similar (block alignments) - tcp_nopush off; - aio on; - output_buffers 1 2M; - } - } - - location ^~ /sites/default/files/audio/ogg { - location ~* ^/sites/default/files/audio/ogg/.*\.ogg$ { - directio 4k; # for XFS - ## If you're using ext3 or similar uncomment the line below and comment the above. - #directio 512; # for ext3 or similar (block alignments) - tcp_nopush off; - aio on; - output_buffers 1 2M; - } - } - - ## Pseudo streaming of FLV files: - ## http://wiki.nginx.org/HttpFlvStreamModule. - ## If pseudo streaming isn't working, try to comment - ## out in nginx.conf line with: - ## add_header X-Frame-Options SAMEORIGIN; - location ^~ /sites/default/files/video/flv { - location ~* ^/sites/default/files/video/flv/.*\.flv$ { - flv; - } - } - - ## Pseudo streaming of H264/AAC files. This requires an Nginx - ## version greater or equal to 1.0.7 for the stable branch and - ## greater or equal to 1.1.3 for the development branch. - ## Cf. http://nginx.org/en/docs/http/ngx_http_mp4_module.html. - location ^~ /sites/default/files/video/mp4 { # videos - location ~* ^/sites/default/files/video/mp4/.*\.(?:mp4|mov)$ { - mp4; - mp4_buffer_size 1M; - mp4_max_buffer_size 5M; - } - } - - location ^~ /sites/default/files/audio/m4a { # audios - location ~* ^/sites/default/files/audio/m4a/.*\.m4a$ { - mp4; - mp4_buffer_size 1M; - mp4_max_buffer_size 5M; - } - } - - ## Advanced Help module makes each module provided README available. - location ^~ /help/ { - location ~* ^/help/[^/]*/README\.txt$ { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## If proxying to apache comment the two lines above and - ## uncomment the line below. - #proxy_pass http://phpapache/index.php?q=$uri; - } - } - - ## Replicate the Apache <FilesMatch> directive of Drupal standard - ## .htaccess. Disable access to any code files. Return a 404 to curtail - ## information disclosure. Hide also the text files. - location ~* ^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|pot|sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ { - return 404; - } - - ## First we try the URI and relay to the @cache if not found. - try_files $uri @cache; -} - -## We define a named location for the cache. -location @cache { - ## Boost compresses can the pages so we check it. Comment it out - ## if you don't have it enabled in Boost. - gzip_static on; - - ## Error page handler for the case where $no_cache is 1. POST - ## request or authenticated. - error_page 418 = @drupal; - - ## If $no_cache is 1 then it means that either we have a session - ## cookie or that the request method is POST. So serve the dynamic - ## page. - if ($no_cache) { - return 418; # I'm a teapot/I can't get no cachifaction - } - - ## No caching for POST requests. - if ($request_method = POST) { - return 418; - } - - # Now for some header tweaking. We use a date that differs - # from stock Drupal. Everyone seems to be using their - # birthdate. Why go against the grain? - add_header Expires "Tue, 13 Jun 1977 03:45:00 GMT"; - # We bypass all delays in the post-check and pre-check - # parameters of Cache-Control. Both set to 0. - add_header Cache-Control "must-revalidate, post-check=0, pre-check=0"; - # Funny...perhaps. Egocentric? Damn right!; - add_header X-Header "Boost Helás Avril 1.0"; - ## Boost doesn't set a charset. - charset utf-8; - - # We try each boost URI in succession, if every one of them - # fails then relay to Drupal. - try_files /cache/normal/$host${uri}_${args}.html /cache/perm/$host${uri}_.css /cache/perm/$host${uri}_.js /cache/$host/0$uri.html /cache/$host/0${uri}/index.html @drupal; -} - -########### Security measures ########## - -## Uncomment the line below if you want to enable basic auth for -## access to all /admin URIs. Note that this provides much better -## protection if use HTTPS. Since it can easily be eavesdropped if you -## use HTTP. -#include apps/drupal/admin_basic_auth.conf; - -## Restrict access to the strictly necessary PHP files. Reducing the -## scope for exploits. Handling of PHP code and the Drupal event loop. -location @drupal { - ## Include the FastCGI config. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## FCGI microcache for authenticated users also. - include apps/drupal/microcache_fcgi_auth.conf; - - ## To use Apache for serving PHP uncomment the line bellow and - ## comment out the above. - #proxy_pass http://phpapache/index.php?q=$uri&$args; - #proxy_set_header Connection ''; - ## Proxy microcache for authenticated users also. - #include apps/drupal/microcache_proxy_auth.conf; - - ## Filefield Upload progress - ## http://drupal.org/project/filefield_nginx_progress support - ## through the NginxUploadProgress modules. - track_uploads uploads 60s; -} - -location @drupal-no-args { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_no_args_drupal.conf; - fastcgi_pass phpcgi; - - ## FCGI microcache for authenticated users also. - include apps/drupal/microcache_fcgi_auth.conf; - - ## If proxying to apache comment the two lines above and - ## uncomment the line below. - #proxy_pass http://phpapache/index.php?q=$uri; - #proxy_set_header Connection ''; - - ## Proxy microcache for authenticated users also. - #include apps/drupal/microcache_proxy_auth.conf; -} - -## Disallow access to .bzr, .git, .hg, .svn, .cvs directories: return -## 404 as not to disclose information. -location ^~ /.bzr { - return 404; -} - -location ^~ /.git { - return 404; -} - -location ^~ /.hg { - return 404; -} - -location ^~ /.svn { - return 404; -} - -location ^~ /.cvs { - return 404; -} - -## Disallow access to patches directory. -location ^~ /patches { - return 404; -} - -## Disallow access to drush backup directory. -location ^~ /backup { - return 404; -} - -## Disable access logs for robots.txt. -location = /robots.txt { - access_log off; - ## Add support for the robotstxt module - ## http://drupal.org/project/robotstxt. - try_files $uri @drupal-no-args; -} - -## RSS feed support. -location = /rss.xml { - try_files $uri @drupal-no-args; -} - -## XML Sitemap support. -location = /sitemap.xml { - try_files $uri @drupal-no-args; -} - -## Support for favicon. Return an 1x1 transparent GIF if it doesn't -## exist. -location = /favicon.ico { - expires 30d; - try_files /favicon.ico @empty; -} - -## Return an in memory 1x1 transparent GIF. -location @empty { - expires 30d; - empty_gif; -} - -## Any other attempt to access PHP files returns a 404. -location ~* ^.+\.php$ { - return 404; -} - -## Boost stats. -location = /boost_stats.php { - fastcgi_pass phpcgi; - ## To use Apache for serving PHP uncomment the line bellow and - ## comment out the above. - #proxy_pass http://phpapache; -} - diff --git a/guix/etc/nginx/apps/drupal/drupal_boost_escaped.conf b/guix/etc/nginx/apps/drupal/drupal_boost_escaped.conf deleted file mode 100644 index 36f5d98..0000000 --- a/guix/etc/nginx/apps/drupal/drupal_boost_escaped.conf +++ /dev/null @@ -1,382 +0,0 @@ -# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*- -### Nginx configuration for using Boost with Drupal. This -### configuration makes use of drush (http:///drupal.org/project/drush) -### for site maintenance and like tasks: -### -### 1. Run the cronjobs. -### 2. Run the DB and code updates: drush up or drush upc followed by -### drush updb to run any DB updates required by the code upgrades -### that were performed. -### 3. Disabling of xmlrpc.xml, install.php (needed only for -### installing the site) and update.php: all updates are now -### handled through drush. - -## To avoid the ugly rewrite we use Lua to escape the URI. -set_by_lua $escaped_uri 'return ngx.escape_uri(ngx.var.uri)'; - -## The 'default' location. -location / { - - ## Drupal 404 from can impact performance. If using a module like - ## search404 then 404's *have *to be handled by Drupal. Uncomment to - ## relay the handling of 404's to Drupal. - ## error_page 404 /index.php; - - ## Using a nested location is the 'correct' way to use regexes. - - ## Regular private file serving (i.e. handled by Drupal). - location ^~ /system/files/ { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## If proxying to apache comment the two lines above and - ## uncomment the line below. - #proxy_pass http://phpapache/index.php?q=$escaped_uri; - #proxy_set_header Connection ''; - - ## For not signaling a 404 in the error log whenever the - ## system/files directory is accessed add the line below. - ## Note that the 404 is the intended behavior. - log_not_found off; - } - - ## Trying to access private files directly returns a 404. - location ^~ /sites/default/files/private/ { - internal; - } - - ## Support for the file_force module - ## http://drupal.org/project/file_force. - location ^~ /system/files_force/ { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## If proxying to apache comment the two lines above and - ## uncomment the line below. - #proxy_pass http://phpapache/index.php?q=$no_slash_uri; - #proxy_set_header Connection ''; - - ## For not signaling a 404 in the error log whenever the - ## system/files directory is accessed add the line below. - ## Note that the 404 is the intended behavior. - log_not_found off; - } - - ## If accessing an image generated by Drupal 6 imagecache, serve it - ## directly if available, if not relay the request to Drupal to (re)generate - ## the image. - location ~* /imagecache/ { - ## Image hotlinking protection. If you want hotlinking - ## protection for your images uncomment the following line. - #include apps/drupal/hotlinking_protection.conf; - - access_log off; - expires 30d; - try_files $escaped_uri @drupal; - } - - ## Drupal 7 generated image handling, i.e., imagecache in core. See: - ## http://drupal.org/node/371374. - location ~* /files/styles/ { - ## Image hotlinking protection. If you want hotlinking - ## protection for your images uncomment the following line. - #include apps/drupal/hotlinking_protection.conf; - - access_log off; - expires 30d; - try_files $escaped_uri @drupal; - } - - ## Advanced Aggregation module CSS - ## support. http://drupal.org/project/advagg. - location ^~ /sites/default/files/advagg_css/ { - expires max; - add_header ETag ''; - add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT'; - add_header Accept-Ranges ''; - - location ~* /sites/default/files/advagg_css/css[_[:alnum:]]+\.css$ { - access_log off; - try_files $escaped_uri @drupal; - } - } - - ## Advanced Aggregation module JS - ## support. http://drupal.org/project/advagg. - location ^~ /sites/default/files/advagg_js/ { - add_header Pragma ''; - add_header Cache-Control 'public, max-age=946080000'; - add_header Accept-Ranges ''; - - location ~* /sites/default/files/advagg_js/js[_[:alnum:]]+\.js$ { - access_log off; - try_files $escaped_uri @drupal; - } - } - - ## All static files will be served directly. - location ~* ^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|svg)$ { - access_log off; - expires 30d; - ## No need to bleed constant updates. Send the all shebang in one - ## fell swoop. - tcp_nodelay off; - } - - ## PDFs and powerpoint files handling. - location ~* ^.+\.(?:pdf|pptx?)$ { - expires 30d; - ## No need to bleed constant updates. Send the all shebang in one - ## fell swoop. - tcp_nodelay off; - } - - ## MP3 and Ogg/Vorbis files are served using AIO when supported. Your OS must support it. - location ^~ /sites/default/files/audio/mp3 { - location ~* ^/sites/default/files/audio/mp3/.*\.mp3$ { - directio 4k; # for XFS - ## If you're using ext3 or similar uncomment the line below and comment the above. - #directio 512; # for ext3 or similar (block alignments) - tcp_nopush off; - aio on; - output_buffers 1 2M; - } - } - - location ^~ /sites/default/files/audio/ogg { - location ~* ^/sites/default/files/audio/ogg/.*\.ogg$ { - directio 4k; # for XFS - ## If you're using ext3 or similar uncomment the line below and comment the above. - #directio 512; # for ext3 or similar (block alignments) - tcp_nopush off; - aio on; - output_buffers 1 2M; - } - } - - ## Pseudo streaming of FLV files: - ## http://wiki.nginx.org/HttpFlvStreamModule. - ## If pseudo streaming isn't working, try to comment - ## out in nginx.conf line with: - ## add_header X-Frame-Options SAMEORIGIN; - location ^~ /sites/default/files/video/flv { - location ~* ^/sites/default/files/video/flv/.*\.flv$ { - flv; - } - } - - ## Pseudo streaming of H264/AAC files. This requires an Nginx - ## version greater or equal to 1.0.7 for the stable branch and - ## greater or equal to 1.1.3 for the development branch. - ## Cf. http://nginx.org/en/docs/http/ngx_http_mp4_module.html. - location ^~ /sites/default/files/video/mp4 { # videos - location ~* ^/sites/default/files/video/mp4/.