diff options
Diffstat (limited to 'guix/etc/nginx/sites-enabled')
27 files changed, 0 insertions, 1144 deletions
diff --git a/guix/etc/nginx/sites-enabled/api-ssl.site b/guix/etc/nginx/sites-enabled/api-ssl.site deleted file mode 100644 index 6f5fd69..0000000 --- a/guix/etc/nginx/sites-enabled/api-ssl.site +++ /dev/null @@ -1,9 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - server_name api.taler.net - www.api.taler.net; - rewrite ^ https://docs.taler.net$request_uri? permanent; -} diff --git a/guix/etc/nginx/sites-enabled/api.site b/guix/etc/nginx/sites-enabled/api.site deleted file mode 100644 index 21e7efe..0000000 --- a/guix/etc/nginx/sites-enabled/api.site +++ /dev/null @@ -1,8 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name api.taler.net - www.api.taler.net; - - rewrite ^ https://docs.taler.net$request_uri? permanent; -} diff --git a/guix/etc/nginx/sites-enabled/buildbot-ssl.site b/guix/etc/nginx/sites-enabled/buildbot-ssl.site deleted file mode 100644 index ba998bb..0000000 --- a/guix/etc/nginx/sites-enabled/buildbot-ssl.site +++ /dev/null @@ -1,23 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/www/buildbot/; - - # Make site accessible from http://localhost/ - server_name buildbot.taler.net; - server_name www.buildbot.taler.net; - server_name bb.taler.net; - include conf.d/talerssl; - - location / { - proxy_pass http://127.0.0.1:8010; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - - include conf.d/favicon_robots; -} diff --git a/guix/etc/nginx/sites-enabled/buildbot.site b/guix/etc/nginx/sites-enabled/buildbot.site deleted file mode 100644 index 77eb805..0000000 --- a/guix/etc/nginx/sites-enabled/buildbot.site +++ /dev/null @@ -1,14 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/www/buildbot/; - - # Make site accessible from http://localhost/ - server_name buildbot.taler.net; - server_name www.buildbot.taler.net; - server_name bb.taler.net; - - rewrite ^ https://$server_name$request_uri? permanent; -} diff --git a/guix/etc/nginx/sites-enabled/decentralise-ssl.site b/guix/etc/nginx/sites-enabled/decentralise-ssl.site deleted file mode 100644 index 9dd0470..0000000 --- a/guix/etc/nginx/sites-enabled/decentralise-ssl.site +++ /dev/null @@ -1,14 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/www/decentralise; - - # Make site accessible from http://localhost/ - server_name www.decentralise.rennes.inria.fr; - server_name decentralise.rennes.inria.fr; - include conf.d/talerssl; - - rewrite / http://www.inria.fr/en/teams/decentralise redirect; -} diff --git a/guix/etc/nginx/sites-enabled/decentralise.site b/guix/etc/nginx/sites-enabled/decentralise.site deleted file mode 100644 index b92fb0f..0000000 --- a/guix/etc/nginx/sites-enabled/decentralise.site +++ /dev/null @@ -1,13 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/www/decentralise; - - # Make site accessible from http://localhost/ - server_name www.decentralise.rennes.inria.fr; - server_name decentralise.rennes.inria.fr; - - rewrite / http://www.inria.fr/en/teams/decentralise redirect; -} diff --git a/guix/etc/nginx/sites-enabled/default.site b/guix/etc/nginx/sites-enabled/default.site deleted file mode 100644 index 2d88ab2..0000000 --- a/guix/etc/nginx/sites-enabled/default.site +++ /dev/null @@ -1,18 +0,0 @@ -# matched when no other server name matches -server { - listen 80 default_server; - listen [::]:80 default_server; - # server name must simply something invalid ... - server_name _; - # drop connection, special nginx status code - return 444; -} -# server { -# listen 443 ssl default_server; -# listen [::]:443 ssl default_server; -# include conf.d/talerssl; -# # server name must simply something invalid ... -# server_name _; -# # drop connection, special nginx status code -# return 444; -# } diff --git a/guix/etc/nginx/sites-enabled/demo.site b/guix/etc/nginx/sites-enabled/demo.site deleted file mode 100644 index 16d9698..0000000 --- a/guix/etc/nginx/sites-enabled/demo.site +++ /dev/null @@ -1,159 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name demo.taler.net - bank.demo.taler.net - shop.demo.taler.net - donations.demo.taler.net - survey.demo.taler.net - auditor.demo.taler.net - exchange.demo.taler.net; - - # 301-based ridirects allows the user agent to *change* the - # method used in the second request. This breaks all the API - # using POST, as some user agents do the second request using - # GET. 307 is meant to tell the user agent to not change the - # method in the second request. - if ($request_method = POST) { return 307 https://$host$request_uri; } - return 301 https://$host$request_uri; - -} - - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name auditor.demo.taler.net; - include conf.d/talerssl; - location / { - rewrite ^/$ /en/ redirect; - rewrite ^/(..)/$ /$1/index.html break; - recursive_error_pages on; - root /home/demo/auditor; - } - include conf.d/favicon_robots; -} - - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name demo.taler.net www.demo.taler.net; - rewrite /javascript /javascript.html break; - include conf.d/talerssl; - location / { - rewrite ^/$ /en/ redirect; - rewrite ^/(..)/$ /$1/index.html break; - root /home/demo/landing/demo; - } - - include conf.d/favicon_robots; -} - - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name exchange.demo.taler.net; - root /dev/null; - include conf.d/talerssl; - - location /admin { - proxy_pass http://unix:/home/demo/sockets/exchange-admin.http; - proxy_redirect off; - proxy_set_header Host $host; - } - - location / { - proxy_pass http://unix:/home/demo/sockets/exchange.http:/; - proxy_redirect off; - proxy_set_header Host $host; - } -} - -server { - listen 443 ssl; - listen 80; - listen [::]:443 ssl; - listen [::]:80; - server_name backend.demo.taler.net; - include conf.d/talerssl; - - location /public { - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host "backend.demo.taler.net"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_pass http://unix:/home/demo/sockets/merchant.http:/public; - } - - location / { - # match the ApiKey part ignoring case, and the actual key - # with case-sensitivity on. - if ($http_authorization !~ "(?i)ApiKey (?-i)sandbox") { - return 401; - } - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host "backend.demo.taler.net"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_pass http://unix:/home/demo/sockets/merchant.http:/; - } -} - - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name donations.demo.taler.net; - include conf.d/talerssl; - - location / { - uwsgi_pass unix:/home/demo/sockets/donations.uwsgi; - include /etc/nginx/uwsgi_params; - } - - include conf.d/favicon_robots; -} - - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name shop.demo.taler.net; - include conf.d/talerssl; - - location / { - uwsgi_pass unix:/home/demo/sockets/shop.uwsgi; - include /etc/nginx/uwsgi_params; - } - - include conf.d/favicon_robots; -} - - -server { - server_name survey.demo.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - include conf.d/talerssl; - - location / { - uwsgi_pass unix:/home/demo/sockets/survey.uwsgi; - include /etc/nginx/uwsgi_params; - } -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name bank.demo.taler.net; - include conf.d/talerssl; - - location / { - uwsgi_pass unix:/home/demo/sockets/bank.uwsgi; - include /etc/nginx/uwsgi_params; - } - - include conf.d/favicon_robots; -} diff --git a/guix/etc/nginx/sites-enabled/docs-ssl.site b/guix/etc/nginx/sites-enabled/docs-ssl.site deleted file mode 100644 index 923d703..0000000 --- a/guix/etc/nginx/sites-enabled/docs-ssl.site +++ /dev/null @@ -1,69 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - # Temporary, as this doesn't do i18n - root /home/docbuilder/build/docs-landing/; - - # Make site accessible from http://localhost/ - server_name docs.taler.net - www.docs.taler.net; - - include conf.d/talerssl; - - location / { - autoindex off; - ssi off; -# ssi_last_modified on; - - - rewrite ^/$ /$index_redirect_uri/ redirect; - rewrite ^/(..)