From b03a3623188e2f7e32ca226877f6f4a28d4471db Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Tue, 1 Mar 2016 23:28:27 +0100 Subject: add whole nginx config --- etc/nginx/fastcgi.conf | 26 +++++ etc/nginx/fastcgi_params | 25 +++++ etc/nginx/koi-utf | 109 +++++++++++++++++++++ etc/nginx/koi-win | 103 ++++++++++++++++++++ etc/nginx/mime.types | 89 ++++++++++++++++++ etc/nginx/nginx.conf | 96 +++++++++++++++++++ etc/nginx/nginx.conf.dpkg-dist | 85 +++++++++++++++++ etc/nginx/proxy_params | 4 + etc/nginx/scgi_params | 17 ++++ etc/nginx/sites-available/blog-demo.site | 43 +++++++++ etc/nginx/sites-available/default.site | 86 +++++++++++++++++ etc/nginx/sites-available/ghm_videos.site | 25 +++++ etc/nginx/sites-enabled/api-ssl.site | 26 +++++ etc/nginx/sites-enabled/api.site | 16 ++++ etc/nginx/sites-enabled/bank-demo-ssl.site | 28 ++++++ etc/nginx/sites-enabled/bank-demo.site | 31 ++++++ etc/nginx/sites-enabled/bank-test-ssl.site | 28 ++++++ etc/nginx/sites-enabled/bank-test.site | 37 ++++++++ etc/nginx/sites-enabled/blog-demo-ssl.site | 50 ++++++++++ etc/nginx/sites-enabled/blog-demo.site | 43 +++++++++ etc/nginx/sites-enabled/blog-test-ssl.site | 49 ++++++++++ etc/nginx/sites-enabled/blog-test.site | 43 +++++++++ etc/nginx/sites-enabled/buildbot-ssl.site | 25 +++++ etc/nginx/sites-enabled/buildbot.site | 16 ++++ etc/nginx/sites-enabled/decentralise-ssl.site | 21 +++++ etc/nginx/sites-enabled/decentralise.site | 12 +++ etc/nginx/sites-enabled/demo-ssl.site | 34 +++++++ etc/nginx/sites-enabled/demo.site | 20 ++++ etc/nginx/sites-enabled/drupal-demo-ssl.site | 49 ++++++++++ etc/nginx/sites-enabled/drupal-demo.site | 40 ++++++++ etc/nginx/sites-enabled/exchange-demo-ssl.site | 25 +++++ etc/nginx/sites-enabled/exchange-demo.site | 15 +++ etc/nginx/sites-enabled/exchange-test-ssl.site | 24 +++++ etc/nginx/sites-enabled/exchange-test.site | 15 +++ etc/nginx/sites-enabled/gauger-ssl.site | 25 +++++ etc/nginx/sites-enabled/gauger.site | 16 ++++ etc/nginx/sites-enabled/git-ssl.site | 21 +++++ etc/nginx/sites-enabled/git.site | 12 +++ etc/nginx/sites-enabled/lcov-ssl.site | 25 +++++ etc/nginx/sites-enabled/lcov.site | 16 ++++ etc/nginx/sites-enabled/mint-demo-ssl.site | 24 +++++ etc/nginx/sites-enabled/mint-demo.site | 15 +++ etc/nginx/sites-enabled/mint-test-ssl.site | 24 +++++ etc/nginx/sites-enabled/mint-test.site | 15 +++ etc/nginx/sites-enabled/shop-demo-ssl.site | 54 +++++++++++ etc/nginx/sites-enabled/shop-demo.site | 47 ++++++++++ etc/nginx/sites-enabled/shop-test-ssl.site | 54 +++++++++++ etc/nginx/sites-enabled/shop-test.site | 48 ++++++++++ etc/nginx/sites-enabled/test | 15 +++ etc/nginx/sites-enabled/test.site | 9 ++ etc/nginx/sites-enabled/trollslayer.site | 15 +++ etc/nginx/sites-enabled/www-ssl.site | 36 +++++++ etc/nginx/sites-enabled/www.git-ssl.site | 32 +++++++ etc/nginx/sites-enabled/www.git.site | 23 +++++ etc/nginx/sites-enabled/www.site | 25 +++++ etc/nginx/talerssl | 9 ++ etc/nginx/uwsgi_params | 17 ++++ etc/nginx/win-utf | 125 +++++++++++++++++++++++++ 58 files changed, 2057 insertions(+) create mode 100644 etc/nginx/fastcgi.conf create mode 100644 etc/nginx/fastcgi_params create mode 100644 etc/nginx/koi-utf create mode 100644 etc/nginx/koi-win create mode 100644 etc/nginx/mime.types create mode 100644 etc/nginx/nginx.conf create mode 100644 