*\.(?:mp4|mov)$ { - mp4; - mp4_buffer_size 1M; - mp4_max_buffer_size 5M; - } - } - - location ^~ /sites/default/files/audio/m4a { # audios - location ~* ^/sites/default/files/audio/m4a/.*\.m4a$ { - mp4; - mp4_buffer_size 1M; - mp4_max_buffer_size 5M; - } - } - - ## Advanced Help module makes each module provided README available. - location ^~ /help/ { - location ~* ^/help/[^/]*/README\.txt$ { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## If proxying to apache comment the two lines above and - ## uncomment the line below. - #proxy_pass http://phpapache/index.php?q=$escaped_uri; - #proxy_set_header Connection ''; - } - } - - ## Replicate the Apache <FilesMatch> directive of Drupal standard - ## .htaccess. Disable access to any code files. Return a 404 to curtail - ## information disclosure. Hide also the text files. - location ~* ^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|pot|sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ { - return 404; - } - - ## First we try the URI and relay to the @cache if not found. - try_files $escaped_uri @cache; -} - -## We define a named location for the cache. -location @cache { - ## Boost compresses can the pages so we check it. Comment it out - ## if you don't have it enabled in Boost. - gzip_static on; - - ## Error page handler for the case where $no_cache is 1. POST - ## request or authenticated. - error_page 418 = @drupal; - - ## If $no_cache is 1 then it means that either we have a session - ## cookie or that the request method is POST. So serve the dynamic - ## page. - if ($no_cache) { - return 418; # I'm a teapot/I can't get no cachifaction - } - - ## No caching for POST requests. - if ($request_method = POST) { - return 418; - } - - # Now for some header tweaking. We use a date that differs - # from stock Drupal. Everyone seems to be using their - # birthdate. Why go against the grain? - add_header Expires "Tue, 13 Jun 1977 03:45:00 GMT"; - # We bypass all delays in the post-check and pre-check - # parameters of Cache-Control. Both set to 0. - add_header Cache-Control "must-revalidate, post-check=0, pre-check=0"; - # Funny...perhaps. Egocentric? Damn right!; - add_header X-Header "Boost Helás Avril 1.0"; - ## Boost doesn't set a charset. - charset utf-8; - - # We try each boost URI in succession, if every one of them - # fails then relay to Drupal. - try_files /cache/normal/$host${uri}_${args}.html /cache/perm/$host${uri}_.css /cache/perm/$host${uri}_.js /cache/$host/0$escaped_uri.html /cache/$host/0${uri}/index.html @drupal; -} - -########### Security measures ########## - -## Uncomment the line below if you want to enable basic auth for -## access to all /admin URIs. Note that this provides much better -## protection if use HTTPS. Since it can easily be eavesdropped if you -## use HTTP. -#include apps/drupal/admin_basic_auth.conf; - -## Restrict access to the strictly necessary PHP files. Reducing the -## scope for exploits. Handling of PHP code and the Drupal event loop. -location @drupal { - ## Include the FastCGI config. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## FCGI microcache for authenticated users also. - include apps/drupal/microcache_fcgi_auth.conf; - - ## To use Apache for serving PHP uncomment the line bellow and - ## comment out the above. - #proxy_pass http://phpapache/index.php?q=$escaped_uri&$args; - #proxy_set_header Connection ''; - ## Proxy microcache for authenticated users also. - #include apps/drupal/microcache_proxy_auth.conf; - - ## Filefield Upload progress - ## http://drupal.org/project/filefield_nginx_progress support - ## through the NginxUploadProgress modules. - track_uploads uploads 60s; -} - -location @drupal-no-args { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_no_args_drupal.conf; - fastcgi_pass phpcgi; - - ## FCGI microcache for authenticated users also. - include apps/drupal/microcache_fcgi_auth.conf; - - ## If proxying to apache comment the two lines above and - ## uncomment the line below. - #proxy_pass http://phpapache/index.php?q=$escaped_uri; - #proxy_set_header Connection ''; - - ## Proxy microcache for authenticated users also. - #include apps/drupal/microcache_proxy_auth.conf; -} - -## Disallow access to .bzr, .git, .hg, .svn, .cvs directories: return -## 404 as not to disclose information. -location ^~ /.bzr { - return 404; -} - -location ^~ /.git { - return 404; -} - -location ^~ /.hg { - return 404; -} - -location ^~ /.svn { - return 404; -} - -location ^~ /.cvs { - return 404; -} - -## Disallow access to patches directory. -location ^~ /patches { - return 404; -} - -## Disallow access to drush backup directory. -location ^~ /backup { - return 404; -} - -## Disable access logs for robots.txt. -location = /robots.txt { - access_log off; - ## Add support for the robotstxt module - ## http://drupal.org/project/robotstxt. - try_files $uri @drupal-no-args; -} - -## RSS feed support. -location = /rss.xml { - try_files $escaped_uri @drupal-no-args; -} - -## XML Sitemap support. -location = /sitemap.xml { - try_files $escaped_uri @drupal-no-args; -} - -## Support for favicon. Return an 1x1 transparent GIF if it doesn't -## exist. -location = /favicon.ico { - expires 30d; - try_files /favicon.ico @empty; -} - -## Return an in memory 1x1 transparent GIF. -location @empty { - expires 30d; - empty_gif; -} - -## Any other attempt to access PHP files returns a 404. -location ~* ^.+\.php$ { - return 404; -} - -## Boost stats. -location = /boost_stats.php { - fastcgi_pass phpcgi; - ## To use Apache for serving PHP uncomment the line bellow and - ## comment out the above. - #proxy_pass http://phpapache; - #proxy_set_header Connection ''; -} - diff --git a/guix/etc/nginx/apps/drupal/drupal_cron_update.conf b/guix/etc/nginx/apps/drupal/drupal_cron_update.conf deleted file mode 100644 index 55500e9..0000000 --- a/guix/etc/nginx/apps/drupal/drupal_cron_update.conf +++ /dev/null @@ -1,40 +0,0 @@ -# -*- mode: nginx; mode:autopair; mode: flyspell-prog; ispell-local-dictionary: "american" -*- -### Configuration file for Drupal if you're not using drush to update your site or run cron. - -## XMLRPC. Comment out if not enabled. -location = /xmlrpc.php { - fastcgi_pass phpcgi; - # To use Apache for serving PHP uncomment the line bellow and - # comment out the above. - #proxy_pass http://phpapache; -} - -## Restrict cron access to a specific host. -location = /cron.php { - ## If not allowed to run cron then issue a 404 and redirect to the - ## site root. - if ($not_allowed_cron) { - return 404 /; - } - fastcgi_pass phpcgi; - ## To use Apache for serving PHP uncomment the line bellow and - ## comment out the above. - #proxy_pass http://phpapache; -} - -## Run the update from the web interface with Drupal 7. -location = /authorize.php { - fastcgi_pass phpcgi; - ## To use Apache for serving PHP uncomment the line bellow and - ## comment out the above. - #proxy_pass http://phpapache; -} - -location = /update.php { - auth_basic "Restricted Access"; # auth realm - auth_basic_user_file .htpasswd-users; # htpasswd file - fastcgi_pass phpcgi; - ## To use Apache for serving PHP uncomment the line bellow and - ## comment out the above. - #proxy_pass http://phpapache; -} diff --git a/guix/etc/nginx/apps/drupal/drupal_escaped.conf b/guix/etc/nginx/apps/drupal/drupal_escaped.conf deleted file mode 100644 index db08cc0..0000000 --- a/guix/etc/nginx/apps/drupal/drupal_escaped.conf +++ /dev/null @@ -1,347 +0,0 @@ -# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*- -### Nginx configuration for Drupal. This configuration makes use of -### drush (http:///drupal.org/project/drush) for site maintenance -### and like tasks: -### -### 1. Run the cronjobs. -### 2. Run the DB and code updates: drush up or drush upc followed by -### drush updb to run any DB updates required by the code upgrades -### that were performed. -### 3. Disabling of xmlrpc.xml, install.php (needed only for -### installing the site) and update.php: all updates are now -### handled through drush. - -## To avoid the ugly rewrite we use Lua to escape the URI. -set_by_lua $escaped_uri 'return ngx.escape_uri(ngx.var.uri)'; - -## The 'default' location. -location / { - - ## Drupal 404 from can impact performance. If using a module like - ## search404 then 404's *have *to be handled by Drupal. Uncomment to - ## relay the handling of 404's to Drupal. - ## error_page 404 /index.php; - - ## Using a nested location is the 'correct' way to use regexes. - - ## Regular private file serving (i.e. handled by Drupal). - location ^~ /system/files/ { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## If proxying to apache comment the two lines above and - ## uncomment the line below. - #proxy_pass http://phpapache/index.php?q=$escaped_uri; - #proxy_set_header Connection ''; - - ## For not signaling a 404 in the error log whenever the - ## system/files directory is accessed add the line below. - ## Note that the 404 is the intended behavior. - log_not_found off; - } - - ## Trying to access private files directly returns a 404. - location ^~ /sites/default/files/private/ { - internal; - } - - ## Support for the file_force module - ## http://drupal.org/project/file_force. - location ^~ /system/files_force/ { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## If proxying to apache comment the two lines above and - ## uncomment the line below. - #proxy_pass http://phpapache/index.php?q=$no_slash_uri; - #proxy_set_header Connection ''; - - ## For not signaling a 404 in the error log whenever the - ## system/files directory is accessed add the line below. - ## Note that the 404 is the intended behavior. - log_not_found off; - } - - ## If accessing an image generated by Drupal 6 imagecache, serve it - ## directly if available, if not relay the request to Drupal to (re)generate - ## the image. - location ~* /imagecache/ { - ## Image hotlinking protection. If you want hotlinking - ## protection for your images uncomment the following line. - #include apps/drupal/hotlinking_protection.conf; - - access_log off; - expires 30d; - try_files $escaped_uri @drupal; - } - - ## Drupal 7 generated image handling, i.e., imagecache in core. See: - ## http://drupal.org/node/371374. - location ~* /files/styles/ { - ## Image hotlinking protection. If you want hotlinking - ## protection for your images uncomment the following line. - #include apps/drupal/hotlinking_protection.conf; - - access_log off; - expires 30d; - try_files $escaped_uri @drupal; - } - - ## Advanced Aggregation module CSS - ## support. http://drupal.org/project/advagg. - location ^~ /sites/default/files/advagg_css/ { - expires max; - add_header ETag ''; - add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT'; - add_header Accept-Ranges ''; - - location ~* /sites/default/files/advagg_css/css[_[:alnum:]]+\.css$ { - access_log off; - try_files $escaped_uri @drupal; - } - } - - ## Advanced Aggregation module JS - ## support. http://drupal.org/project/advagg. - location ^~ /sites/default/files/advagg_js/ { - expires max; - add_header ETag ''; - add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT'; - add_header Accept-Ranges ''; - - location ~* /sites/default/files/advagg_js/js[_[:alnum:]]+\.js$ { - access_log off; - try_files $escaped_uri @drupal; - } - } - - ## All static files will be served directly. - location ~* ^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|svg)$ { - access_log off; - expires 30d; - ## No need to bleed constant updates. Send the all shebang in one - ## fell swoop. - tcp_nodelay off; - ## Set the OS file cache. - open_file_cache max=3000 inactive=120s; - open_file_cache_valid 45s; - open_file_cache_min_uses 2; - open_file_cache_errors off; - } - - ## PDFs and powerpoint files handling. - location ~* ^.+\.(?:pdf|pptx?)$ { - expires 30d; - ## No need to bleed constant updates. Send the all shebang in one - ## fell swoop. - tcp_nodelay off; - } - - ## MP3 and Ogg/Vorbis files are served using AIO when supported. Your OS must support it. - location ^~ /sites/default/files/audio/mp3 { - location ~* ^/sites/default/files/audio/mp3/.*\.mp3$ { - directio 4k; # for XFS - ## If you're using ext3 or similar uncomment the line below and comment the above. - #directio 512; # for ext3 or similar (block alignments) - tcp_nopush off; - aio on; - output_buffers 1 2M; - } - } - - location ^~ /sites/default/files/audio/ogg { - location ~* ^/sites/default/files/audio/ogg/.