diff options
-rw-r--r-- | etc/nginx/sites-enabled/bank-demo-ssl.site | 27 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/bank-demo.site | 17 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/blog-demo-ssl.site | 46 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/blog-demo.site | 43 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/blog-test.site | 5 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/demo-ssl.site | 35 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/demo.site | 90 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/exchange-demo-ssl.site | 25 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/exchange-demo.site | 15 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/exchange-test.site | 15 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/mint-demo-ssl.site | 24 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/mint-demo.site | 15 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/shop-demo-ssl.site | 54 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/shop-demo.site | 47 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/test.site | 2 |
15 files changed, 87 insertions, 373 deletions
diff --git a/etc/nginx/sites-enabled/bank-demo-ssl.site b/etc/nginx/sites-enabled/bank-demo-ssl.site deleted file mode 100644 index 23f990e..0000000 --- a/etc/nginx/sites-enabled/bank-demo-ssl.site +++ /dev/null @@ -1,27 +0,0 @@ -server { - listen 443 ssl; ## listen for ipv4; this line is default and implied - - root /home/demo/bank/website; - index index.php; - - # Make site accessible from http://localhost/ - server_name bank.demo.taler.net; - ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - ssl_dhparam /etc/ssl/certs/dhparam.pem; - ssl_protocols TLSv1.2 TLSv1.1 TLSv1; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - add_header Strict-Transport-Security "max-age=63072000; preload"; - - location / { - uwsgi_pass django-demo; - include /etc/nginx/uwsgi_params; - } - - - rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; - -} diff --git a/etc/nginx/sites-enabled/bank-demo.site b/etc/nginx/sites-enabled/bank-demo.site deleted file mode 100644 index fb9f223..0000000 --- a/etc/nginx/sites-enabled/bank-demo.site +++ /dev/null @@ -1,17 +0,0 @@ -upstream django-demo { - server 127.0.0.1:8001; -} - -server { - listen 80; ## listen for ipv4; this line is default and implied - - server_name bank.demo.taler.net; - - location / { - uwsgi_pass django-demo; - include /etc/nginx/uwsgi_params; - } - - rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; - -} diff --git a/etc/nginx/sites-enabled/blog-demo-ssl.site b/etc/nginx/sites-enabled/blog-demo-ssl.site deleted file mode 100644 index aa29d27..0000000 --- a/etc/nginx/sites-enabled/blog-demo-ssl.site +++ /dev/null @@ -1,46 +0,0 @@ -server { - listen 443 ssl; - - server_name blog.demo.taler.net; - - root /home/demo/merchant/examples/blog/; - index index.html; - - ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - ssl_dhparam /etc/ssl/certs/dhparam.pem; - ssl_protocols TLSv1.2 TLSv1.1 TLSv1; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - add_header Strict-Transport-Security "max-age=63072000; preload"; - - location / { - try_files $uri $uri/ =404; - rewrite /taler/pay /pay.php; - rewrite /taler/contract /generate_taler_contract.php; - } - - location /fullfillment { - rewrite /(.*) /$1.php; - } - - location /articles { - - internal; - } - - location ~ \.php$ { - fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - } - - location /backend { - rewrite /backend/(.*) /$1 break; - proxy_pass http://127.0.0.1:9966; - proxy_redirect off; - proxy_set_header Host $host; - } -} diff --git a/etc/nginx/sites-enabled/blog-demo.site b/etc/nginx/sites-enabled/blog-demo.site deleted file mode 100644 index e28303a..0000000 --- a/etc/nginx/sites-enabled/blog-demo.site +++ /dev/null @@ -1,43 +0,0 @@ -server { - listen 80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - server_name blog.demo.taler.net; - - root /home/demo/merchant/examples/blog; - index index.html; - - # Make site accessible from http://localhost/ - - location / { - try_files $uri $uri/ =404; - rewrite /taler/pay /pay.php; - rewrite /taler/contract /generate_taler_contract.php; - - } - - location /fullfillment { - rewrite /(.*) /$1.php; - - } - - location /articles { - - internal; - } - - location ~ \.php$ { - - fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - - } - - location /backend { - rewrite /backend/(.