summaryrefslogtreecommitdiff
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/nginx/sites-enabled/api-ssl.site1
-rw-r--r--etc/nginx/sites-enabled/api.site3
-rw-r--r--etc/nginx/sites-enabled/buildbot-ssl.site3
-rw-r--r--etc/nginx/sites-enabled/decentralise-ssl.site1
-rw-r--r--etc/nginx/sites-enabled/decentralise.site3
-rw-r--r--etc/nginx/sites-enabled/default.site2
-rw-r--r--etc/nginx/sites-enabled/demo.site8
-rw-r--r--etc/nginx/sites-enabled/gauger-ssl.site1
-rw-r--r--etc/nginx/sites-enabled/gauger.site1
-rw-r--r--etc/nginx/sites-enabled/git-ssl.site1
-rw-r--r--etc/nginx/sites-enabled/git.site1
-rw-r--r--etc/nginx/sites-enabled/lcov-ssl.site1
-rw-r--r--etc/nginx/sites-enabled/lcov.site1
-rw-r--r--etc/nginx/sites-enabled/sandbox.site2
-rw-r--r--etc/nginx/sites-enabled/test.site8
-rw-r--r--etc/nginx/sites-enabled/trollslayer.site3
-rw-r--r--etc/nginx/sites-enabled/www-ssl.site5
-rw-r--r--etc/nginx/sites-enabled/www.git-ssl.site7
-rw-r--r--etc/nginx/sites-enabled/www.git.site5
19 files changed, 44 insertions, 13 deletions
diff --git a/etc/nginx/sites-enabled/api-ssl.site b/etc/nginx/sites-enabled/api-ssl.site
index 733d4f9..c0cf2bd 100644
--- a/etc/nginx/sites-enabled/api-ssl.site
+++ b/etc/nginx/sites-enabled/api-ssl.site
@@ -1,4 +1,5 @@
server {
+ listen 443 ssl;
listen [::]:443 ssl; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
diff --git a/etc/nginx/sites-enabled/api.site b/etc/nginx/sites-enabled/api.site
index 80e3d38..0bf83ff 100644
--- a/etc/nginx/sites-enabled/api.site
+++ b/etc/nginx/sites-enabled/api.site
@@ -1,5 +1,6 @@
server {
- listen [::]:80; ## listen for ipv4; this line is default and implied
+ listen 80;
+ listen [::]:80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /var/www/api.taler.net/_build/html;
diff --git a/etc/nginx/sites-enabled/buildbot-ssl.site b/etc/nginx/sites-enabled/buildbot-ssl.site
index 0b408a5..8b7332f 100644
--- a/etc/nginx/sites-enabled/buildbot-ssl.site
+++ b/etc/nginx/sites-enabled/buildbot-ssl.site
@@ -1,4 +1,5 @@
server {
+ listen 443 ssl;
listen [::]:443 ssl; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
@@ -25,7 +26,7 @@ server {
error_page 502 /502.html;
location = /502.html {
- root /home/fournier/buildbot;
+ root /home/fournier/buildbot;
}
include conf.d/favicon_robots;
diff --git a/etc/nginx/sites-enabled/decentralise-ssl.site b/etc/nginx/sites-enabled/decentralise-ssl.site
index e30b5fd..866107f 100644
--- a/etc/nginx/sites-enabled/decentralise-ssl.site
+++ b/etc/nginx/sites-enabled/decentralise-ssl.site
@@ -1,4 +1,5 @@
server {
+ listen 443 ssl;
listen [::]:443 ssl; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
diff --git a/etc/nginx/sites-enabled/decentralise.site b/etc/nginx/sites-enabled/decentralise.site
index 055274e..b92fb0f 100644
--- a/etc/nginx/sites-enabled/decentralise.site
+++ b/etc/nginx/sites-enabled/decentralise.site
@@ -1,5 +1,6 @@
server {
- listen [::]:80; ## listen for ipv4; this line is default and implied
+ listen 80;
+ listen [::]:80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /var/www/decentralise;
diff --git a/etc/nginx/sites-enabled/default.site b/etc/nginx/sites-enabled/default.site
index 0e13406..e295383 100644
--- a/etc/nginx/sites-enabled/default.site
+++ b/etc/nginx/sites-enabled/default.site
@@ -1,5 +1,6 @@
# matched when no other server name matches
server {
+ listen 80 default_server;
listen [::]:80 default_server;