/$ /$1/index.html break; - } - - - location /code/exchange { - alias /home/docbuilder/build/exchange/doxygen; - } - - location /code/merchant { - alias /home/docbuilder/build/merchant-backend/doxygen; - } - - location /onboarding { - alias /home/docbuilder/build/onboarding/; - } - - location /bank { - alias /home/docbuilder/build/bank/manual; - } - - location /backoffice { - alias /home/docbuilder/build/backoffice/; - } - - location /exchange { - alias /home/docbuilder/build/exchange/manual; - } - - location /merchant/backend { - alias /home/docbuilder/build/merchant-backend/manual; - } - - location /merchant/frontend { - alias /home/docbuilder/build/merchant-frontend/; - } - - location /api { - autoindex off; - alias /home/docbuilder/build/api/html; - } - - # Associated to /api route. - location /_static { - alias /home/docbuilder/api/html/_static; - } - - include conf.d/favicon_robots; -} diff --git a/guix/etc/nginx/sites-enabled/docs.site b/guix/etc/nginx/sites-enabled/docs.site deleted file mode 100644 index 8e01608..0000000 --- a/guix/etc/nginx/sites-enabled/docs.site +++ /dev/null @@ -1,7 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name docs.taler.net; - - rewrite ^ https://$host$request_uri? permanent; -} diff --git a/guix/etc/nginx/sites-enabled/env.site b/guix/etc/nginx/sites-enabled/env.site deleted file mode 100644 index fbe31aa..0000000 --- a/guix/etc/nginx/sites-enabled/env.site +++ /dev/null @@ -1,85 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name env.taler.net; - rewrite ^ https://$host$request_uri? permanent; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name env.taler.net; - include conf.d/talerssl; - root /dev/null; - # rewrite_log on; - - # add trailing slashes to apps - rewrite ^/(?<user>[a-zA-Z0-9-_]+)/(?<app>[a-zA-Z0-9-_]+)$ /$user/$app/ redirect; - # add trailing slashes to user - rewrite ^/(?<user>[a-zA-Z0-9-_]+)$ /$user/ redirect; - rewrite ^/(?<user>[a-zA-Z0-9-_]+)/$ /$user/en/ redirect; - - # aliases to get from one page to the other - rewrite ^/(?<user>[a-zA-Z0-9-_]+)/(?<app>[a-zA-Z0-9-_]+)/landing /$user/ redirect; - rewrite ^/(?<user>[a-zA-Z0-9-_]+)/(?<app>[a-zA-Z0-9-_]+)/bank /$user/bank redirect; - rewrite ^/(?<user>[a-zA-Z0-9-_]+)/(?<app>[a-zA-Z0-9-_]+)/shop /$user/shop redirect; - rewrite ^/(?<user>[a-zA-Z0-9-_]+)/(?<app>[a-zA-Z0-9-_]+)/donations /$user/donations redirect; - rewrite ^/(?<user>[a-zA-Z0-9-_]+)/(?<app>[a-zA-Z0-9-_]+)/survey /$user/survey redirect; - - location ~ ^/(?<user>[a-zA-Z0-9-_]+)/exchange/(?<req>.*) { - proxy_pass http://unix:/home/$user/sockets/exchange.http:/$req$is_args$args; - proxy_redirect off; - proxy_set_header Host $host; - } - - location ~ ^/(?<user>[a-zA-Z0-9-_]+)/merchant-backend/(?<req>.*) { - proxy_pass http://unix:/home/$user/sockets/merchant.http:/$req; - proxy_redirect off; - proxy_set_header Host $host; - } - - location ~ ^/(?<user>[a-zA-Z0-9-_]+)/bank(?<req>/?.*|)$ { - uwsgi_pass unix:/home/$user/sockets/bank.uwsgi; - include /etc/nginx/uwsgi_params; - uwsgi_param SCRIPT_NAME "/$user/bank/"; - uwsgi_param PATH_INFO "$req"; - } - - location ~ ^/(?<user>[a-zA-Z0-9-_]+)/shop(?<req>/?.*|)$ { - uwsgi_pass unix:/home/$user/sockets/shop.uwsgi; - include /etc/nginx/uwsgi_params; - uwsgi_param SCRIPT_NAME "/$user/shop/"; - uwsgi_param PATH_INFO "$req"; - } - - location ~ ^/(?<user>[a-zA-Z0-9-_]+)/donations(?<req>/.*|)$ { - uwsgi_pass unix:/home/$user/sockets/donations.uwsgi; - include /etc/nginx/uwsgi_params; - uwsgi_param SCRIPT_NAME "/$user/donations/"; - uwsgi_param PATH_INFO "$req"; - } - - location ~ ^/(?<user>[a-zA-Z0-9-_]+)(?<req>/.*|)$ { - # add index.html - rewrite ^/(.*)/(..)/$ /$1/$2/index.html last; - # strip /user/ - rewrite ^/([a-zA-Z0-9-_]+)/(.*)$ /$2 break; - root /home/$user/landing/demo; - } - - location ~ ^/(?<user>[a-zA-Z0-9-_]+)/auditor(?<req>/.*|)$ { - uwsgi_pass unix:/home/$user/sockets/auditor.uwsgi; - include /etc/nginx/uwsgi_params; - uwsgi_param SCRIPT_NAME "/$user/"; - uwsgi_param PATH_INFO "$req"; - } - - location ~ ^/(?<user>[a-zA-Z0-9-_]+)/survey(?<req>/.