*) /$1 break; - proxy_pass http://127.0.0.1:9966; - proxy_redirect off; - proxy_set_header Host $host; - } -} diff --git a/etc/nginx/sites-enabled/blog-test.site b/etc/nginx/sites-enabled/blog-test.site deleted file mode 100644 index f023ae2..0000000 --- a/etc/nginx/sites-enabled/blog-test.site +++ /dev/null @@ -1,5 +0,0 @@ -server { - listen 80; - server_name blog.test.taler.net; - rewrite ^ https://$server_name$request_uri? permanent; -} diff --git a/etc/nginx/sites-enabled/demo-ssl.site b/etc/nginx/sites-enabled/demo-ssl.site deleted file mode 100644 index 4d965c8..0000000 --- a/etc/nginx/sites-enabled/demo-ssl.site +++ /dev/null @@ -1,35 +0,0 @@ -server { - listen 443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /home/demo/landing/; - index index.html; - - # Make site accessible from http://localhost/ - server_name demo.taler.net; - server_name www.demo.taler.net; - ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - ssl_dhparam /etc/ssl/certs/dhparam.pem; - ssl_protocols TLSv1.2 TLSv1.1 TLSv1; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - add_header Strict-Transport-Security "max-age=63072000; preload"; - - location ~ \.php$ { - fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - } - - location /extension { - root /home/demo/wallet/wallet_button/firefox_src/xpi/; - rewrite /extension /taler-wallet.xpi break; - } - - rewrite ^/bank $scheme://bank.demo.taler.net/ redirect; - rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; - rewrite ^/blog $scheme://blog.demo.taler.net/ redirect; -} diff --git a/etc/nginx/sites-enabled/demo.site b/etc/nginx/sites-enabled/demo.site index ad4e170..eb54533 100644 --- a/etc/nginx/sites-enabled/demo.site +++ b/etc/nginx/sites-enabled/demo.site @@ -1,6 +1,88 @@ server { - listen 80; - server_name demo.taler.net; - server_name www.demo.taler.net; - rewrite ^ https://$server_name$request_uri? permanent; + listen 80; + server_name demo.taler.net *.demo.taler.net; + rewrite ^ https://$server_name$request_uri? permanent; +} + + +server { + listen 443 ssl; + server_name demo.taler.net www.demo.taler.net; + root /home/demo/landing/; + include conf.d/demo.redirects; + include conf.d/talerssl; + ssi on; + index index.html; +} + + +server { + listen 443 ssl; + server_name exchange.demo.taler.net; + root /dev/null; + include conf.d/talerssl; + + location / { + proxy_pass http://unix:/home/demo/sockets/exchange.http:/; + proxy_redirect off; + proxy_set_header Host $host; + } +} + + +server { + listen 443 ssl; + server_name blog.demo.taler.net; + root /dev/null; + include conf.d/test.redirects; + include conf.d/talerssl; + ssi on; + + location / { + uwsgi_pass unix:/home/demo/sockets/blog.uwsgi; + include /etc/nginx/uwsgi_params; + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://unix:/home/demo/sockets/merchant.http:/; + proxy_redirect off; + proxy_set_header Host $host; + } +} + + +server { + listen 443 ssl; + server_name shop.demo.taler.net; + ssi on; + include conf.d/demo.redirects; + include conf.d/talerssl; + + location / { + uwsgi_pass unix:/home/demo/sockets/donations.uwsgi; + include /etc/nginx/uwsgi_params; + } + + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://unix:/home/demo/sockets/merchant.http:/; + proxy_redirect off; + proxy_set_header Host $host; + } +} + + +server { + listen 443 ssl; + server_name bank.test.taler.net; + ssi on; + include conf.d/test.redirects; + include conf.d/talerssl; + + location / { + uwsgi_pass unix:/home/demo/sockets/bank.uwsgi; + include /etc/nginx/uwsgi_params; + } } diff --git a/etc/nginx/sites-enabled/exchange-demo-ssl.site b/etc/nginx/sites-enabled/exchange-demo-ssl.site deleted file mode 100644 index 5761d4f..0000000 --- a/etc/nginx/sites-enabled/exchange-demo-ssl.site +++ /dev/null @@ -1,25 +0,0 @@ -server { - listen 443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /dev/null; - - server_name exchange.demo.taler.net; - - ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - ssl_dhparam /etc/ssl/certs/dhparam.pem; - ssl_protocols TLSv1.2 TLSv1.1 TLSv1; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - add_header Strict-Transport-Security "max-age=63072000; preload"; - - location / { - proxy_pass http://localhost:4241; - proxy_redirect off; - proxy_set_header Host $host; - } - -} diff --git a/etc/nginx/sites-enabled/exchange-demo.site b/etc/nginx/sites-enabled/exchange-demo.site deleted file mode 100644 index 5e8f1b0..0000000 --- a/etc/nginx/sites-enabled/exchange-demo.site +++ /dev/null @@ -1,15 +0,0 @@ -server { - listen 80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /dev/null; - - server_name exchange.demo.taler.net; - - location / { - proxy_pass http://localhost:4241; - proxy_redirect