# server name must simply something invalid ...
server_name _;
@@ -7,6 +8,7 @@ server {
return 444;
}
server {
+ listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include conf.d/talerssl;
# server name must simply something invalid ...
diff --git a/etc/nginx/sites-enabled/demo.site b/etc/nginx/sites-enabled/demo.site
index e8e55b7..be9163e 100644
--- a/etc/nginx/sites-enabled/demo.site
+++ b/etc/nginx/sites-enabled/demo.site
@@ -1,4 +1,5 @@
server {
+ listen 80;
listen [::]:80;
server_name demo.taler.net *.demo.taler.net;
rewrite ^ https://$host$request_uri? permanent;
@@ -6,6 +7,7 @@ server {
server {
+ listen 443 ssl;
listen [::]:443 ssl;
server_name demo.taler.net www.demo.taler.net;
include conf.d/demo.redirects;
@@ -21,6 +23,7 @@ server {
server {
+ listen 443 ssl;
listen [::]:443 ssl;
server_name exchange.demo.taler.net;
root /dev/null;
@@ -35,6 +38,7 @@ server {
server {
+ listen 443 ssl;
listen [::]:443 ssl;
server_name blog.demo.taler.net;
root /dev/null;
@@ -59,6 +63,7 @@ server {
server {
+ listen 443 ssl;
listen [::]:443 ssl;
server_name shop.demo.taler.net;
ssi on;
@@ -83,6 +88,7 @@ server {
server {
+ listen 443 ssl;
listen [::]:443 ssl;
server_name bank.demo.taler.net;
ssi on;
@@ -95,7 +101,7 @@ server {
}
location /admin/add/incoming {
- allow 127.0.0.1;
+ allow 127.0.0.1;
allow ::1;
deny all;
}
diff --git a/etc/nginx/sites-enabled/gauger-ssl.site b/etc/nginx/sites-enabled/gauger-ssl.site
index 0e1dcd8..89eb339 100644
--- a/etc/nginx/sites-enabled/gauger-ssl.site
+++ b/etc/nginx/sites-enabled/gauger-ssl.site
@@ -1,4 +1,5 @@
server {
+ listen 443 ssl;
listen [::]:443 ssl; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
diff --git a/etc/nginx/sites-enabled/gauger.site b/etc/nginx/sites-enabled/gauger.site
index 2b2782b..967f9e9 100644
--- a/etc/nginx/sites-enabled/gauger.site
+++ b/etc/nginx/sites-enabled/gauger.site
@@ -1,4 +1,5 @@
server {
+ listen 80;
listen [::]:80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
diff --git a/etc/nginx/sites-enabled/git-ssl.site b/etc/nginx/sites-enabled/git-ssl.site
index bbbad09..f64bd05 100644
--- a/etc/nginx/sites-enabled/git-ssl.site
+++ b/etc/nginx/sites-enabled/git-ssl.site
@@ -1,4 +1,5 @@
server {
+ listen 443 ssl;
listen [::]:443 ssl; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
diff --git a/etc/nginx/sites-enabled/git.site b/etc/nginx/sites-enabled/git.site
index 655d317..c57e618 100644
--- a/etc/nginx/sites-enabled/git.site
+++ b/etc/nginx/sites-enabled/git.site
@@ -1,4 +1,5 @@
server {
+ listen 80;
listen [::]:80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
diff --git a/etc/nginx/sites-enabled/lcov-ssl.site b/etc/nginx/sites-enabled/lcov-ssl.site
index b3532a9..e3f313d 100644
--- a/etc/nginx/sites-enabled/lcov-ssl.site
+++ b/etc/nginx/sites-enabled/lcov-ssl.site
@@ -1,4 +1,5 @@
server {
+ listen 443 ssl;
listen [::]:443 ssl; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
diff --git a/etc/nginx/sites-enabled/lcov.site b/etc/nginx/sites-enabled/lcov.site
index 44437d0..979c387 100644
--- a/etc/nginx/sites-enabled/lcov.site
+++ b/etc/nginx/sites-enabled/lcov.site
@@ -1,4 +1,5 @@
server {
+ listen 80;
listen [::]:80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
diff --git a/etc/nginx/sites-enabled/sandbox.site b/etc/nginx/sites-enabled/sandbox.site
index 3a89301..9e32b17 100644
--- a/etc/nginx/sites-enabled/sandbox.site
+++ b/etc/nginx/sites-enabled/sandbox.site
@@ -1,10 +1,12 @@
server {
+ listen 80;
listen [::]:80;
server_name sandbox.taler.net *.sandbox.taler.net;
rewrite ^ https://$host$request_uri? permanent;
}
server {
+ listen 443 ssl;
listen [::]:443 ssl;