*|)$ { - uwsgi_pass unix:/home/$user/sockets/survey.uwsgi; - include /etc/nginx/uwsgi_params; - uwsgi_param SCRIPT_NAME "/$user/"; - uwsgi_param PATH_INFO "$req"; - } - - include conf.d/favicon_robots; -} diff --git a/guix/etc/nginx/sites-enabled/gauger-ssl.site b/guix/etc/nginx/sites-enabled/gauger-ssl.site deleted file mode 100644 index e889b59..0000000 --- a/guix/etc/nginx/sites-enabled/gauger-ssl.site +++ /dev/null @@ -1,18 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/www/gauger/; - - # Make site accessible from http://localhost/ - server_name gauger.taler.net; - server_name www.gauger.taler.net; - include conf.d/talerssl; - - location / { - proxy_pass http://localhost:1801; - proxy_redirect off; - proxy_set_header Host $host; - } -} diff --git a/guix/etc/nginx/sites-enabled/gauger.site b/guix/etc/nginx/sites-enabled/gauger.site deleted file mode 100644 index 967f9e9..0000000 --- a/guix/etc/nginx/sites-enabled/gauger.site +++ /dev/null @@ -1,17 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/www/gauger/; - - # Make site accessible from http://localhost/ - server_name gauger.taler.net; - server_name www.gauger.taler.net; - - location / { - proxy_pass http://localhost:1801; - proxy_redirect off; - proxy_set_header Host $host; - } -} diff --git a/guix/etc/nginx/sites-enabled/git-ssl.site b/guix/etc/nginx/sites-enabled/git-ssl.site deleted file mode 100644 index ea7cf0f..0000000 --- a/guix/etc/nginx/sites-enabled/git-ssl.site +++ /dev/null @@ -1,30 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - - root /srv/git; - server_name git.taler.net; - include conf.d/talerssl; - - access_log /var/log/nginx/git.taler.net_access.log; - error_log /var/log/nginx/git.taler.net_error.log notice; - - location ~ ^(.*?)\.git/(HEAD|info/refs|objects/.*|git-upload-pack)$ { - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME /run/current-system/profile/libexec/git-core/git-http-backend; - fastcgi_param GIT_PROJECT_ROOT /home/git/repositories; - fastcgi_param PATH_INFO $uri; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - location /cgit { - root /var/www; - } - - location / { - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME /run/current-system/profile/lib/cgit.cgi; - fastcgi_param PATH_INFO $uri; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } -} diff --git a/guix/etc/nginx/sites-enabled/git.site b/guix/etc/nginx/sites-enabled/git.site deleted file mode 100644 index e10fcc6..0000000 --- a/guix/etc/nginx/sites-enabled/git.site +++ /dev/null @@ -1,10 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /srv/git; - server_name git.taler.net; - - rewrite ^ https://$server_name$request_uri? permanent; -} diff --git a/guix/etc/nginx/sites-enabled/intranet-ssl.site b/guix/etc/nginx/sites-enabled/intranet-ssl.site deleted file mode 100644 index 3390403..0000000 --- a/guix/etc/nginx/sites-enabled/intranet-ssl.site +++ /dev/null @@ -1,15 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/git; - server_name intranet.taler.net; - include conf.d/talerssl; - location / { - proxy_pass http://127.0.0.1:8018; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header HTTPS on; - } -} diff --git a/guix/etc/nginx/sites-enabled/intranet.site b/guix/etc/nginx/sites-enabled/intranet.site deleted file mode 100644 index 66217db..0000000 --- a/guix/etc/nginx/sites-enabled/intranet.site +++ /dev/null @@ -1,10 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - # Make site accessible from http://localhost/ - server_name intranet.taler.net; - - rewrite ^ https://$server_name$request_uri? permanent; -} diff --git a/guix/etc/nginx/sites-enabled/lcov-ssl.site b/guix/etc/nginx/sites-enabled/lcov-ssl.site deleted file mode 100644 index 0620bfe..0000000 --- a/guix/etc/nginx/sites-enabled/lcov-ssl.site +++ /dev/null @@ -1,20 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/www/lcov.taler.net/; - - # Make site accessible from http://localhost/ - server_name lcov.taler.net; - server_name www.lcov.taler.net; - include conf.d/talerssl; - - location / { - autoindex on; - ssi off; -# ssi_last_modified on; - } - - include conf.d/favicon_robots; -} diff --git a/guix/etc/nginx/sites-enabled/lcov.site b/guix/etc/nginx/sites-enabled/lcov.site deleted file mode 100644 index 