off; - proxy_set_header Host $host; - } - -} diff --git a/etc/nginx/sites-enabled/exchange-test.site b/etc/nginx/sites-enabled/exchange-test.site deleted file mode 100644 index 2841980..0000000 --- a/etc/nginx/sites-enabled/exchange-test.site +++ /dev/null @@ -1,15 +0,0 @@ -server { - listen 80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /dev/null; - - server_name exchange.test.taler.net; - - location / { - proxy_pass http://localhost:14241; - proxy_redirect off; - proxy_set_header Host $host; - } - -} diff --git a/etc/nginx/sites-enabled/mint-demo-ssl.site b/etc/nginx/sites-enabled/mint-demo-ssl.site deleted file mode 100644 index 8eeb3c5..0000000 --- a/etc/nginx/sites-enabled/mint-demo-ssl.site +++ /dev/null @@ -1,24 +0,0 @@ -server { - listen 443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /dev/null; - - server_name mint.demo.taler.net; - ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - ssl_dhparam /etc/ssl/certs/dhparam.pem; - ssl_protocols TLSv1.2 TLSv1.1 TLSv1; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - add_header Strict-Transport-Security "max-age=63072000; preload"; - - location / { - proxy_pass http://localhost:4241; - proxy_redirect off; - proxy_set_header Host $host; - } - -} diff --git a/etc/nginx/sites-enabled/mint-demo.site b/etc/nginx/sites-enabled/mint-demo.site deleted file mode 100644 index 070d0c9..0000000 --- a/etc/nginx/sites-enabled/mint-demo.site +++ /dev/null @@ -1,15 +0,0 @@ -server { - listen 80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /dev/null; - - server_name mint.demo.taler.net; - - location / { - proxy_pass http://localhost:4241; - proxy_redirect off; - proxy_set_header Host $host; - } - -} diff --git a/etc/nginx/sites-enabled/shop-demo-ssl.site b/etc/nginx/sites-enabled/shop-demo-ssl.site deleted file mode 100644 index 8d34446..0000000 --- a/etc/nginx/sites-enabled/shop-demo-ssl.site +++ /dev/null @@ -1,54 +0,0 @@ -server { - listen 443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - server_name shop.demo.taler.net; - ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - ssl_dhparam /etc/ssl/certs/dhparam.pem; - ssl_protocols TLSv1.2 TLSv1.1 TLSv1; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - add_header Strict-Transport-Security "max-age=63072000; preload"; - - root /home/demo/merchant/examples/shop/; - index index.php; - - # Make site accessible from http://localhost/ - - location / { - try_files $uri $uri/ =404; - rewrite /taler/pay /pay.php; - rewrite /taler/contract /generate_taler_contract.php; - - } - - location /fullfillment { - rewrite /(.*) /$1.php; - } - - location /test/contract { - rewrite (.*) /generate_taler_contract.php?cli_debug=yes; - } - - location /test/contract/frontend { - rewrite (.*) /generate_taler_contract.php?backend_test=no; - } - - location ~ \.php$ { - fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - } - - location /backend { - rewrite /backend/(.*) /$1 break; - proxy_pass http://127.0.0.1:9966; - proxy_redirect off; - proxy_set_header Host $host; - } - - rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; -} diff --git a/etc/nginx/sites-enabled/shop-demo.site b/etc/nginx/sites-enabled/shop-demo.site deleted file mode 100644 index 818c13f..0000000 --- a/etc/nginx/sites-enabled/shop-demo.site +++ /dev/null @@ -1,47 +0,0 @@ -server { - listen 80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - server_name shop.demo.taler.net; - - root /home/demo/merchant/examples/shop; - index index.php; - - # Make site accessible from http://localhost/ - - location / { - try_files $uri $uri/ =404; - rewrite /taler/pay /pay.php; - rewrite /taler/contract /generate_taler_contract.php; - - } - - location /fullfillment { - rewrite /(.*) /$1.php; - - } - - location /test/contract { - rewrite (.*) /generate_taler_contract.php?cli_debug=yes; - } - - location /test/contract/frontend { - rewrite (.*) /generate_taler_contract.php?backend_test=no; - } - - location ~ \.php$ { - - fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - } - - location /backend { - rewrite /backend/(.*) /$1 break; - proxy_pass http://127.0.0.1:9966; - proxy_redirect off; - proxy_set_header Host $host; - } - - rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; -} diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site index 8010072..3c45da5 100644 --- a/etc/nginx/sites-enabled/test.site +++ b/etc/nginx/sites-enabled/test.site @@ -1,6 +1,6 @@ server { listen 80; - server_name *.taler.net; + server_name test.taler.net *.test.taler.net; rewrite ^ https://$server_name$request_uri? permanent; } |