diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/nginx/sites-enabled/api-ssl.site | 1 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/api.site | 3 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/buildbot-ssl.site | 3 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/decentralise-ssl.site | 1 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/decentralise.site | 3 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/default.site | 2 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/demo.site | 8 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/gauger-ssl.site | 1 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/gauger.site | 1 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/git-ssl.site | 1 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/git.site | 1 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/lcov-ssl.site | 1 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/lcov.site | 1 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/sandbox.site | 2 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/test.site | 8 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/trollslayer.site | 3 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/www-ssl.site | 5 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/www.git-ssl.site | 7 | ||||
-rw-r--r-- | etc/nginx/sites-enabled/www.git.site | 5 |
19 files changed, 44 insertions, 13 deletions
diff --git a/etc/nginx/sites-enabled/api-ssl.site b/etc/nginx/sites-enabled/api-ssl.site index 733d4f9..c0cf2bd 100644 --- a/etc/nginx/sites-enabled/api-ssl.site +++ b/etc/nginx/sites-enabled/api-ssl.site @@ -1,4 +1,5 @@ server { + listen 443 ssl; listen [::]:443 ssl; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 diff --git a/etc/nginx/sites-enabled/api.site b/etc/nginx/sites-enabled/api.site index 80e3d38..0bf83ff 100644 --- a/etc/nginx/sites-enabled/api.site +++ b/etc/nginx/sites-enabled/api.site @@ -1,5 +1,6 @@ server { - listen [::]:80; ## listen for ipv4; this line is default and implied + listen 80; + listen [::]:80; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /var/www/api.taler.net/_build/html; diff --git a/etc/nginx/sites-enabled/buildbot-ssl.site b/etc/nginx/sites-enabled/buildbot-ssl.site index 0b408a5..8b7332f 100644 --- a/etc/nginx/sites-enabled/buildbot-ssl.site +++ b/etc/nginx/sites-enabled/buildbot-ssl.site @@ -1,4 +1,5 @@ server { + listen 443 ssl; listen [::]:443 ssl; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 @@ -25,7 +26,7 @@ server { error_page 502 /502.html; location = /502.html { - root /home/fournier/buildbot; + root /home/fournier/buildbot; } include conf.d/favicon_robots; diff --git a/etc/nginx/sites-enabled/decentralise-ssl.site b/etc/nginx/sites-enabled/decentralise-ssl.site index e30b5fd..866107f 100644 --- a/etc/nginx/sites-enabled/decentralise-ssl.site +++ b/etc/nginx/sites-enabled/decentralise-ssl.site @@ -1,4 +1,5 @@ server { + listen 443 ssl; listen [::]:443 ssl; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 diff --git a/etc/nginx/sites-enabled/decentralise.site b/etc/nginx/sites-enabled/decentralise.site index 055274e..b92fb0f 100644 --- a/etc/nginx/sites-enabled/decentralise.site +++ b/etc/nginx/sites-enabled/decentralise.site @@ -1,5 +1,6 @@ server { - listen [::]:80; ## listen for ipv4; this line is default and implied + listen 80; + listen [::]:80; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /var/www/decentralise; diff --git a/etc/nginx/sites-enabled/default.site b/etc/nginx/sites-enabled/default.site index 0e13406..e295383 100644 --- a/etc/nginx/sites-enabled/default.site +++ b/etc/nginx/sites-enabled/default.site @@ -1,5 +1,6 @@ # matched when no other server name matches server { + listen 80 default_server; listen [::]:80 default_server; # server name must simply something invalid ... server_name _; @@ -7,6 +8,7 @@ server { return 444; } server { + listen 443 ssl default_server; listen [::]:443 ssl default_server; include conf.d/talerssl; # server name must simply something invalid ... diff --git a/etc/nginx/sites-enabled/demo.site b/etc/nginx/sites-enabled/demo.site index e8e55b7..be9163e 100644 --- a/etc/nginx/sites-enabled/demo.site +++ b/etc/nginx/sites-enabled/demo.site @@ -1,4 +1,5 @@ server { + listen 80; listen [::]:80; server_name demo.taler.net *.demo.taler.net; rewrite ^ https://$host$request_uri? permanent; @@ -6,6 +7,7 @@ server { server { + listen 443 ssl; listen [::]:443 ssl; server_name demo.taler.net www.demo.taler.net; include conf.d/demo.redirects; @@ -21,6 +23,7 @@ server { server { + listen 443 ssl; listen [::]:443 ssl; server_name exchange.demo.taler.net; root /dev/null; @@ -35,6 +38,7 @@ server { server { + listen 443 ssl; listen [::]:443 ssl; server_name blog.demo.taler.net; root /dev/null; @@ -59,6 +63,7 @@ server { server { + listen 443 ssl; listen [::]:443 ssl; server_name shop.demo.taler.net; ssi on; @@ -83,6 +88,7 @@ server { server { + listen 443 ssl; listen [::]:443 ssl; server_name bank.demo.taler.net; ssi on; @@ -95,7 +101,7 @@ server { } location /admin/add/incoming { - allow 127.0.0.1; + allow 127.0.0.1; allow ::1; deny all; } diff --git a/etc/nginx/sites-enabled/gauger-ssl.site b/etc/nginx/sites-enabled/gauger-ssl.site index 0e1dcd8..89eb339 100644 --- a/etc/nginx/sites-enabled/gauger-ssl.site +++ b/etc/nginx/sites-enabled/gauger-ssl.site @@ -1,4 +1,5 @@ server { + listen 443 ssl; listen [::]:443 ssl; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 diff --git a/etc/nginx/sites-enabled/gauger.site b/etc/nginx/sites-enabled/gauger.site index 2b2782b..967f9e9 100644 --- a/etc/nginx/sites-enabled/gauger.site +++ b/etc/nginx/sites-enabled/gauger.site @@ -1,4 +1,5 @@ server { + listen 80; listen [::]:80; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 diff --git a/etc/nginx/sites-enabled/git-ssl.site b/etc/nginx/sites-enabled/git-ssl.site index bbbad09..f64bd05 100644 --- a/etc/nginx/sites-enabled/git-ssl.site +++ b/etc/nginx/sites-enabled/git-ssl.site @@ -1,4 +1,5 @@ server { + listen 443 ssl; listen [::]:443 ssl; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 diff --git a/etc/nginx/sites-enabled/git.site b/etc/nginx/sites-enabled/git.site index 655d317..c57e618 100644 --- a/etc/nginx/sites-enabled/git.site +++ b/etc/nginx/sites-enabled/git.site @@ -1,4 +1,5 @@ server { + listen 80; listen [::]:80; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 diff --git a/etc/nginx/sites-enabled/lcov-ssl.site b/etc/nginx/sites-enabled/lcov-ssl.site index b3532a9..e3f313d 100644 --- a/etc/nginx/sites-enabled/lcov-ssl.site +++ b/etc/nginx/sites-enabled/lcov-ssl.site @@ -1,4 +1,5 @@ server { + listen 443 ssl; listen [::]:443 ssl; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 diff --git a/etc/nginx/sites-enabled/lcov.site b/etc/nginx/sites-enabled/lcov.site index 44437d0..979c387 100644 --- a/etc/nginx/sites-enabled/lcov.site +++ b/etc/nginx/sites-enabled/lcov.site @@ -1,4 +1,5 @@ server { + listen 80; listen [::]:80; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 diff --git a/etc/nginx/sites-enabled/sandbox.site b/etc/nginx/sites-enabled/sandbox.site index 3a89301..9e32b17 100644 --- a/etc/nginx/sites-enabled/sandbox.site +++ b/etc/nginx/sites-enabled/sandbox.site @@ -1,10 +1,12 @@ server { + listen 80; listen [::]:80; server_name sandbox.taler.net *.sandbox.taler.net; rewrite ^ https://$host$request_uri? permanent; } server { + listen 443 ssl; listen [::]:443 ssl; server_name sandbox.taler.net; diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site index ded6abb..ca85aa9 100644 --- a/etc/nginx/sites-enabled/test.site +++ b/etc/nginx/sites-enabled/test.site @@ -1,4 +1,5 @@ server { + listen 80; listen [::]:80; server_name test.taler.net *.test.taler.net; rewrite ^ https://$host$request_uri? permanent; @@ -6,6 +7,7 @@ server { server { + listen 443 ssl; listen [::]:443 ssl; server_name test.taler.net www.test.taler.net; root /dev/null; @@ -21,6 +23,7 @@ server { server { + listen 443 ssl; listen [::]:443 ssl; server_name exchange.test.taler.net; root /dev/null; @@ -41,6 +44,7 @@ server { server { + listen 443 ssl; listen [::]:443 ssl; server_name blog.test.taler.net; root /dev/null; @@ -64,6 +68,7 @@ server { server { + listen 443 ssl; listen [::]:443 ssl; server_name shop.test.taler.net; ssi on; @@ -87,6 +92,7 @@ server { server { + listen 443 ssl; listen [::]:443 ssl; server_name bank.test.taler.net; ssi on; @@ -94,7 +100,7 @@ server { include conf.d/talerssl; location /admin/add/incoming { - allow 127.0.0.1; + allow 127.0.0.1; allow 131.254.145.3; deny all; uwsgi_pass unix:/home/test/sockets/bank.uwsgi; diff --git a/etc/nginx/sites-enabled/trollslayer.site b/etc/nginx/sites-enabled/trollslayer.site index 5003e78..1767fe6 100644 --- a/etc/nginx/sites-enabled/trollslayer.site +++ b/etc/nginx/sites-enabled/trollslayer.site @@ -1,5 +1,6 @@ server { - listen [::]:80; ## listen for ipv4; this line is default and implied + listen 80; + listen [::]:80; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 root /var/www/trollslayer/; diff --git a/etc/nginx/sites-enabled/www-ssl.site b/etc/nginx/sites-enabled/www-ssl.site index 1ccdda8..7e234ec 100644 --- a/etc/nginx/sites-enabled/www-ssl.site +++ b/etc/nginx/sites-enabled/www-ssl.site @@ -1,5 +1,6 @@ server { - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied + listen 443 ssl; + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 @@ -15,7 +16,7 @@ server { ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; add_header Strict-Transport-Security "max-age=63072000; preload"; - + location / { root /var/www/taler.net; autoindex off; diff --git a/etc/nginx/sites-enabled/www.git-ssl.site b/etc/nginx/sites-enabled/www.git-ssl.site index 81b2c41..404585d 100644 --- a/etc/nginx/sites-enabled/www.git-ssl.site +++ b/etc/nginx/sites-enabled/www.git-ssl.site @@ -1,10 +1,11 @@ server { - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied + listen 443 ssl; + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 # Make site accessible from http://localhost/ server_name www.git.taler.net; - + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; ssl_prefer_server_ciphers on; @@ -24,7 +25,7 @@ server { fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; fastcgi_pass unix:/var/run/fcgiwrap.socket; } - + location / { root /usr/share/gitweb/; index index.cgi; diff --git a/etc/nginx/sites-enabled/www.git.site b/etc/nginx/sites-enabled/www.git.site index 4b3fc3d..26679be 100644 --- a/etc/nginx/sites-enabled/www.git.site +++ b/etc/nginx/sites-enabled/www.git.site @@ -1,10 +1,11 @@ server { + listen 80; listen [::]:80; ## listen for ipv4; this line is default and implied # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 # Make site accessible from http://localhost/ server_name www.git.taler.net; - + location /index.cgi { root /usr/share/gitweb/; @@ -15,7 +16,7 @@ server { fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; fastcgi_pass unix:/var/run/fcgiwrap.socket; } - + location / { root /usr/share/gitweb/; index index.cgi; |