979c387..0000000 --- a/guix/etc/nginx/sites-enabled/lcov.site +++ /dev/null @@ -1,19 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/www/lcov.taler.net/; - - # Make site accessible from http://localhost/ - server_name lcov.taler.net; - server_name www.lcov.taler.net; - - location / { - autoindex on; - ssi off; -# ssi_last_modified on; - } - - include conf.d/favicon_robots; -} diff --git a/guix/etc/nginx/sites-enabled/sandbox.site b/guix/etc/nginx/sites-enabled/sandbox.site deleted file mode 100644 index 9e32b17..0000000 --- a/guix/etc/nginx/sites-enabled/sandbox.site +++ /dev/null @@ -1,20 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name sandbox.taler.net *.sandbox.taler.net; - rewrite ^ https://$host$request_uri? permanent; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - - server_name sandbox.taler.net; - include conf.d/talerssl; - - location / { - root /home/sandbox/sandbox_landing/; - autoindex off; - index index.html; - } -} diff --git a/guix/etc/nginx/sites-enabled/test.site b/guix/etc/nginx/sites-enabled/test.site deleted file mode 100644 index 7c4f847..0000000 --- a/guix/etc/nginx/sites-enabled/test.site +++ /dev/null @@ -1,379 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name test.taler.net - bank.test.taler.net - shop.test.taler.net - donations.test.taler.net - survey.test.taler.net - auditor.test.taler.net - exchange.test.taler.net - backoffice.test.taler.net; - - # 301-based ridirects allows the user agent to *change* the - # method used in the second request. This breaks all the API - # using POST, as some user agents do the second request using - # GET. 307 is meant to tell the user agent to not change the - # method in the second request. - if ($request_method = POST) { return 307 https://$host$request_uri; } - return 301 https://$host$request_uri; -} - -server { - server_name test.taler.net www.test.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - rewrite /javascript /javascript.html break; - include conf.d/talerssl; - location @green { - add_header X-Taler-Deployment-Color green; - root /home/test-green/landing/demo; - } - location @blue { - add_header X-Taler-Deployment-Color blue; - root /home/test-blue/landing/demo; - } - location / { - # Redirection technique explainted at - # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ - error_page 418 = @blue; - error_page 419 = @green; - rewrite ^/$ /en/ redirect; - rewrite ^/(..)/$ /$1/index.html break; - recursive_error_pages on; - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - root /home/test/landing/demo; - } - include conf.d/favicon_robots; -} - - -server { - server_name auditor.test.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - root /dev/null; - include conf.d/talerssl; - location @green { - add_header X-Taler-Deployment-Color green; - root /home/test-green/auditor; - } - location @blue { - add_header X-Taler-Deployment-Color blue; - root /home/test-blue/auditor; - } - location / { - # Redirection technique explainted at - # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ - error_page 418 = @blue; - error_page 419 = @green; - rewrite ^/$ /en/ redirect; - rewrite ^/(..)/$ /$1/index.html break; - recursive_error_pages on; - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - root /home/test/auditor; - } - include conf.d/favicon_robots; -} - - -server { - server_name exchange.test.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - root /dev/null; - include conf.d/talerssl; - location @blue-admin { - add_header X-Taler-Deployment-Color blue; - proxy_pass http://unix:/home/test-blue/sockets/exchange-admin.http; - proxy_redirect off; - proxy_set_header Host $host; - } - location @green-admin { - add_header X-Taler-Deployment-Color green; - proxy_pass http://unix:/home/test-green/sockets/exchange-admin.http; - proxy_redirect off; - proxy_set_header Host $host; - } - - location @blue { - add_header X-Taler-Deployment-Color blue; - proxy_pass http://unix:/home/test-blue/sockets/exchange.http; - proxy_redirect off; - proxy_set_header Host $host; - } - - location @green { - add_header