*\.ogg$ { - directio 4k; # for XFS - ## If you're using ext3 or similar uncomment the line below and comment the above. - #directio 512; # for ext3 or similar (block alignments) - tcp_nopush off; - aio on; - output_buffers 1 2M; - } - } - - ## Pseudo streaming of FLV files: - ## http://wiki.nginx.org/HttpFlvStreamModule. - ## If pseudo streaming isn't working, try to comment - ## out in nginx.conf line with: - ## add_header X-Frame-Options SAMEORIGIN; - location ^~ /sites/default/files/video/flv { - location ~* ^/sites/default/files/video/flv/.*\.flv$ { - flv; - } - } - - ## Pseudo streaming of H264/AAC files. This requires an Nginx - ## version greater or equal to 1.0.7 for the stable branch and - ## greater or equal to 1.1.3 for the development branch. - ## Cf. http://nginx.org/en/docs/http/ngx_http_mp4_module.html. - location ^~ /sites/default/files/video/mp4 { # videos - location ~* ^/sites/default/files/video/mp4/.*\.(?:mp4|mov)$ { - mp4; - mp4_buffer_size 1M; - mp4_max_buffer_size 5M; - } - } - - location ^~ /sites/default/files/audio/m4a { # audios - location ~* ^/sites/default/files/audio/m4a/.*\.m4a$ { - mp4; - mp4_buffer_size 1M; - mp4_max_buffer_size 5M; - } - } - - ## Advanced Help module makes each module provided README available. - location ^~ /help/ { - location ~* ^/help/[^/]*/README\.txt$ { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## If proxying to apache comment the two lines above and - ## uncomment the line below. - #proxy_pass http://phpapache/index.php?q=$escaped_uri; - } - } - - ## Replicate the Apache <FilesMatch> directive of Drupal standard - ## .htaccess. Disable access to any code files. Return a 404 to curtail - ## information disclosure. Hide also the text files. - location ~* ^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|pot|sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ { - return 404; - } - - ## First we try the URI and relay to the /index.php?q=$escaped_uri&$args if not found. - try_files $escaped_uri @drupal; -} - -########### Security measures ########## - -## Uncomment the line below if you want to enable basic auth for -## access to all /admin URIs. Note that this provides much better -## protection if use HTTPS. Since it can easily be eavesdropped if you -## use HTTP. -#include apps/drupal/admin_basic_auth.conf; - -## Restrict access to the strictly necessary PHP files. Reducing the -## scope for exploits. Handling of PHP code and the Drupal event loop. -location @drupal { - ## Include the FastCGI config. - include apps/drupal/fastcgi_drupal.conf; - fastcgi_pass phpcgi; - - ## FastCGI microcache. - include apps/drupal/microcache_fcgi.conf; - ## FCGI microcache for authenticated users also. - #include apps/drupal/microcache_fcgi_auth.conf; - - ## To use Apache for serving PHP uncomment the line bellow and - ## comment out the above. - #proxy_pass http://phpapache/index.php?q=$escaped_uri&$args; - #proxy_set_header Connection ''; - ## Proxy microcache. - #include apps/drupal/microcache_proxy.conf; - ## Proxy microcache for authenticated users also. - #include apps/drupal/microcache_proxy_auth.conf; - - ## Filefield Upload progress - ## http://drupal.org/project/filefield_nginx_progress support - ## through the NginxUploadProgress modules. - track_uploads uploads 60s; -} - -location @drupal-no-args { - ## Include the specific FastCGI configuration. This is for a - ## FCGI backend like php-cgi or php-fpm. - include apps/drupal/fastcgi_no_args_drupal.conf; - fastcgi_pass phpcgi; - - ## FastCGI microcache. - include apps/drupal/microcache_fcgi.conf; - ## FCGI microcache for authenticated users also. - #include apps/drupal/microcache_fcgi_auth.conf; - - ## If proxying to apache comment the two lines above and - ## uncomment the line below. - #proxy_pass http://phpapache/index.php?q=$escaped_uri; - #proxy_set_header Connection ''; - - ## Proxy microcache. - #include apps/drupal/microcache_proxy.conf; - ## Proxy microcache for authenticated users also. - #include apps/drupal/microcache_proxy_auth.conf; -} - -## Disallow access to .bzr, .git, .hg, .svn, .cvs directories: return -## 404 as not to disclose information. -location ^~ /.bzr { - return 404; -} - -location ^~ /.git { - return 404; -} - -location ^~ /.hg { - return 404; -} - -location ^~ /.svn { - return 404; -} - -location ^~ /.cvs { - return 404; -} - -## Disallow access to patches directory. -location ^~ /patches { - return 404; -} - -## Disallow access to drush backup directory. -location ^~ /backup { - return 404; -} - -## Disable access logs for robots.txt. -location = /robots.txt { - access_log off; - ## Add support for the robotstxt module - ## http://drupal.org/project/robotstxt. - try_files $uri @drupal-no-args; -} - -## RSS feed support. -location = /rss.xml { - try_files $escaped_uri @drupal-no-args; -} - -## XML Sitemap support. -location = /sitemap.xml { - try_files $escaped_uri @drupal-no-args; -} - -## Support for favicon. Return an 1x1 transparent GIF if it doesn't -## exist. -location = /favicon.ico { - expires 30d; - try_files /favicon.ico @empty; -} - -## Return an in memory 1x1 transparent GIF. -location @empty { - expires 30d; - empty_gif; -} - -## Any other attempt to access PHP files returns a 404. -location ~* ^.+\.php$ { - return 404; -} - diff --git a/guix/etc/nginx/apps/drupal/drupal_install.conf b/guix/etc/nginx/apps/drupal/drupal_install.conf deleted file mode 100644 index 1f4f11b..0000000 --- a/guix/etc/nginx/apps/drupal/drupal_install.conf +++ /dev/null @@ -1,16 +0,0 @@ -# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*- - -### Directives for installing drupal. This is for drupal 6 and 7. - -location = /install.php { - auth_basic "Restricted Access"; # auth realm - auth_basic_user_file .htpasswd-users; # htpasswd file - fastcgi_pass phpcgi; -} - -## This is for drupal 8. There's a new location for the install file. -location = /core/install.php { - auth_basic "Restricted Access"; # auth realm - auth_basic_user_file .htpasswd-users; # htpasswd file - fastcgi_pass phpcgi; -} diff --git a/guix/etc/nginx/apps/drupal/drupal_upload_progress.conf b/guix/etc/nginx/apps/drupal/drupal_upload_progress.conf deleted file mode 100644 index 843fb06..0000000 --- a/guix/etc/nginx/apps/drupal/drupal_upload_progress.conf +++ /dev/null @@ -1,23 +0,0 @@ -# -*- mode: nginx; mode: flyspell-prog; ispell-current-dictionary: american -*- - -### Drupal 7 configuration for the Nginx Upload Progress module: -### https://github.com/masterzen/nginx-upload-progress-module -### This requires the Filefield Nginx Progress module: -### http://drupal.org/project/filefield_nginx_progress. - -## The Nginx module wants ?X-Progress-ID query parameter so -## that it report the progress of the upload through a GET -## request. But the drupal form element makes use of clean -## URLs in the POST. - -location ~ (?<upload_form_uri>.*)/x-progress-id:(?<upload_id>\d*) { - rewrite ^ $upload_form_uri?X-Progress-ID=$upload_id; -} - -## Now the above rewrite must be matched by a location that -## activates it and references the above defined upload -## tracking zone. -location ^~ /progress { - upload_progress_json_output; - report_uploads uploads; -} diff --git a/guix/etc/nginx/apps/drupal/fastcgi_drupal.conf b/guix/etc/nginx/apps/drupal/fastcgi_drupal.conf deleted file mode 100644 index be59f85..0000000 --- a/guix/etc/nginx/apps/drupal/fastcgi_drupal.conf +++ /dev/null @@ -1,43 +0,0 @@ -#-*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*- -### fastcgi configuration for serving private files. -## 1. Parameters. -fastcgi_param QUERY_STRING q=$uri&$args; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME /index.php; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; -## PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; -fastcgi_param SCRIPT_FILENAME $document_root/index.php; -## HTTPS 'on' parameter. This requires Nginx version 1.1.11 or -## later. The if_not_empty flag was introduced in 1.1.11. See: -## http://nginx.org/en/CHANGES. If using a version that doesn't -## support this comment out the line below. -fastcgi_param HTTPS $fastcgi_https if_not_empty; -## For Nginx versions below 1.1.11 uncomment the line below after commenting out the above. -#fastcgi_param HTTPS $fastcgi_https; - -## 2. Nginx FCGI specific directives. -fastcgi_buffers 256 4k; -fastcgi_intercept_errors on; -## Allow 4 hrs - pass timeout responsibility to upstream. -fastcgi_read_timeout 14400; -fastcgi_index index.php; -## Hide the X-Drupal-Cache header provided by Pressflow. -fastcgi_hide_header 'X-Drupal-Cache'; -## Hide the Drupal 7 header X-Generator. -fastcgi_hide_header 'X-Generator'; diff --git a/guix/etc/nginx/apps/drupal/fastcgi_no_args_drupal.conf b/guix/etc/nginx/apps/drupal/fastcgi_no_args_drupal.conf deleted file mode 100644 index 683e4ce..0000000 --- a/guix/etc/nginx/apps/drupal/fastcgi_no_args_drupal.conf +++ /dev/null @@ -1,43 +0,0 @@ -#-*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*- -### fastcgi configuration for serving private files. -## 1. Parameters. -fastcgi_param QUERY_STRING q=$uri; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME /index.php; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; -## PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; -fastcgi_param SCRIPT_FILENAME $document_root/index.php; -## HTTPS 'on' parameter. This requires Nginx version 1.1.11 or -## later. The if_not_empty flag was introduced in 1.1.11. See: -## http://nginx.org/en/CHANGES. If using a version that doesn't -## support this comment out the line below. -fastcgi_param HTTPS $fastcgi_https if_not_empty; -## For Nginx versions below 1.1.11 uncomment the line below after commenting out the above. -#fastcgi_param HTTPS $fastcgi_https; - -## 2. Nginx FCGI specific directives. -fastcgi_buffers 256 4k; -fastcgi_intercept_errors on; -## Allow 4 hrs - pass timeout responsibility to upstream. -fastcgi_read_timeout 14400; -fastcgi_index index.php; -## Hide the X-Drupal-Cache header provided by Pressflow. -fastcgi_hide_header 'X-Drupal-Cache'; -## Hide the Drupal 7 header X-Generator. -fastcgi_hide_header 'X-Generator'; diff --git a/guix/etc/nginx/apps/drupal/hotlinking_protection.conf b/guix/etc/nginx/apps/drupal/hotlinking_protection.conf deleted file mode 100644 index f2926e1..0000000 --- a/guix/etc/nginx/apps/drupal/hotlinking_protection.conf +++ /dev/null @@ -1,10 +0,0 @@ -# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*- - -### Hotlinking protection for images. Include it in any context you -### want. Adjust the list of allowed referers to your liking. - -valid_referers none blocked *.example.com *.google.com my.site.com; - -if ($invalid_referer) { - return 200 "No image hotlinking allowed!\n"; -} diff --git a/guix/etc/nginx/apps/drupal/map_cache.conf b/guix/etc/nginx/apps/drupal/map_cache.conf deleted file mode 100644 index 8166fcd..0000000 --- a/guix/etc/nginx/apps/drupal/map_cache.conf +++ /dev/null @@ -1,39 +0,0 @@ -# -*- mode: nginx; mode: flyspell-prog; ispell-current-dictionary: american -*- - -### Testing if we should be serving content from cache or not. This is -### needed for any Drupal setup that uses an external cache. - -## Let Ajax calls go through. -map $uri $no_cache_ajax { - default 0; - /system/ajax 1; -} - -## Testing for the session cookie being present. If there is then no -## caching is to be done. Note that this is for someone using either -## Drupal 7 pressflow or stock Drupal 6 core with no_anon -## (http://drupal.org/project/no_anon). -map $http_cookie $no_cache_cookie { - default 0; - ~SESS 1; # PHP session cookie -} - -## Combine both results to get the cache bypassing mapping. -map $no_cache_ajax$no_cache_cookie $no_cache { - default 1; - 00 0; -} - -## If you're using stock Drupal 6 without no_anon, i.e., there's a -## session cookie being served even to anonymous users, then uncomment -## the three lines below and comment the above map directive -# map $http_cookie $no_cache { -# default 0; -# ~DRUPAL_UID 1; # DRUPAL_UID cookie set by Boost -# } - -## Set a cache_uid variable for authenticated users. -map $http_cookie $cache_uid { - default nil; # hommage to Lisp :) - ~SESS[[:alnum:]]+=(?