server_name sandbox.taler.net;
diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site
index ded6abb..ca85aa9 100644
--- a/etc/nginx/sites-enabled/test.site
+++ b/etc/nginx/sites-enabled/test.site
@@ -1,4 +1,5 @@
server {
+ listen 80;
listen [::]:80;
server_name test.taler.net *.test.taler.net;
rewrite ^ https://$host$request_uri? permanent;
@@ -6,6 +7,7 @@ server {
server {
+ listen 443 ssl;
listen [::]:443 ssl;
server_name test.taler.net www.test.taler.net;
root /dev/null;
@@ -21,6 +23,7 @@ server {
server {
+ listen 443 ssl;
listen [::]:443 ssl;
server_name exchange.test.taler.net;
root /dev/null;
@@ -41,6 +44,7 @@ server {
server {
+ listen 443 ssl;
listen [::]:443 ssl;
server_name blog.test.taler.net;
root /dev/null;
@@ -64,6 +68,7 @@ server {
server {
+ listen 443 ssl;
listen [::]:443 ssl;
server_name shop.test.taler.net;
ssi on;
@@ -87,6 +92,7 @@ server {
server {
+ listen 443 ssl;
listen [::]:443 ssl;
server_name bank.test.taler.net;
ssi on;
@@ -94,7 +100,7 @@ server {
include conf.d/talerssl;
location /admin/add/incoming {
- allow 127.0.0.1;
+ allow 127.0.0.1;
allow 131.254.145.3;
deny all;
uwsgi_pass unix:/home/test/sockets/bank.uwsgi;
diff --git a/etc/nginx/sites-enabled/trollslayer.site b/etc/nginx/sites-enabled/trollslayer.site
index 5003e78..1767fe6 100644
--- a/etc/nginx/sites-enabled/trollslayer.site
+++ b/etc/nginx/sites-enabled/trollslayer.site
@@ -1,5 +1,6 @@
server {
- listen [::]:80; ## listen for ipv4; this line is default and implied
+ listen 80;
+ listen [::]:80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /var/www/trollslayer/;
diff --git a/etc/nginx/sites-enabled/www-ssl.site b/etc/nginx/sites-enabled/www-ssl.site
index 1ccdda8..7e234ec 100644
--- a/etc/nginx/sites-enabled/www-ssl.site
+++ b/etc/nginx/sites-enabled/www-ssl.site
@@ -1,5 +1,6 @@
server {
- listen [::]:443 ssl; ## listen for ipv4; this line is default and implied
+ listen 443 ssl;
+ listen [::]:443 ssl; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
@@ -15,7 +16,7 @@ server {
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
add_header Strict-Transport-Security "max-age=63072000; preload";
-
+
location / {
root /var/www/taler.net;
autoindex off;
diff --git a/etc/nginx/sites-enabled/www.git-ssl.site b/etc/nginx/sites-enabled/www.git-ssl.site
index 81b2c41..404585d 100644
--- a/etc/nginx/sites-enabled/www.git-ssl.site
+++ b/etc/nginx/sites-enabled/www.git-ssl.site
@@ -1,10 +1,11 @@
server {
- listen [::]:443 ssl; ## listen for ipv4; this line is default and implied
+ listen 443 ssl;
+ listen [::]:443 ssl; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
# Make site accessible from http://localhost/
server_name www.git.taler.net;
-
+
ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
ssl_prefer_server_ciphers on;
@@ -24,7 +25,7 @@ server {
fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
-
+
location / {
root /usr/share/gitweb/;
index index.cgi;
diff --git a/etc/nginx/sites-enabled/www.git.site b/etc/nginx/sites-enabled/www.git.site
index 4b3fc3d..26679be 100644
--- a/etc/nginx/sites-enabled/www.git.site
+++ b/etc/nginx/sites-enabled/www.git.site
@@ -1,10 +1,11 @@
server {
+ listen 80;
listen [::]:80; ## listen for ipv4; this line is default and implied
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
# Make site accessible from http://localhost/
server_name www.git.taler.net;
-
+
location /index.cgi {
root /usr/share/gitweb/;
@@ -15,7 +16,7 @@ server {
fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
-
+
location / {
root /usr/share/gitweb/;
index index.cgi;
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-03 06:33:53 +0000