X-Taler-Deployment-Color green; - proxy_pass http://unix:/home/test-green/sockets/exchange.http; - proxy_redirect off; - proxy_set_header Host $host; - } - - location /admin { - error_page 418 = @blue-admin; - error_page 419 = @green-admin; - recursive_error_pages on; - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - proxy_pass http://unix:/home/test/sockets/exchange-admin.http; - proxy_redirect off; - proxy_set_header Host $host; - } - - location / { - error_page 418 = @blue; - error_page 419 = @green; - recursive_error_pages on; - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - proxy_pass http://unix:/home/test/sockets/exchange.http:/; - proxy_redirect off; - proxy_set_header Host $host; - } -} - - -server { - server_name shop.test.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - root /dev/null; - include conf.d/talerssl; - - location @blue { - add_header X-Taler-Deployment-Color blue; - uwsgi_pass unix:/home/test-blue/sockets/shop.uwsgi; - include /etc/nginx/uwsgi_params; - } - location @green { - add_header X-Taler-Deployment-Color green; - uwsgi_pass unix:/home/test-green/sockets/shop.uwsgi; - include /etc/nginx/uwsgi_params; - } - - location / { - # Redirection technique explainted at - # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ - error_page 418 = @blue; - error_page 419 = @green; - recursive_error_pages on; - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - uwsgi_pass unix:/home/test/sockets/shop.uwsgi; - include /etc/nginx/uwsgi_params; - } - - include conf.d/favicon_robots; -} - - -server { - server_name playground.test.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - root /dev/null; - include conf.d/talerssl; - - location @blue { - add_header X-Taler-Deployment-Color blue; - uwsgi_pass unix:/home/test-blue/sockets/playground.uwsgi; - include /etc/nginx/uwsgi_params; - } - location @green { - add_header X-Taler-Deployment-Color green; - uwsgi_pass unix:/home/test-green/sockets/playground.uwsgi; - include /etc/nginx/uwsgi_params; - } - - location / { - # Redirection technique explainted at - # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ - error_page 418 = @blue; - error_page 419 = @green; - recursive_error_pages on; - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - uwsgi_pass unix:/home/test/sockets/playground.uwsgi; - include /etc/nginx/uwsgi_params; - } - - include conf.d/favicon_robots; -} - - -server { - server_name backend.test.taler.net; - listen 443 ssl; - listen 80; - listen [::]:443 ssl; - listen [::]:80; - include conf.d/talerssl; - - location @blue { - add_header X-Taler-Deployment-Color blue; - proxy_pass http://unix:/home/test-blue/sockets/merchant.http; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host "backend.test.taler.net"; - proxy_set_header X-Forwarded-Proto "https"; - } - location @green { - add_header X-Taler-Deployment-Color green; - proxy_pass http://unix:/home/test-green/sockets/merchant.http; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host "backend.test.taler.net"; - proxy_set_header X-Forwarded-Proto "https"; - } - - location /public { - # Redirection technique explainted at - # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ - error_page 418 = @blue; - error_page 419 = @green; - recursive_error_pages on; - - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - proxy_set_header X-Forwarded-Host "backend.test.taler.net"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_pass http://unix:/home/test/sockets/merchant.http:/public; - proxy_redirect off; - proxy_set_header Host $host; - } - - location / { - # Redirection technique explainted at - # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ - error_page 418 = @blue; - error_page 419 = @green; - recursive_error_pages on; - - # match the ApiKey part ignoring case, and the actual key - # with case-sensitivity on. - if ($http_authorization !~ "(?i)ApiKey (?-i)sandbox") { - return 401; - } - - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - proxy_set_header X-Forwarded-Host "backend.test.taler.net"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_pass http://unix:/home/test/sockets/merchant.http:/; - proxy_redirect off; - proxy_set_header Host $host; - } -} - - -server { - server_name survey.test.