<session_id>[[:graph:]]+) $session_id; -} diff --git a/guix/etc/nginx/apps/drupal/microcache_fcgi.conf b/guix/etc/nginx/apps/drupal/microcache_fcgi.conf deleted file mode 100644 index e7e8184..0000000 --- a/guix/etc/nginx/apps/drupal/microcache_fcgi.conf +++ /dev/null @@ -1,39 +0,0 @@ -# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*- - -### Implementation of the microcache concept as presented here: -### http://fennb.com/microcaching-speed-your-app-up-250x-with-no-n - -## The cache zone referenced. -fastcgi_cache microcache; -## The cache key. -fastcgi_cache_key $scheme$request_method$host$request_uri; - -## For 200 and 301 make the cache valid for 1s seconds. -fastcgi_cache_valid 200 301 1s; -## For 302 make it valid for 1 minute. -fastcgi_cache_valid 302 1m; -## For 404 make it valid 1 second. -fastcgi_cache_valid 404 1s; -## If there are any upstream errors or the item has expired use -## whatever it is available. -fastcgi_cache_use_stale error timeout invalid_header updating http_500; -## The Cache-Control and Expires headers should be delivered untouched -## from the upstream to the client. -fastcgi_ignore_headers Cache-Control Expires; -## Bypass the cache. -fastcgi_cache_bypass $no_cache; -fastcgi_no_cache $no_cache; - -## To avoid any interaction with the cache control headers we expire -## everything on this location immediately. -expires epoch; - -## If you're using a Nginx version greater than 1.1.11 then uncomment -## the line below. See: -## http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache_lock -## Cache locking mechanism for protecting the backend of too many -## simultaneous requests. -#fastcgi_cache_lock on; -## The default timeout, i.e., the time to way before forwarding the -## second request upstream if no reply as arrived in the meantime is 5s. -#fastcgi_cache_lock_timeout 8000; # in miliseconds. diff --git a/guix/etc/nginx/apps/drupal/microcache_fcgi_auth.conf b/guix/etc/nginx/apps/drupal/microcache_fcgi_auth.conf deleted file mode 100644 index 7b2b7c3..0000000 --- a/guix/etc/nginx/apps/drupal/microcache_fcgi_auth.conf +++ /dev/null @@ -1,51 +0,0 @@ -# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*- - -## The cache zone referenced. -fastcgi_cache microcache; -## The cache key. -fastcgi_cache_key $cache_uid@$scheme$request_method$host$request_uri; - -## For 200 and 301 make the cache valid for 15s. -fastcgi_cache_valid 200 301 15s; -## For 302 make it valid for 1 minute. -fastcgi_cache_valid 302 1m; -## For 404 make it valid 1 second. -fastcgi_cache_valid 404 1s; -## If there are any upstream errors use whatever it is available. -fastcgi_cache_use_stale error timeout invalid_header updating http_500; -## The Cache-Control and Expires headers should be delivered untouched -## from the upstream to the client. -fastcgi_ignore_headers Cache-Control Expires; -fastcgi_pass_header Set-Cookie; -fastcgi_pass_header Cookie; -## Bypass the cache. -# fastcgi_cache_bypass $no_auth_cache; -# fastcgi_no_cache $no_auth_cache; -## Add a cache miss/hit status header. -add_header X-Micro-Cache $upstream_cache_status; -## To avoid any interaction with the cache control headers we expire -## everything on this location immediately. -expires epoch; - -## Enable clickjacking protection in modern browsers. Available in -## IE8 also. See -## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header -## This may conflicts with pseudo streaming (at least with Nginx version 1.0.12). -## Uncomment the line below if you're not using media streaming. -## For sites *not* using frames uncomment the line below. -#add_header X-Frame-Options DENY; -## For sites *using* frames uncomment the line below. -#add_header X-Frame-Options SAMEORIGIN; - -## Block MIME type sniffing on IE. -add_header X-Content-Options nosniff; - -## If you're using a Nginx version greater than 1.1.11 then uncomment -## the line below. See: -## http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache_lock -## Cache locking mechanism for protecting the backend of too many -## simultaneous requests. -#fastcgi_cache_lock on; -## The default timeout, i.e., the time to way before forwarding the -## second request upstream if no reply as arrived in the meantime is 5s. -#fastcgi_cache_lock_timeout 8000; # in miliseconds. diff --git a/guix/etc/nginx/apps/drupal/microcache_proxy.conf b/guix/etc/nginx/apps/drupal/microcache_proxy.conf deleted file mode 100644 index 6708684..0000000 --- a/guix/etc/nginx/apps/drupal/microcache_proxy.conf +++ /dev/null @@ -1,53 +0,0 @@ -# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*- - -### Implementation of the microcache concept as presented here: -### http://fennb.com/microcaching-speed-your-app-up-250x-with-no-n - -## The cache zone referenced. -proxy_cache microcache; -## The cache key. -proxy_cache_key $host$request_uri; - -## For 200 and 301 make the cache valid for 15 seconds. -proxy_cache_valid 200 301 15s; -## For 302 make it valid for 1 minute. -proxy_cache_valid 302 1m; -## For 404 make it valid 1 second. -proxy_cache_valid 404 1s; -## If there are any upstream errors or the item has expired use -## whatever it is available. -proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; -## The Cache-Control and Expires headers should be delivered untouched -## from the upstream to the client. -proxy_ignore_headers Cache-Control Expires; -## Bypass the cache. -proxy_cache_bypass $no_cache; -proxy_no_cache $no_cache; -## Add a cache miss/hit status header. -add_header X-Micro-Cache $upstream_cache_status; -## To avoid any interaction with the cache control headers we expire -## everything on this location immediately. -expires epoch; - -## Enable clickjacking protection in modern browsers. Available in -## IE8 also. See -## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header -## This may conflicts with pseudo streaming (at least with Nginx version 1.0.12). -## Uncomment the line below if you're not using media streaming. -## For sites *not* using frames uncomment the line below. -#add_header X-Frame-Options DENY; -## For sites *using* frames uncomment the line below. -#add_header X-Frame-Options SAMEORIGIN; - -## Block MIME type sniffing on IE. -add_header X-Content-Options nosniff; - -## If you're using a Nginx version greater than 1.1.11 then uncomment -## the line below. See: -## http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_lock. -## Cache locking mechanism for protecting the backendof too many -## simultaneous requests. -#proxy_cache_lock on; -## The default timeout, i.e., the time to way before forwarding the -## second request upstream if no reply as arrived in the meantime is 5s. -# proxy_cache_lock_timeout 8000; # in miliseconds. diff --git a/guix/etc/nginx/apps/drupal/microcache_proxy_auth.conf b/guix/etc/nginx/apps/drupal/microcache_proxy_auth.conf deleted file mode 100644 index e351b1b..0000000 --- a/guix/etc/nginx/apps/drupal/microcache_proxy_auth.conf +++ /dev/null @@ -1,54 +0,0 @@ -# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*- - -### Implementation of the microcache concept as presented here: -### http://fennb.com/microcaching-speed-your-app-up-250x-with-no-n - -## The cache zone referenced. -proxy_cache microcache; -## The cache key. -proxy_cache_key $cache_uid@$host$request_uri; - -## For 200 and 301 make the cache valid for 15 seconds. -proxy_cache_valid 200 301 15s; -## For 302 make it valid for 1 minute. -proxy_cache_valid 302 1m; -## For 404 make it valid 1 second. -proxy_cache_valid 404 1s; -## If there are any upstream errors or the item has expired use -## whatever it is available. -proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; -## The Cache-Control and Expires headers should be delivered untouched -## from the upstream to the client. -proxy_ignore_headers Cache-Control Expires; -proxy_pass_header Set-Cookie; -proxy_pass_header Cookie; -## Bypass the cache. -proxy_cache_bypass $no_auth_cache; -proxy_no_cache $no_auth_cache; -## Add a cache miss/hit status header. -add_header X-Micro-Cache $upstream_cache_status; -## To avoid any interaction with the cache control headers we expire -## everything on this location immediately. -expires epoch; -## Enable clickjacking protection in modern browsers. Available in -## IE8 also. See -## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header -## This may conflicts with pseudo streaming (at least with Nginx version 1.0.12). -## Uncomment the line below if you're not using media streaming. -## For sites *not* using frames uncomment the line below. -#add_header X-Frame-Options DENY; -## For sites *using* frames uncomment the line below. -#add_header X-Frame-Options SAMEORIGIN; - -## Block MIME type sniffing on IE. -add_header X-Content-Options nosniff; - -## If you're using a Nginx version greater than 1.1.11 then uncomment -## the line below. See: -## http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_lock. -## Cache locking mechanism for protecting the backendof too many -## simultaneous requests. -#proxy_cache_lock on; -## The default timeout, i.e., the time to way before forwarding the -## second request upstream if no reply as arrived in the meantime is 5s. -# proxy_cache_lock_timeout 8000; # in miliseconds. diff --git a/guix/etc/nginx/conf.d/favicon_robots b/guix/etc/nginx/conf.d/favicon_robots deleted file mode 100644 index 3c6e417..0000000 --- a/guix/etc/nginx/conf.d/favicon_robots +++ /dev/null @@ -1,11 +0,0 @@ -location = /robots.txt { - root /var/www/robots-favicon; -} - -location = /favicon.ico { - root /var/www/robots-favicon; -} - -location = /static/web-common/favicon-taler.ico { - alias /var/www/robots-favicon/favicon.ico; -} diff --git a/guix/etc/nginx/conf.d/talerssl b/guix/etc/nginx/conf.d/talerssl deleted file mode 100644 index 3c33de6..0000000 --- a/guix/etc/nginx/conf.d/talerssl +++ /dev/null @@ -1,14 +0,0 @@ -ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; -ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; -ssl_prefer_server_ciphers on; -ssl_session_cache shared:SSL:10m; -ssl_dhparam /etc/ssl/certs/dhparam.pem; -ssl_protocols TLSv1.2 TLSv1.1 TLSv1; -ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - -add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; -add_header X-XSS-Protection "1; mode=block"; -add_header X-Frame-Options "SAMEORIGIN"; -add_header X-Content-Type-Options "nosniff"; -add_header Content-Security-Policy "default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss://buildbot.taler.net"; -add_header Referrer-Policy "same-origin"; diff --git a/guix/etc/nginx/fastcgi.conf b/guix/etc/nginx/fastcgi.conf deleted file mode 100644 index 091738c..0000000 --- a/guix/etc/nginx/fastcgi.conf +++ /dev/null @@ -1,26 +0,0 @@ - -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/guix/etc/nginx/fastcgi_params b/guix/etc/nginx/fastcgi_params deleted file mode 100644 index 28decb9..0000000 --- a/guix/etc/nginx/fastcgi_params +++ /dev/null @@ -1,25 +0,0 @@ - -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/guix/etc/nginx/koi-utf b/guix/etc/nginx/koi-utf deleted file mode 100644 index e7974ff..0000000 --- a/guix/etc/nginx/koi-utf +++ /dev/null @@ -1,109 +0,0 @@ - -# This map is not a full koi8-r <> utf8 map: it does not contain -# box-drawing and some other characters. Besides this map contains -# several koi8-u and Byelorussian letters which are not in koi8-r. -# If you need a full and standard map, use contrib/unicode2nginx/koi-utf -# map instead. - -charset_map koi8-r utf-8 { - - 80 E282AC ; # euro - - 95 E280A2 ; # bullet - - 9A C2A0 ; # - - 9E C2B7 ; # · - - A3 D191 ; # small yo - A4 D194 ; # small Ukrainian ye - - A6 D196 ; # small Ukrainian i - A7 D197 ; # small Ukrainian yi - - AD D291 ; # small Ukrainian soft g - AE D19E ; # small Byelorussian short u - - B0 C2B0 ; # ° - - B3 D081 ; # capital YO - B4 D084 ; # capital Ukrainian YE - - B6 D086 ; # capital Ukrainian I - B7 D087 ; # capital Ukrainian YI - - B9 E28496 ; # numero sign - - BD D290 ; # capital Ukrainian soft G - BE D18E ; # capital Byelorussian short U - - BF C2A9 ; # (C) - - C0 D18E ; # small yu - C1 D0B0 ; # small a - C2 D0B1 ; # small b - C3 D186 ; # small ts - C4 D0B4 ; # small d - C5 D0B5 ; # small ye - C6 D184 ; # small f - C7 D0B3 ; # small g - C8 D185 ; # small kh - C9 D0B8 ; # small i - CA D0B9 ; # small j - CB D0BA ; # small k - CC D0BB ; # small l - CD D0BC ; # small m - CE D0BD ; # small n - CF D0BE ; # small o - - D0 D0BF ; # small p - D1 D18F ; # small ya - D2 D180 ; # small r - D3 D181 ; # small s - D4 D182 ; # small t - D5 D183 ; # small u - D6 D0B6 ; # small zh - D7 D0B2 ; # small v - D8 D18C ; # small soft sign - D9 D18B ; # small y - DA D0B7 ; # small z - DB D188 ; # small sh - DC D18D ; # small e - DD D189 ; # small shch - DE D187 ; # small ch - DF D18A ; # small hard sign - - E0 D0AE ; # capital YU - E1 D090 ; # capital A - E2 D091 ; # capital B - E3 D0A6 ; # capital TS - E4 D094 ; # capital D - E5 D095 ; # capital YE - E6 D0A4 ; # capital F - E7 D093 ; # capital G - E8 D0A5 ; # capital KH - E9 D098 ; # capital I - EA D099 ; # capital J - EB D09A ; # capital K - EC D09B ; # capital L - ED D09C ; # capital M - EE D09D ; # capital N - EF D09E ; # capital O - - F0 D09F ; # capital P - F1 D0AF ; # capital YA - F2 D0A0 ; # capital R - F3 D0A1 ; # capital S - F4 D0A2 ; # capital T - F5 D0A3 ; # capital U - F6 D096 ; # capital