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - include conf.d/talerssl; - - location / { - uwsgi_pass unix:/home/test/sockets/survey.uwsgi; - include /etc/nginx/uwsgi_params; - } -} - -server { - server_name donations.test.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - include conf.d/talerssl; - - location @blue { - add_header X-Taler-Deployment-Color blue; - uwsgi_pass unix:/home/test-blue/sockets/donations.uwsgi; - include /etc/nginx/uwsgi_params; - } - location @green { - add_header X-Taler-Deployment-Color green; - uwsgi_pass unix:/home/test-green/sockets/donations.uwsgi; - include /etc/nginx/uwsgi_params; - } - - location / { - # Redirection technique explainted at - # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ - error_page 418 = @blue; - error_page 419 = @green; - recursive_error_pages on; - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - uwsgi_pass unix:/home/test/sockets/donations.uwsgi; - include /etc/nginx/uwsgi_params; - } - - include conf.d/favicon_robots; -} - - -server { - server_name bank.test.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - include conf.d/talerssl; - - location @blue { - add_header X-Taler-Deployment-Color blue; - uwsgi_pass unix:/home/test-blue/sockets/bank.uwsgi; - include /etc/nginx/uwsgi_params; - } - location @green { - add_header X-Taler-Deployment-Color green; - uwsgi_pass unix:/home/test-green/sockets/bank.uwsgi; - include /etc/nginx/uwsgi_params; - } - - location / { - # Redirection technique explainted at - # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ - error_page 418 = @blue; - error_page 419 = @green; - recursive_error_pages on; - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - uwsgi_pass unix:/home/test/sockets/bank.uwsgi; - include /etc/nginx/uwsgi_params; - } - - include conf.d/favicon_robots; -} - -server { - server_name backoffice.test.taler.net; - listen 443 ssl; - listen [::]:443 ssl; - include conf.d/talerssl; - - location @blue { - add_header X-Taler-Deployment-Color blue; - uwsgi_pass unix:/home/test-blue/sockets/backoffice.uwsgi; - include /etc/nginx/uwsgi_params; - } - location @green { - add_header X-Taler-Deployment-Color green; - uwsgi_pass unix:/home/test-green/sockets/backoffice.uwsgi; - include /etc/nginx/uwsgi_params; - } - - location / { - # Redirection technique explainted at - # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ - error_page 418 = @blue; - error_page 419 = @green; - recursive_error_pages on; - if ($http_x_taler_deployment_color ~ "blue") { return 418; } - if ($http_x_taler_deployment_color ~ "green") { return 419; } - uwsgi_pass unix:/home/test/sockets/backoffice.uwsgi; - include /etc/nginx/uwsgi_params; - } - - include conf.d/favicon_robots; -} diff --git a/guix/etc/nginx/sites-enabled/trollslayer.site b/guix/etc/nginx/sites-enabled/trollslayer.site deleted file mode 100644 index 1767fe6..0000000 --- a/guix/etc/nginx/sites-enabled/trollslayer.site +++ /dev/null @@ -1,16 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/www/trollslayer/; - - # Make site accessible from http://localhost/ - server_name trollslayer.decentralise.rennes.inria.fr; - - location / { - proxy_pass http://gnunet.org:20070/shell/; - proxy_redirect off; - proxy_set_header Host $host; - } -} diff --git a/guix/etc/nginx/sites-enabled/www-ssl.site b/guix/etc/nginx/sites-enabled/www-ssl.site deleted file mode 100644 index d7776b3..0000000 --- a/guix/etc/nginx/sites-enabled/www-ssl.site +++ /dev/null @@ -1,59 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - #listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - - # Make site accessible from http://localhost/ - server_name taler.net; - server_name www.taler.net; - include conf.d/talerssl; - - location / { - root /home/docbuilder/www.taler.net; - autoindex off; - ssi on; - #ssi_last_modified on; - - rewrite ^/$ /$index_redirect_uri/ redirect; - - rewrite ^/(..)