ZH - F7 D092 ; # capital V - F8 D0AC ; # capital soft sign - F9 D0AB ; # capital Y - FA D097 ; # capital Z - FB D0A8 ; # capital SH - FC D0AD ; # capital E - FD D0A9 ; # capital SHCH - FE D0A7 ; # capital CH - FF D0AA ; # capital hard sign -} diff --git a/guix/etc/nginx/koi-win b/guix/etc/nginx/koi-win deleted file mode 100644 index 72afabe..0000000 --- a/guix/etc/nginx/koi-win +++ /dev/null @@ -1,103 +0,0 @@ - -charset_map koi8-r windows-1251 { - - 80 88 ; # euro - - 95 95 ; # bullet - - 9A A0 ; # - - 9E B7 ; # · - - A3 B8 ; # small yo - A4 BA ; # small Ukrainian ye - - A6 B3 ; # small Ukrainian i - A7 BF ; # small Ukrainian yi - - AD B4 ; # small Ukrainian soft g - AE A2 ; # small Byelorussian short u - - B0 B0 ; # ° - - B3 A8 ; # capital YO - B4 AA ; # capital Ukrainian YE - - B6 B2 ; # capital Ukrainian I - B7 AF ; # capital Ukrainian YI - - B9 B9 ; # numero sign - - BD A5 ; # capital Ukrainian soft G - BE A1 ; # capital Byelorussian short U - - BF A9 ; # (C) - - C0 FE ; # small yu - C1 E0 ; # small a - C2 E1 ; # small b - C3 F6 ; # small ts - C4 E4 ; # small d - C5 E5 ; # small ye - C6 F4 ; # small f - C7 E3 ; # small g - C8 F5 ; # small kh - C9 E8 ; # small i - CA E9 ; # small j - CB EA ; # small k - CC EB ; # small l - CD EC ; # small m - CE ED ; # small n - CF EE ; # small o - - D0 EF ; # small p - D1 FF ; # small ya - D2 F0 ; # small r - D3 F1 ; # small s - D4 F2 ; # small t - D5 F3 ; # small u - D6 E6 ; # small zh - D7 E2 ; # small v - D8 FC ; # small soft sign - D9 FB ; # small y - DA E7 ; # small z - DB F8 ; # small sh - DC FD ; # small e - DD F9 ; # small shch - DE F7 ; # small ch - DF FA ; # small hard sign - - E0 DE ; # capital YU - E1 C0 ; # capital A - E2 C1 ; # capital B - E3 D6 ; # capital TS - E4 C4 ; # capital D - E5 C5 ; # capital YE - E6 D4 ; # capital F - E7 C3 ; # capital G - E8 D5 ; # capital KH - E9 C8 ; # capital I - EA C9 ; # capital J - EB CA ; # capital K - EC CB ; # capital L - ED CC ; # capital M - EE CD ; # capital N - EF CE ; # capital O - - F0 CF ; # capital P - F1 DF ; # capital YA - F2 D0 ; # capital R - F3 D1 ; # capital S - F4 D2 ; # capital T - F5 D3 ; # capital U - F6 C6 ; # capital ZH - F7 C2 ; # capital V - F8 DC ; # capital soft sign - F9 DB ; # capital Y - FA C7 ; # capital Z - FB D8 ; # capital SH - FC DD ; # capital E - FD D9 ; # capital SHCH - FE D7 ; # capital CH - FF DA ; # capital hard sign -} diff --git a/guix/etc/nginx/mime.types b/guix/etc/nginx/mime.types deleted file mode 100644 index 89be9a4..0000000 --- a/guix/etc/nginx/mime.types +++ /dev/null @@ -1,89 +0,0 @@ - -types { - text/html html htm shtml; - text/css css; - text/xml xml; - image/gif gif; - image/jpeg jpeg jpg; - application/javascript js; - application/atom+xml atom; - application/rss+xml rss; - - text/mathml mml; - text/plain txt; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/x-component htc; - - image/png png; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; - image/svg+xml svg svgz; - image/webp webp; - - application/font-woff woff; - application/java-archive jar war ear; - application/json json; - application/mac-binhex40 hqx; - application/msword doc; - application/pdf pdf; - application/postscript ps eps ai; - application/rtf rtf; - application/vnd.apple.mpegurl m3u8; - application/vnd.ms-excel xls; - application/vnd.ms-fontobject eot; - application/vnd.ms-powerpoint ppt; - application/vnd.wap.wmlc wmlc; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/x-7z-compressed 7z; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/xspf+xml xspf; - application/zip zip; - - application/octet-stream bin exe dll; - application/octet-stream deb; - application/octet-stream dmg; - application/octet-stream iso img; - application/octet-stream msi msp msm; - - application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; - application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; - - audio/midi mid midi kar; - audio/mpeg mp3; - audio/ogg ogg; - audio/x-m4a m4a; - audio/x-realaudio ra; - - video/3gpp 3gpp 3gp; - video/mp2t ts; - video/mp4 mp4; - video/mpeg mpeg mpg; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-m4v m4v; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; -} diff --git a/guix/etc/nginx/nginx.conf b/guix/etc/nginx/nginx.conf deleted file mode 100644 index 4b5de00..0000000 --- a/guix/etc/nginx/nginx.conf +++ /dev/null @@ -1,82 +0,0 @@ -user nginx; -worker_processes 4; -pid /var/run/nginx.pid; - -events { - worker_connections 768; - # multi_accept on; -} - -http { - - ## - # Basic Settings - ## - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - server_tokens off; - - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - ## - # Logging Settings - ## - - log_format main '$remote_addr - $remote_user [$time_local] $host ' - '"$request" $status $body_bytes_sent ' - '"$http_referer" "$http_user_agent"'; - - client_body_temp_path /var/run/nginx/body_temp; - proxy_temp_path /var/run/nginx/proxy_temp; - fastcgi_temp_path /var/run/nginx/fastcgi_temp; - uwsgi_temp_path /var/run/nginx/uwsgi_temp; - scgi_temp_path /var/run/nginx/scgi_temp; - access_log /var/log/nginx/access.log main; - error_log /var/log/nginx/error.log notice; - - ## - # Gzip Settings - ## - - gzip on; - gzip_disable "msie6"; - - # gzip_vary on; - # gzip_proxied any; - # gzip_comp_level 6; - # gzip_buffers 16 8k; - # gzip_http_version 1.1; - # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; - - # This isn't entirely correct since it does - # not consider the weighting of languages, but - # for now it's good enough. - map $http_accept_language $index_redirect_uri { - default "en"; - # prefer language that's first in the list - ~^en "en"; - ~^de "de"; - ~^fr "fr"; - ~^es "it"; - # if none matches, take one later in the list - ~,en "en"; - ~,de "de"; - ~,fr "fr"; - ~,es "it"; - } - - ## - # Virtual Host Configs - ## - - include conf.d/*.conf; - include sites-enabled/*.site; -} diff --git a/guix/etc/nginx/proxy_params b/guix/etc/nginx/proxy_params deleted file mode 100644 index df75bc5..0000000 --- a/guix/etc/nginx/proxy_params +++ /dev/null @@ -1,4 +0,0 @@ -proxy_set_header Host $http_host; -proxy_set_header X-Real-IP $remote_addr; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto $scheme; diff --git a/guix/etc/nginx/scgi_params b/guix/etc/nginx/scgi_params deleted file mode 100644 index 6d4ce4f..0000000 --- a/guix/etc/nginx/scgi_params +++ /dev/null @@ -1,17 +0,0 @@ - -scgi_param REQUEST_METHOD $request_method; -scgi_param REQUEST_URI $request_uri; -scgi_param QUERY_STRING $query_string; -scgi_param CONTENT_TYPE $content_type; - -scgi_param DOCUMENT_URI $document_uri; -scgi_param DOCUMENT_ROOT $document_root; -scgi_param SCGI 1; -scgi_param SERVER_PROTOCOL $server_protocol; -scgi_param REQUEST_SCHEME $scheme; -scgi_param HTTPS $https if_not_empty; - -scgi_param REMOTE_ADDR $remote_addr; -scgi_param REMOTE_PORT $remote_port; -scgi_param SERVER_PORT $server_port; -scgi_param SERVER_NAME $server_name; diff --git a/guix/etc/nginx/sites-available/blog-demo.site b/guix/etc/nginx/sites-available/blog-demo.site deleted file mode 100644 index a48a036..0000000 --- a/guix/etc/nginx/sites-available/blog-demo.site +++ /dev/null @@ -1,43 +0,0 @@ -server { - listen 80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - server_name blog.demo.taler.net; - - root /home/demo/merchant/src/frontend_blog; - index index.html; - - # Make site accessible from http://localhost/ - - location / { - try_files $uri $uri/ =404; - rewrite /taler/pay /pay.php; - rewrite /taler/contract /generate_taler_contract.php; - - } - - location /fullfillment { - rewrite /(.*) /$1.php; - - } - - location /articles { - - internal; - } - - location ~ \.php$ { - - fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - - } - - location /backend { - rewrite /backend/(.*) /$1 break; - proxy_pass http://127.0.0.1:19966; - proxy_redirect off; - proxy_set_header Host $host; - } -} diff --git a/guix/etc/nginx/sites-available/default.site b/guix/etc/nginx/sites-available/default.site deleted file mode 100644 index 79e41e8..0000000 --- a/guix/etc/nginx/sites-available/default.site +++ /dev/null @@ -1,86 +0,0 @@ -## -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# http://wiki.nginx.org/Pitfalls -# http://wiki.nginx.org/QuickStart -# http://wiki.nginx.org/Configuration -# -# Generally, you will want to move this file somewhere, and start with a clean -# file but keep this around for reference. Or just disable in sites-enabled. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - -# Default server configuration -# -server { - listen 80 default_server; - listen [::]:80 default_server; - - # SSL configuration - # - # listen 443 ssl default_server; - # listen [::]:443 ssl default_server; - # - # Note: You should disable gzip for SSL traffic. - # See: https://bugs.debian.org/773332 - # - # Read up on ssl_ciphers to ensure a secure configuration. - # See: https://bugs.debian.org/765782 - # - # Self signed certs generated by the ssl-cert package - # Don't use them in a production server! - # - # include snippets/snakeoil.conf; - - root /var/www/html; - - # Add index.php to the list if you are using PHP - index index.html index.htm index.nginx-debian.html; - - server_name _; - - location / { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ =404; - } - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # include snippets/fastcgi-php.conf; - # - # # With php5-cgi alone: - # fastcgi_pass 127.0.0.1:9000; - # # With php5-fpm: - # fastcgi_pass unix:/var/run/php5-fpm.sock; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - - -# Virtual Host configuration for example.com -# -# You can move that to a different file under sites-available/ and symlink that -# to sites-enabled/ to enable it. -# -#server { -# listen 80; -# listen [::]:80; -# -# server_name example.com; -# -# root /var/www/example.com; -# index index.html; -# -# location / { -# try_files $uri $uri/ =404; -# } -#} diff --git a/guix/etc/nginx/sites-available/drupal-demo-ssl.site b/guix/etc/nginx/sites-available/drupal-demo-ssl.site deleted file mode 100644 index 400020e..0000000 --- a/guix/etc/nginx/sites-available/drupal-demo-ssl.site +++ /dev/null @@ -1,49 +0,0 @@ -server { - listen 443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - server_name drupal.demo.taler.net; - - root /home/demo/drupal-demo; - - ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - ssl_dhparam /etc/ssl/certs/dhparam.pem; - ssl_protocols TLSv1.2 TLSv1.1 TLSv1; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - add_header Strict-Transport-Security "max-age=63072000; preload"; - - # Make site accessible from http://localhost/ - -# location / { -# try_files $uri $uri/ =404; -# rewrite /taler/pay /pay.php; -# rewrite /taler/contract /generate_taler_contract.php; -# } - -# location /fullfillment { -# rewrite /(.*) /$1.php; -# } - - location ~ \.php$ { - fastcgi_index index.php; - fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - } - -# location /backend { -# rewrite /backend/(.*) /$1 break; -# proxy_pass http://127.0.0.1:19966; -# proxy_redirect off; -# proxy_set_header Host $host; -# } - - client_max_body_size 10M; - client_body_buffer_size 128k; - - include apps/drupal/drupal.conf; -} diff --git a/guix/etc/nginx/sites-available/drupal-demo.site b/guix/etc/nginx/sites-available/drupal-demo.site deleted file mode 100644 index d91c3f7..0000000 --- a/guix/etc/nginx/sites-available/drupal-demo.site +++ /dev/null @@ -1,40 +0,0 @@ -server { - listen 80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - server_name drupal.demo.taler.net; - - root /home/demo/drupal-demo; - - # Make site accessible from http://localhost/ - -# location / { -# try_files $uri $uri/ =404; -# rewrite /taler/pay /pay.php; -# rewrite /taler/contract /generate_taler_contract.php; -# } - -# location /fullfillment { -# rewrite /(.*) /$1.php; -# } - - - location ~ \.php$ { - fastcgi_index index.php; - fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - } - -# location /backend { -# rewrite /backend/(.*) /$1 break; -# proxy_pass http://127.0.0.1:19966; -# proxy_redirect off; -# proxy_set_header Host $host; -# } - - client_max_body_size 10M; - client_body_buffer_size 128k; - - include apps/drupal/drupal.conf; -} diff --git a/guix/etc/nginx/sites-available/ghm_videos.site b/guix/etc/nginx/sites-available/ghm_videos.site deleted file mode 100644 index c438e7f..0000000 --- a/guix/etc/nginx/sites-available/ghm_videos.site +++ /dev/null @@ -1,25 +0,0 @@ -server { - listen 80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/www/taler.net; - - # Make site accessible from http://localhost/ - server_name taler.net; - server_name www.taler.net; - - rewrite ^ https://$server_name$request_uri? permanent; - -# location / { -# autoindex off; -# ssi on; -## ssi_last_modified on; -# rewrite /citizens /citizens.html break; -# rewrite /developers /developers.html break; -# rewrite /merchants /merchants.html break; -# rewrite /governments /governments.html break; -# rewrite /investors /investors.html break; -# rewrite /about /about.html break; -# rewrite /news /news.html break; -# } -} diff --git a/guix/etc/nginx/sites-available/www.git-ssl.site b/guix/etc/nginx/sites-available/www.git-ssl.site deleted file mode 100644 index 4ac7cfa..0000000 --- a/guix/etc/nginx/sites-available/www.git-ssl.site +++ /dev/null @@ -1,25 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - # Make site accessible from http://localhost/ - server_name www.git.taler.net; - - include conf.d/talerssl; - - location /index.cgi { - root /usr/share/gitweb/; - - include fastcgi_params; - gzip off; - fastcgi_param SCRIPT_NAME $uri; - fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - location / { - root /usr/share/gitweb/; - index index.cgi; - } -} diff --git a/guix/etc/nginx/sites-available/www.git.site b/guix/etc/nginx/sites-available/www.git.site deleted file mode 100644 index 26679be..0000000 --- a/guix/etc/nginx/sites-available/www.git.site +++ /dev/null @@ -1,24 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - # Make site accessible from http://localhost/ - server_name www.git.taler.net; - - - location /index.cgi { - root /usr/share/gitweb/; - - include fastcgi_params; - gzip off; - fastcgi_param SCRIPT_NAME $uri; - fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - location / { - root /usr/share/gitweb/; - index index.cgi; - } -} diff --git a/guix/etc/nginx/sites-enabled/api-ssl.site b/guix/etc/nginx/sites-enabled/api-ssl.site deleted file mode 100644 index 6f5fd69..0000000 --- a/guix/etc/nginx/sites-enabled/api-ssl.site +++ /dev/null @@ -1,9 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - server_name api.taler.net - www.api.taler.net; - rewrite ^ https://docs.taler.net$request_uri? permanent; -} diff --git a/guix/etc/nginx/sites-enabled/api.site b/guix/etc/nginx/sites-enabled/api.site deleted file mode 100644 index 21e7efe..0000000 --- a/guix/etc/nginx/sites-enabled/api.site +++ /dev/null @@ -1,8 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name api.taler.net - www.api.taler.net; - - rewrite ^ https://docs.taler.net$request_uri? permanent; -} diff --git a/guix/etc/nginx/sites-enabled/buildbot-ssl.site b/guix/etc/nginx/sites-enabled/buildbot-ssl.site deleted file mode 100644 index ba998bb..0000000 --- a/guix/etc/nginx/sites-enabled/buildbot-ssl.site +++ /dev/null @@ -1,23 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/www/buildbot/; - - # Make site accessible from http://localhost/ - server_name buildbot.taler.net; - server_name www.buildbot.taler.net; - server_name bb.taler.net; - include conf.d/talerssl; - - location / { - proxy_pass http://127.0.0.1:8010; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - - include conf.d/favicon_robots; -} diff --git a/guix/etc/nginx/sites-enabled/buildbot.site b/guix/etc/nginx/sites-enabled/buildbot.site deleted file mode 100644 index 77eb805..0000000 --- a/guix/etc/nginx/sites-enabled/buildbot.site +++ /dev/null @@ -1,14 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/www/buildbot/; - - # Make site accessible from http://localhost/ - server_name buildbot.taler.net; - server_name www.buildbot.taler.net; - server_name bb.taler.net; - - rewrite ^ https://$server_name$request_uri? permanent; -} diff --git a/guix/etc/nginx/sites-enabled/decentralise-ssl.site b/guix/etc/nginx/sites-enabled/decentralise-ssl.site deleted file mode 100644 index 9dd0470..0000000 --- a/guix/etc/nginx/sites-enabled/decentralise-ssl.site +++ /dev/null @@ -1,14 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/www/decentralise; - - # Make site accessible from http://localhost/ - server_name www.decentralise.rennes.inria.fr; - server_name decentralise.rennes.inria.fr; - include conf.d/talerssl; - - rewrite / http://www.inria.fr/en/teams/decentralise redirect; -} diff --git a/guix/etc/nginx/sites-enabled/decentralise.site b/guix/etc/nginx/sites-enabled/decentralise.site deleted file mode 100644 index b92fb0f..0000000 --- a/guix/etc/nginx/sites-enabled/decentralise.site +++ /dev/null @@ -1,13 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/www/decentralise; - - # Make site accessible from http://localhost/ - server_name www.decentralise.rennes.inria.fr; - server_name decentralise.rennes.inria.fr; - - rewrite / http://www.inria.fr/en/teams/decentralise redirect; -} diff --git a/guix/etc/nginx/sites-enabled/default.site b/guix/etc/nginx/sites-enabled/default.site deleted file mode 100644 index 2d88ab2..0000000 --- a/guix/etc/nginx/sites-enabled/default.site +++ /dev/null @@ -1,18 +0,0 @@ -# matched when no other server name matches -server { - listen 80 default_server; - listen [::]:80 default_server; - # server name must simply something invalid ... - server_name _; - # drop connection, special nginx status code - return 444; -} -# server { -# listen 443 ssl default_server; -# listen [::]:443 ssl default_server; -# include conf.d/talerssl; -# # server name must simply something invalid ... -# server_name _; -# # drop connection, special nginx status code -# return 444; -# } diff --git a/guix/etc/nginx/sites-enabled/demo.site b/guix/etc/nginx/sites-enabled/demo.site deleted file mode 100644 index 16d9698..0000000 --- a/guix/etc/nginx/sites-enabled/demo.site +++ /dev/null @@ -1,159 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name demo.taler.net - bank.demo.taler.net - shop.demo.taler.net - donations.demo.taler.net - survey.demo.taler.net - auditor.demo.taler.net - exchange.demo.taler.net; - - # 301-based ridirects allows the user agent to *change* the - # method used in the second request. This breaks all the API - # using POST, as some user agents do the second request using - # GET. 307 is meant to tell the user agent to not change the - # method in the second request. - if ($request_method = POST) { return 307 https://$host$request_uri; } - return 301 https://$host$request_uri; - -} - - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name auditor.demo.taler.net; - include conf.d/talerssl; - location / { - rewrite ^/$ /en/ redirect; - rewrite ^/(..)/$ /$1/index.html break; - recursive_error_pages on; - root /home/demo/auditor; - } - include conf.d/favicon_robots; -} - - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name demo.taler.net www.demo.taler.net; - rewrite /javascript /javascript.html break; - include conf.d/talerssl; - location / { - rewrite ^/$ /en/ redirect; - rewrite ^/(..)/$ /$1/index.html break; - root /home/demo/landing/demo; - } - - include conf.d/favicon_robots; -} - - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name exchange.demo.taler.net; - root /dev/null; - include conf.d/talerssl; - - location /admin { - proxy_pass http://unix:/home/demo/sockets/exchange-admin.http; - proxy_redirect off; - proxy_set_header Host $host; - } - - location / { - proxy_pass http://unix:/home/demo/sockets/exchange.http:/; - proxy_redirect off; - proxy_set_header Host $host; - } -} - -server { - listen 443 ssl; - listen 80; - listen [::]:443 ssl; - listen [::]:80; - server_name backend.demo.taler.net; - include conf.d/talerssl; - - location /public { - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host "backend.demo.taler.net"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_pass http://unix:/home/demo/sockets/merchant.http:/public; - } - - location / { - # match the ApiKey part ignoring case, and the actual key - # with case-sensitivity on. - if ($http_authorization !~ "(?i)ApiKey (?-i)sandbox") { - return 401; - } - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host "backend.demo.taler.net"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_pass http://unix:/home/demo/sockets/merchant.http:/; - } -} - - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name donations.demo.taler.net; - include conf.d/talerssl; - - location / { - uwsgi_pass unix:/home/demo/sockets/donations.uwsgi; - include /etc/nginx/uwsgi_params; - } - - include conf.d/favicon_robots; -} - - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name shop.demo.taler.net; - include conf.d/talerssl; - - location / { - uwsgi_pass unix:/home/demo/sockets/shop.uwsgi; - include /etc/nginx/uwsgi_params; - } - - include conf.d/favicon_robots; -} - - -server { - server_name survey.demo.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - include conf.d/talerssl; - - location / { - uwsgi_pass unix:/home/demo/sockets/survey.uwsgi; - include /etc/nginx/uwsgi_params; - } -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name bank.demo.taler.net; - include conf.d/talerssl; - - location / { - uwsgi_pass unix:/home/demo/sockets/bank.uwsgi; - include /etc/nginx/uwsgi_params; - } - - include conf.d/favicon_robots; -} diff --git a/guix/etc/nginx/sites-enabled/docs-ssl.site b/guix/etc/nginx/sites-enabled/docs-ssl.site deleted file mode 100644 index 923d703..0000000 --- a/guix/etc/nginx/sites-enabled/docs-ssl.site +++ /dev/null @@ -1,69 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - # Temporary, as this doesn't do i18n - root /home/docbuilder/build/docs-landing/; - - # Make site accessible from http://localhost/ - server_name docs.taler.net - www.docs.taler.net; - - include conf.d/talerssl; - - location / { - autoindex off; - ssi off; -# ssi_last_modified on; - - - rewrite ^/$ /$index_redirect_uri/ redirect; - rewrite ^/(..)/$ /$1/index.html break; - } - - - location /code/exchange { - alias /home/docbuilder/build/exchange/doxygen; - } - - location /code/merchant { - alias /home/docbuilder/build/merchant-backend/doxygen; - } - - location /onboarding { - alias /home/docbuilder/build/onboarding/; - } - - location /bank { - alias /home/docbuilder/build/bank/manual; - } - - location /backoffice { - alias /home/docbuilder/build/backoffice/; - } - - location /exchange { - alias /home/docbuilder/build/exchange/manual; - } - - location /merchant/backend { - alias /home/docbuilder/build/merchant-backend/manual; - } - - location /merchant/frontend { - alias /home/docbuilder/build/merchant-frontend/; - } - - location /api { - autoindex off; - alias /home/docbuilder/build/api/html; - } - - # Associated to /api route. - location /_static { - alias /home/docbuilder/api/html/_static; - } - - include conf.d/favicon_robots; -} diff --git a/guix/etc/nginx/sites-enabled/docs.site b/guix/etc/nginx/sites-enabled/docs.site deleted file mode 100644 index 8e01608..0000000 --- a/guix/etc/nginx/sites-enabled/docs.site +++ /dev/null @@ -1,7 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name docs.taler.net; - - rewrite ^ https://$host$request_uri? permanent; -} diff --git a/guix/etc/nginx/sites-enabled/env.site b/guix/etc/nginx/sites-enabled/env.site deleted file mode 100644 index fbe31aa..0000000 --- a/guix/etc/nginx/sites-enabled/env.site +++ /dev/null @@ -1,85 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name env.taler.net; - rewrite ^ https://$host$request_uri? permanent; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name env.taler.net; - include conf.d/talerssl; - root /dev/null; - # rewrite_log on; - - # add trailing slashes to apps - rewrite ^/(?<user>[a-zA-Z0-9-_]+)/(?<app>[a-zA-Z0-9-_]+)$ /$user/$app/ redirect; - # add trailing slashes to user - rewrite ^/(?<user>[a-zA-Z0-9-_]+)$ /$user/ redirect; - rewrite ^/(?<user>[a-zA-Z0-9-_]+)/$ /$user/en/ redirect; - - # aliases to get from one page to the other - rewrite ^/(?<user>[a-zA-Z0-9-_]+)/(?<app>[a-zA-Z0-9-_]+)/landing /$user/ redirect; - rewrite ^/(?<user>[a-zA-Z0-9-_]+)/(?<app>[a-zA-Z0-9-_]+)/bank /$user/bank redirect; - rewrite ^/(?<user>[a-zA-Z0-9-_]+)/(?<app>[a-zA-Z0-9-_]+)/shop /$user/shop redirect; - rewrite ^/(?<user>[a-zA-Z0-9-_]+)/(?<app>[a-zA-Z0-9-_]+)/donations /$user/donations redirect; - rewrite ^/(?<user>[a-zA-Z0-9-_]+)/(?<app>[a-zA-Z0-9-_]+)/survey /$user/survey redirect; - - location ~ ^/(?<user>[a-zA-Z0-9-_]+)/exchange/(?<req>.*) { - proxy_pass http://unix:/home/$user/sockets/exchange.http:/$req$is_args$args; - proxy_redirect off; - proxy_set_header Host $host; - } - - location ~ ^/(?<user>[a-zA-Z0-9-_]+)/merchant-backend/(?<req>.*) { - proxy_pass http://unix:/home/$user/sockets/merchant.http:/$req; - proxy_redirect off; - proxy_set_header Host $host; - } - - location ~ ^/(?<user>[a-zA-Z0-9-_]+)/bank(?<req>/?.*|)$ { - uwsgi_pass unix:/home/$user/sockets/bank.uwsgi; - include /etc/nginx/uwsgi_params; - uwsgi_param SCRIPT_NAME "/$user/bank/"; - uwsgi_param PATH_INFO "$req"; - } - - location ~ ^/(?