/$ /$1/index.html break; - - rewrite ^/(help/empty-wallet)$ /$1.html break; - rewrite ^/wallet-installation\.html$ /en/wallet.html redirect; - # just to get around cached old redirect - rewrite ^/wallet\.en\.html$ /en/wallet.html redirect; - rewrite ^/wallet$ /en/wallet.html redirect; - rewrite ^/press$ /en/press.html redirect; - } - - gzip on; - gzip_disable "msie6"; - gzip_vary on; - gzip_proxied any; - gzip_comp_level 6; - gzip_buffers 16 8k; - gzip_http_version 1.1; - gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript; - - - # Note: this will go to /var/www/(videos|releases), which we took out of Git - location /videos { - root /var/www; - expires max; - } - - location ~* /videos/.*\.(png|jpg|ogv|webm|gif|svg)$ { - root /var/www; - expires max; - } - - location /releases { - root /var/www; - autoindex on; - } - - location /files { - root /var/www; - } -} diff --git a/guix/etc/nginx/sites-enabled/www-stage.site b/guix/etc/nginx/sites-enabled/www-stage.site deleted file mode 100644 index e8a988b..0000000 --- a/guix/etc/nginx/sites-enabled/www-stage.site +++ /dev/null @@ -1,78 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /home/docbuilder/stage.taler.net; - - # Make site accessible from http://localhost/ - server_name stage.taler.net; - - rewrite ^ https://$server_name$request_uri? permanent; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - #listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - - # Make site accessible from http://localhost/ - server_name stage.taler.net; - include conf.d/talerssl; - - location / { - root /home/docbuilder/stage.taler.net; - autoindex off; - - rewrite ^/$ /$index_redirect_uri/ redirect; - - rewrite ^/(..)/$ /$1/index.html break; - - rewrite ^/(help/empty-wallet)$ /$1.html break; - rewrite ^/wallet-installation\.html$ /en/wallet.html redirect; - # just to get around cached old redirect - rewrite ^/wallet\.en\.html$ /en/wallet.html redirect; - rewrite ^/wallet$ /en/wallet.html redirect; - rewrite ^/press$ /en/press.html redirect; - - } - - gzip on; - gzip_disable "msie6"; - gzip_vary on; - gzip_proxied any; - gzip_comp_level 6; - gzip_buffers 16 8k; - gzip_http_version 1.1; - gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript; - - - # Note: this will go to /var/www/(videos|releases), which we took out of Git - location /videos { - root /var/www; - expires max; - } - - location ~* /videos/.*\.(png|jpg|ogv|webm|gif|svg)$ { - root /var/www; - expires max; - } - - # FIXME: this location newest files are from Oct'16 - location /releases { - root /var/www; - autoindex on; - } - - location /files { - root /var/www; - } - - location ~* \.(png|jpg|jpeg|gif|ico|svg|js|css)$ { - root /home/docbuilder/stage.taler.net; - expires 1y; - } - - -} diff --git a/guix/etc/nginx/sites-enabled/www.git-ssl.site b/guix/etc/nginx/sites-enabled/www.git-ssl.site deleted file mode 100644 index 5ba4831..0000000 --- a/guix/etc/nginx/sites-enabled/www.git-ssl.site +++ /dev/null @@ -1,11 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/git; - server_name www.git.taler.net; - include conf.d/talerssl; - - rewrite ^ https://git.taler.net/ permanent; -} diff --git a/guix/etc/nginx/sites-enabled/www.git.site b/guix/etc/nginx/sites-enabled/www.git.site deleted file mode 100644 index 645923f..0000000 --- a/guix/etc/nginx/sites-enabled/www.git.site +++ /dev/null @@ -1,10 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /var/git; - server_name www.git.taler.net; - - rewrite ^ https://git.taler.net/ permanent; -} diff --git a/guix/etc/nginx/sites-enabled/www.site b/guix/etc/nginx/sites-enabled/www.site deleted file mode 100644 index ae178e5..0000000 --- a/guix/etc/nginx/sites-enabled/www.site +++ /dev/null @@ -1,13 +0,0 @@ -server { - listen 80; - listen [::]:80; ## listen for ipv4; this line is default and implied - # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 - - root /home/docbuilder/www.taler.net; - - # Make site accessible from http://localhost/ - server_name taler.net; - server_name www.taler.net; - - rewrite ^ https://$server_name$request_uri? permanent; -} |