<user>[a-zA-Z0-9-_]+)/shop(?<req>/?.*|)$ { - uwsgi_pass unix:/home/$user/sockets/shop.uwsgi; - include /etc/nginx/uwsgi_params; - uwsgi_param SCRIPT_NAME "/$user/shop/"; - uwsgi_param PATH_INFO "$req"; - } - - location ~ ^/(?<user>[a-zA-Z0-9-_]+)/donations(?<req>/.*|)$ { - uwsgi_pass unix:/home/$user/sockets/donations.uwsgi; - include /etc/nginx/uwsgi_params; - uwsgi_param SCRIPT_NAME "/$user/donations/"; - uwsgi_param PATH_INFO "$req"; - } - - location ~ ^/(?<user>[a-zA-Z0-9-_]+)(?<req>/.*|)$ { - # add index.html - rewrite ^/(.*)/(..)/$ /$1/$2/index.html last; - # strip /user/ - rewrite ^/([a-zA-Z0-9-_]+)/(.*)$ /$2 break; - root /home/$user/landing/demo; - } - - location ~ ^/(?<user>[a-zA-Z0-9-_]+)/auditor(?<req>/.*|)$ { - uwsgi_pass unix:/home/$user/sockets/auditor.uwsgi; - include /etc/nginx/uwsgi_params; - uwsgi_param SCRIPT_NAME "/$user/"; - uwsgi_param PATH_INFO "$req"; - } - - location ~ ^/(?<user>[a-zA-Z0-9-_]+)/survey(?<req>/.*|)$ { - uwsgi_pass unix:/home/$user/sockets/survey.uwsgi; - include /etc/nginx/uwsgi_params; - uwsgi_param SCRIPT_NAME "/$user/"; - uwsgi_param PATH_INFO "$req"; - } - - include conf.d/favicon_robots; -} diff --git a/guix/etc/nginx/sites-enabled/gauger-ssl.site b/guix/etc/nginx/sites-enabled/gauger-ssl.site deleted file mode 100644 index e889b59..0000000 --- a/guix/etc/nginx/sites-enabled/gauger-ssl.site +++ /dev/null @@ -1,18 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/www/gauger/; - - # Make site accessible from http://localhost/ - server_name gauger.taler.net; - server_name www.gauger.taler.net; - include conf.d/talerssl; - - location / { - proxy_pass http://localhost:1801; - proxy_redirect off; - proxy_set_header Host $host; - } -} diff --git a/guix/etc/nginx/sites-enabled/gauger.site b/guix/etc/nginx/sites-enabled/gauger.site deleted file mode 100644 index 967f9e9..0000000 --- a/guix/etc/nginx/sites-enabled/gauger.site +++ /dev/null @@ -1,17 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/www/gauger/; - - # Make site accessible from http://localhost/ - server_name gauger.taler.net; - server_name www.gauger.taler.net; - - location / { - proxy_pass http://localhost:1801; - proxy_redirect off; - proxy_set_header Host $host; - } -} diff --git a/guix/etc/nginx/sites-enabled/git-ssl.site b/guix/etc/nginx/sites-enabled/git-ssl.site deleted file mode 100644 index ea7cf0f..0000000 --- a/guix/etc/nginx/sites-enabled/git-ssl.site +++ /dev/null @@ -1,30 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - - root /srv/git; - server_name git.taler.net; - include conf.d/talerssl; - - access_log /var/log/nginx/git.taler.net_access.log; - error_log /var/log/nginx/git.taler.net_error.log notice; - - location ~ ^(.*?)\.git/(HEAD|info/refs|objects/.*|git-upload-pack)$ { - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME /run/current-system/profile/libexec/git-core/git-http-backend; - fastcgi_param GIT_PROJECT_ROOT /home/git/repositories; - fastcgi_param PATH_INFO $uri; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - location /cgit { - root /var/www; - } - - location / { - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME /run/current-system/profile/lib/cgit.cgi; - fastcgi_param PATH_INFO $uri; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } -} diff --git a/guix/etc/nginx/sites-enabled/git.site b/guix/etc/nginx/sites-enabled/git.site deleted file mode 100644 index e10fcc6..0000000 --- a/guix/etc/nginx/sites-enabled/git.site +++ /dev/null @@ -1,10 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /srv/git; - server_name git.taler.net; - - rewrite ^ https://$server_name$request_uri? permanent; -} diff --git a/guix/etc/nginx/sites-enabled/intranet-ssl.site b/guix/etc/nginx/sites-enabled/intranet-ssl.site deleted file mode 100644 index 3390403..0000000 --- a/guix/etc/nginx/sites-enabled/intranet-ssl.site +++ /dev/null @@ -1,15 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/git; - server_name intranet.taler.net; - include conf.d/talerssl; - location / { - proxy_pass http://127.0.0.1:8018; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header HTTPS on; - } -} diff --git a/guix/etc/nginx/sites-enabled/intranet.site b/guix/etc/nginx/sites-enabled/intranet.site deleted file mode 100644 index 66217db..0000000 --- a/guix/etc/nginx/sites-enabled/intranet.site +++ /dev/null @@ -1,10 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - # Make site accessible from http://localhost/ - server_name intranet.taler.net; - - rewrite ^ https://$server_name$request_uri? permanent; -} diff --git a/guix/etc/nginx/sites-enabled/lcov-ssl.site b/guix/etc/nginx/sites-enabled/lcov-ssl.site deleted file mode 100644 index 0620bfe..0000000 --- a/guix/etc/nginx/sites-enabled/lcov-ssl.site +++ /dev/null @@ -1,20 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/www/lcov.taler.net/; - - # Make site accessible from http://localhost/ - server_name lcov.taler.net; - server_name www.lcov.taler.net; - include conf.d/talerssl; - - location / { - autoindex on; - ssi off; -# ssi_last_modified on; - } - - include conf.d/favicon_robots; -} diff --git a/guix/etc/nginx/sites-enabled/lcov.site b/guix/etc/nginx/sites-enabled/lcov.site deleted file mode 100644 index 979c387..0000000 --- a/guix/etc/nginx/sites-enabled/lcov.site +++ /dev/null @@ -1,19 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/www/lcov.taler.net/; - - # Make site accessible from http://localhost/ - server_name lcov.taler.net; - server_name www.lcov.taler.net; - - location / { - autoindex on; - ssi off; -# ssi_last_modified on; - } - - include conf.d/favicon_robots; -} diff --git a/guix/etc/nginx/sites-enabled/sandbox.site b/guix/etc/nginx/sites-enabled/sandbox.site deleted file mode 100644 index 9e32b17..0000000 --- a/guix/etc/nginx/sites-enabled/sandbox.site +++ /dev/null @@ -1,20 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name sandbox.taler.net *.sandbox.taler.net; - rewrite ^ https://$host$request_uri? permanent; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - - server_name sandbox.taler.net; - include conf.d/talerssl; - - location / { - root /home/sandbox/sandbox_landing/; - autoindex off; - index index.html; - } -} diff --git a/guix/etc/nginx/sites-enabled/test.site b/guix/etc/nginx/sites-enabled/test.site deleted file mode 100644 index 7c4f847..0000000 --- a/guix/etc/nginx/sites-enabled/test.site +++ /dev/null @@ -1,379 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name test.taler.net - bank.test.taler.net - shop.test.taler.net - donations.test.taler.net - survey.test.taler.net - auditor.test.taler.net - exchange.test.taler.net - backoffice.test.taler.net; - - # 301-based ridirects allows the user agent to *change* the - # method used in the second request. This breaks all the API - # using POST, as some user agents do the second request using - # GET. 307 is meant to tell the user agent to not change the - # method in the second request. - if ($request_method = POST) { return 307 https://$host$request_uri; } - return 301 https://$host$request_uri; -} - -server { - server_name test.taler.net www.test.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - rewrite /javascript /javascript.html break; - include conf.d/talerssl; - location @green { - add_header X-Taler-Deployment-Color green; - root /home/test-green/landing/demo; - } - location @blue { - add_header X-Taler-Deployment-Color blue; - root /home/test-blue/landing/demo; - } - location / { - # Redirection technique explainted at - # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ - error_page 418 = @blue; - error_page 419 = @green; - rewrite ^/$ /en/ redirect; - rewrite ^/(..)/$ /$1/index.html break; - recursive_error_pages on; - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - root /home/test/landing/demo; - } - include conf.d/favicon_robots; -} - - -server { - server_name auditor.test.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - root /dev/null; - include conf.d/talerssl; - location @green { - add_header X-Taler-Deployment-Color green; - root /home/test-green/auditor; - } - location @blue { - add_header X-Taler-Deployment-Color blue; - root /home/test-blue/auditor; - } - location / { - # Redirection technique explainted at - # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ - error_page 418 = @blue; - error_page 419 = @green; - rewrite ^/$ /en/ redirect; - rewrite ^/(..)/$ /$1/index.html break; - recursive_error_pages on; - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - root /home/test/auditor; - } - include conf.d/favicon_robots; -} - - -server { - server_name exchange.test.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - root /dev/null; - include conf.d/talerssl; - location @blue-admin { - add_header X-Taler-Deployment-Color blue; - proxy_pass http://unix:/home/test-blue/sockets/exchange-admin.http; - proxy_redirect off; - proxy_set_header Host $host; - } - location @green-admin { - add_header X-Taler-Deployment-Color green; - proxy_pass http://unix:/home/test-green/sockets/exchange-admin.http; - proxy_redirect off; - proxy_set_header Host $host; - } - - location @blue { - add_header X-Taler-Deployment-Color blue; - proxy_pass http://unix:/home/test-blue/sockets/exchange.http; - proxy_redirect off; - proxy_set_header Host $host; - } - - location @green { - add_header X-Taler-Deployment-Color green; - proxy_pass http://unix:/home/test-green/sockets/exchange.http; - proxy_redirect off; - proxy_set_header Host $host; - } - - location /admin { - error_page 418 = @blue-admin; - error_page 419 = @green-admin; - recursive_error_pages on; - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - proxy_pass http://unix:/home/test/sockets/exchange-admin.http; - proxy_redirect off; - proxy_set_header Host $host; - } - - location / { - error_page 418 = @blue; - error_page 419 = @green; - recursive_error_pages on; - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - proxy_pass http://unix:/home/test/sockets/exchange.http:/; - proxy_redirect off; - proxy_set_header Host $host; - } -} - - -server { - server_name shop.test.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - root /dev/null; - include conf.d/talerssl; - - location @blue { - add_header X-Taler-Deployment-Color blue; - uwsgi_pass unix:/home/test-blue/sockets/shop.uwsgi; - include /etc/nginx/uwsgi_params; - } - location @green { - add_header X-Taler-Deployment-Color green; - uwsgi_pass unix:/home/test-green/sockets/shop.uwsgi; - include /etc/nginx/uwsgi_params; - } - - location / { - # Redirection technique explainted at - # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ - error_page 418 = @blue; - error_page 419 = @green; - recursive_error_pages on; - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - uwsgi_pass unix:/home/test/sockets/shop.uwsgi; - include /etc/nginx/uwsgi_params; - } - - include conf.d/favicon_robots; -} - - -server { - server_name playground.test.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - root /dev/null; - include conf.d/talerssl; - - location @blue { - add_header X-Taler-Deployment-Color blue; - uwsgi_pass unix:/home/test-blue/sockets/playground.uwsgi; - include /etc/nginx/uwsgi_params; - } - location @green { - add_header X-Taler-Deployment-Color green; - uwsgi_pass unix:/home/test-green/sockets/playground.uwsgi; - include /etc/nginx/uwsgi_params; - } - - location / { - # Redirection technique explainted at - # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ - error_page 418 = @blue; - error_page 419 = @green; - recursive_error_pages on; - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - uwsgi_pass unix:/home/test/sockets/playground.uwsgi; - include /etc/nginx/uwsgi_params; - } - - include conf.d/favicon_robots; -} - - -server { - server_name backend.test.taler.net; - listen 443 ssl; - listen 80; - listen [::]:443 ssl; - listen [::]:80; - include conf.d/talerssl; - - location @blue { - add_header X-Taler-Deployment-Color blue; - proxy_pass http://unix:/home/test-blue/sockets/merchant.http; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host "backend.test.taler.net"; - proxy_set_header X-Forwarded-Proto "https"; - } - location @green { - add_header X-Taler-Deployment-Color green; - proxy_pass http://unix:/home/test-green/sockets/merchant.http; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host "backend.test.taler.net"; - proxy_set_header X-Forwarded-Proto "https"; - } - - location /public { - # Redirection technique explainted at - # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ - error_page 418 = @blue; - error_page 419 = @green; - recursive_error_pages on; - - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - proxy_set_header X-Forwarded-Host "backend.test.taler.net"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_pass http://unix:/home/test/sockets/merchant.http:/public; - proxy_redirect off; - proxy_set_header Host $host; - } - - location / { - # Redirection technique explainted at - # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ - error_page 418 = @blue; - error_page 419 = @green; - recursive_error_pages on; - - # match the ApiKey part ignoring case, and the actual key - # with case-sensitivity on. - if ($http_authorization !~ "(?i)ApiKey (?-i)sandbox") { - return 401; - } - - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - proxy_set_header X-Forwarded-Host "backend.test.taler.net"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_pass http://unix:/home/test/sockets/merchant.http:/; - proxy_redirect off; - proxy_set_header Host $host; - } -} - - -server { - server_name survey.test.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - include conf.d/talerssl; - - location / { - uwsgi_pass unix:/home/test/sockets/survey.uwsgi; - include /etc/nginx/uwsgi_params; - } -} - -server { - server_name donations.test.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - include conf.d/talerssl; - - location @blue { - add_header X-Taler-Deployment-Color blue; - uwsgi_pass unix:/home/test-blue/sockets/donations.uwsgi; - include /etc/nginx/uwsgi_params; - } - location @green { - add_header X-Taler-Deployment-Color green; - uwsgi_pass unix:/home/test-green/sockets/donations.uwsgi; - include /etc/nginx/uwsgi_params; - } - - location / { - # Redirection technique explainted at - # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ - error_page 418 = @blue; - error_page 419 = @green; - recursive_error_pages on; - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - uwsgi_pass unix:/home/test/sockets/donations.uwsgi; - include /etc/nginx/uwsgi_params; - } - - include conf.d/favicon_robots; -} - - -server { - server_name bank.test.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - include conf.d/talerssl; - - location @blue { - add_header X-Taler-Deployment-Color blue; - uwsgi_pass unix:/home/test-blue/sockets/bank.uwsgi; - include /etc/nginx/uwsgi_params; - } - location @green { - add_header X-Taler-Deployment-Color green; - uwsgi_pass unix:/home/test-green/sockets/bank.uwsgi; - include /etc/nginx/uwsgi_params; - } - - location / { - # Redirection technique explainted at - # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ - error_page 418 = @blue; - error_page 419 = @green; - recursive_error_pages on; - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - uwsgi_pass unix:/home/test/sockets/bank.uwsgi; - include /etc/nginx/uwsgi_params; - } - - include conf.d/favicon_robots; -} - -server { - server_name backoffice.test.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - include conf.d/talerssl; - - location @blue { - add_header X-Taler-Deployment-Color blue; - uwsgi_pass unix:/home/test-blue/sockets/backoffice.uwsgi; - include /etc/nginx/uwsgi_params; - } - location @green { - add_header X-Taler-Deployment-Color green; - uwsgi_pass unix:/home/test-green/sockets/backoffice.uwsgi; - include /etc/nginx/uwsgi_params; - } - - location / { - # Redirection technique explainted at - # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ - error_page 418 = @blue; - error_page 419 = @green; - recursive_error_pages on; - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - uwsgi_pass unix:/home/test/sockets/backoffice.uwsgi; - include /etc/nginx/uwsgi_params; - } - - include conf.d/favicon_robots; -} diff --git a/guix/etc/nginx/sites-enabled/trollslayer.site b/guix/etc/nginx/sites-enabled/trollslayer.site deleted file mode 100644 index 1767fe6..0000000 --- a/guix/etc/nginx/sites-enabled/trollslayer.site +++ /dev/null @@ -1,16 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/www/trollslayer/; - - # Make site accessible from http://localhost/ - server_name trollslayer.decentralise.rennes.inria.fr; - - location / { - proxy_pass http://gnunet.org:20070/shell/; - proxy_redirect off; - proxy_set_header Host $host; - } -} diff --git a/guix/etc/nginx/sites-enabled/www-ssl.site b/guix/etc/nginx/sites-enabled/www-ssl.site deleted file mode 100644 index d7776b3..0000000 --- a/guix/etc/nginx/sites-enabled/www-ssl.site +++ /dev/null @@ -1,59 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - #listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - - # Make site accessible from http://localhost/ - server_name taler.net; - server_name www.taler.net; - include conf.d/talerssl; - - location / { - root /home/docbuilder/www.taler.net; - autoindex off; - ssi on; - #ssi_last_modified on; - - rewrite ^/$ /$index_redirect_uri/ redirect; - - rewrite ^/(..)/$ /$1/index.html break; - - rewrite ^/(help/empty-wallet)$ /$1.html break; - rewrite ^/wallet-installation\.html$ /en/wallet.html redirect; - # just to get around cached old redirect - rewrite ^/wallet\.en\.html$ /en/wallet.html redirect; - rewrite ^/wallet$ /en/wallet.html redirect; - rewrite ^/press$ /en/press.html redirect; - } - - gzip on; - gzip_disable "msie6"; - gzip_vary on; - gzip_proxied any; - gzip_comp_level 6; - gzip_buffers 16 8k; - gzip_http_version 1.1; - gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript; - - - # Note: this will go to /var/www/(videos|releases), which we took out of Git - location /videos { - root /var/www; - expires max; - } - - location ~* /videos/.*\.(png|jpg|ogv|webm|gif|svg)$ { - root /var/www; - expires max; - } - - location /releases { - root /var/www; - autoindex on; - } - - location /files { - root /var/www; - } -} diff --git a/guix/etc/nginx/sites-enabled/www-stage.site b/guix/etc/nginx/sites-enabled/www-stage.site deleted file mode 100644 index e8a988b..0000000 --- a/guix/etc/nginx/sites-enabled/www-stage.site +++ /dev/null @@ -1,78 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /home/docbuilder/stage.taler.net; - - # Make site accessible from http://localhost/ - server_name stage.taler.net; - - rewrite ^ https://$server_name$request_uri? permanent; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - #listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - - # Make site accessible from http://localhost/ - server_name stage.taler.net; - include conf.d/talerssl; - - location / { - root /home/docbuilder/stage.taler.net; - autoindex off; - - rewrite ^/$ /$index_redirect_uri/ redirect; - - rewrite ^/(..)/$ /$1/index.html break; - - rewrite ^/(help/empty-wallet)$ /$1.html break; - rewrite ^/wallet-installation\.html$ /en/wallet.html redirect; - # just to get around cached old redirect - rewrite ^/wallet\.en\.html$ /en/wallet.html redirect; - rewrite ^/wallet$ /en/wallet.html redirect; - rewrite ^/press$ /en/press.html redirect; - - } - - gzip on; - gzip_disable "msie6"; - gzip_vary on; - gzip_proxied any; - gzip_comp_level 6; - gzip_buffers 16 8k; - gzip_http_version 1.1; - gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript; - - - # Note: this will go to /var/www/(videos|releases), which we took out of Git - location /videos { - root /var/www; - expires max; - } - - location ~* /videos/.*\.(png|jpg|ogv|webm|gif|svg)$ { - root /var/www; - expires max; - } - - # FIXME: this location newest files are from Oct'16 - location /releases { - root /var/www; - autoindex on; - } - - location /files { - root /var/www; - } - - location ~* \.(png|jpg|jpeg|gif|ico|svg|js|css)$ { - root /home/docbuilder/stage.taler.net; - expires 1y; - } - - -} diff --git a/guix/etc/nginx/sites-enabled/www.git-ssl.site b/guix/etc/nginx/sites-enabled/www.git-ssl.site deleted file mode 100644 index 5ba4831..0000000 --- a/guix/etc/nginx/sites-enabled/www.git-ssl.site +++ /dev/null @@ -1,11 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/git; - server_name www.git.taler.net; - include conf.d/talerssl; - - rewrite ^ https://git.taler.net/ permanent; -} diff --git a/guix/etc/nginx/sites-enabled/www.git.site b/guix/etc/nginx/sites-enabled/www.git.site deleted file mode 100644 index 645923f..0000000 --- a/guix/etc/nginx/sites-enabled/www.git.site +++ /dev/null @@ -1,10 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/git; - server_name www.git.taler.net; - - rewrite ^ https://git.taler.net/ permanent; -} diff --git a/guix/etc/nginx/sites-enabled/www.site b/guix/etc/nginx/sites-enabled/www.site deleted file mode 100644 index ae178e5..0000000 --- a/guix/etc/nginx/sites-enabled/www.site +++ /dev/null @@ -1,13 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /home/docbuilder/www.taler.net; - - # Make site accessible from http://localhost/ - server_name taler.net; - server_name www.taler.net; - - rewrite ^ https://$server_name$request_uri? permanent; -} diff --git a/guix/etc/nginx/uwsgi_params b/guix/etc/nginx/uwsgi_params deleted file mode 100644 index 09c732c..0000000 --- a/guix/etc/nginx/uwsgi_params +++ /dev/null @@ -1,17 +0,0 @@ - -uwsgi_param QUERY_STRING $query_string; -uwsgi_param REQUEST_METHOD $request_method; -uwsgi_param CONTENT_TYPE $content_type; -uwsgi_param CONTENT_LENGTH $content_length; - -uwsgi_param REQUEST_URI $request_uri; -uwsgi_param PATH_INFO $document_uri; -uwsgi_param DOCUMENT_ROOT $document_root; -uwsgi_param SERVER_PROTOCOL $server_protocol; -uwsgi_param REQUEST_SCHEME $scheme; -uwsgi_param HTTPS $https if_not_empty; - -uwsgi_param REMOTE_ADDR $remote_addr; -uwsgi_param REMOTE_PORT $remote_port; -uwsgi_param SERVER_PORT $server_port; -uwsgi_param SERVER_NAME $server_name; diff --git a/guix/etc/nginx/win-utf b/guix/etc/nginx/win-utf deleted file mode 100644 index 774fd9f..0000000 --- a/guix/etc/nginx/win-utf +++ /dev/null @@ -1,125 +0,0 @@ -# This map is not a full windows-1251 <> utf8 map: it does not -# contain Serbian and Macedonian letters. If you need a full map, -# use contrib/unicode2nginx/win-utf map instead. - -charset_map windows-1251 utf-8 { - - 82 E2809A; # single low-9 quotation mark - - 84 E2809E; # double low-9 quotation mark - 85 E280A6; # ellipsis - 86 E280A0; # dagger - 87 E280A1; # double dagger - 88 E282AC; # euro - 89 E280B0; # per mille - - 91 E28098; # left single quotation mark - 92 E28099; # right single quotation mark - 93 E2809C; # left double quotation mark - 94 E2809D; # right double quotation mark - 95 E280A2; # bullet - 96 E28093; # en dash - 97 E28094; # em dash - - 99 E284A2; # trade mark sign - - A0 C2A0; # - A1 D18E; # capital Byelorussian short U - A2 D19E; # small Byelorussian short u - - A4 C2A4; # currency sign - A5 D290; # capital Ukrainian soft G - A6 C2A6; # borken bar - A7 C2A7; # section sign - A8 D081; # capital YO - A9 C2A9; # (C) - AA D084; # capital Ukrainian YE - AB C2AB; # left-pointing double angle quotation mark - AC C2AC; # not sign - AD C2AD; # soft hypen - AE C2AE; # (R) - AF D087; # capital Ukrainian YI - - B0 C2B0; # ° - B1 C2B1; # plus-minus sign - B2 D086; # capital Ukrainian I - B3 D196; # small Ukrainian i - B4 D291; # small Ukrainian soft g - B5 C2B5; # micro sign - B6 C2B6; # pilcrow sign - B7 C2B7; # · - B8 D191; # small yo - B9 E28496; # numero sign - BA D194; # small Ukrainian ye - BB C2BB; # right-pointing double angle quotation mark - - BF D197; # small Ukrainian yi - - C0 D090; # capital A - C1 D091; # capital B - C2 D092; # capital V - C3 D093; # capital G - C4 D094; # capital D - C5 D095; # capital YE - C6 D096; # capital ZH - C7 D097; # capital Z - C8 D098; # capital I - C9 D099; # capital J - CA D09A; # capital K - CB D09B; # capital L - CC D09C; # capital M - CD D09D; # capital N - CE D09E; # capital O - CF D09F; # capital P - - D0 D0A0; # capital R - D1 D0A1; # capital S - D2 D0A2; # capital T - D3 D0A3; # capital U - D4 D0A4; # capital F - D5 D0A5; # capital KH - D6 D0A6; # capital TS - D7 D0A7; # capital CH - D8 D0A8; # capital SH - D9 D0A9; # capital SHCH - DA D0AA; # capital hard sign - DB D0AB; # capital Y - DC D0AC; # capital soft sign - DD D0AD; # capital E - DE D0AE; # capital YU - DF D0AF; # capital YA - - E0 D0B0; # small a - E1 D0B1; # small b - E2 D0B2; # small v - E3 D0B3; # small g - E4 D0B4; # small d - E5 D0B5; # small ye - E6 D0B6; # small zh - E7 D0B7; # small z - E8 D0B8; # small i - E9 D0B9; # small j - EA D0BA; # small k - EB D0BB; # small l - EC D0BC; # small m - ED D0BD; # small n - EE D0BE; # small o - EF D0BF; # small p - - F0 D180; # small r - F1 D181; # small s - F2 D182; # small t - F3 D183; # small u - F4 D184; # small f - F5 D185; # small kh - F6 D186; # small ts - F7 D187; # small ch - F8 D188; # small sh - F9 D189; # small shch - FA D18A; # small hard sign - FB D18B; # small y - FC D18C; # small soft sign - FD D18D; # small e - FE D18E; # small yu - FF D18F; # small ya -} |