etc/nginx/nginx.conf.dpkg-dist create mode 100644 etc/nginx/proxy_params create mode 100644 etc/nginx/scgi_params create mode 100644 etc/nginx/sites-available/blog-demo.site create mode 100644 etc/nginx/sites-available/default.site create mode 100644 etc/nginx/sites-available/ghm_videos.site create mode 100644 etc/nginx/sites-enabled/api-ssl.site create mode 100644 etc/nginx/sites-enabled/api.site create mode 100644 etc/nginx/sites-enabled/bank-demo-ssl.site create mode 100644 etc/nginx/sites-enabled/bank-demo.site create mode 100644 etc/nginx/sites-enabled/bank-test-ssl.site create mode 100644 etc/nginx/sites-enabled/bank-test.site create mode 100644 etc/nginx/sites-enabled/blog-demo-ssl.site create mode 100644 etc/nginx/sites-enabled/blog-demo.site create mode 100644 etc/nginx/sites-enabled/blog-test-ssl.site create mode 100644 etc/nginx/sites-enabled/blog-test.site create mode 100644 etc/nginx/sites-enabled/buildbot-ssl.site create mode 100644 etc/nginx/sites-enabled/buildbot.site create mode 100644 etc/nginx/sites-enabled/decentralise-ssl.site create mode 100644 etc/nginx/sites-enabled/decentralise.site create mode 100644 etc/nginx/sites-enabled/demo-ssl.site create mode 100644 etc/nginx/sites-enabled/demo.site create mode 100644 etc/nginx/sites-enabled/drupal-demo-ssl.site create mode 100644 etc/nginx/sites-enabled/drupal-demo.site create mode 100644 etc/nginx/sites-enabled/exchange-demo-ssl.site create mode 100644 etc/nginx/sites-enabled/exchange-demo.site create mode 100644 etc/nginx/sites-enabled/exchange-test-ssl.site create mode 100644 etc/nginx/sites-enabled/exchange-test.site create mode 100644 etc/nginx/sites-enabled/gauger-ssl.site create mode 100644 etc/nginx/sites-enabled/gauger.site create mode 100644 etc/nginx/sites-enabled/git-ssl.site create mode 100644 etc/nginx/sites-enabled/git.site create mode 100644 etc/nginx/sites-enabled/lcov-ssl.site create mode 100644 etc/nginx/sites-enabled/lcov.site create mode 100644 etc/nginx/sites-enabled/mint-demo-ssl.site create mode 100644 etc/nginx/sites-enabled/mint-demo.site create mode 100644 etc/nginx/sites-enabled/mint-test-ssl.site create mode 100644 etc/nginx/sites-enabled/mint-test.site create mode 100644 etc/nginx/sites-enabled/shop-demo-ssl.site create mode 100644 etc/nginx/sites-enabled/shop-demo.site create mode 100644 etc/nginx/sites-enabled/shop-test-ssl.site create mode 100644 etc/nginx/sites-enabled/shop-test.site create mode 100644 etc/nginx/sites-enabled/test create mode 100644 etc/nginx/sites-enabled/test.site create mode 100644 etc/nginx/sites-enabled/trollslayer.site create mode 100644 etc/nginx/sites-enabled/www-ssl.site create mode 100644 etc/nginx/sites-enabled/www.git-ssl.site create mode 100644 etc/nginx/sites-enabled/www.git.site create mode 100644 etc/nginx/sites-enabled/www.site create mode 100644 etc/nginx/talerssl create mode 100644 etc/nginx/uwsgi_params create mode 100644 etc/nginx/win-utf (limited to 'etc') diff --git a/etc/nginx/fastcgi.conf b/etc/nginx/fastcgi.conf new file mode 100644 index 0000000..091738c --- /dev/null +++ b/etc/nginx/fastcgi.conf @@ -0,0 +1,26 @@ + +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/etc/nginx/fastcgi_params b/etc/nginx/fastcgi_params new file mode 100644 index 0000000..28decb9 --- /dev/null +++ b/etc/nginx/fastcgi_params @@ -0,0 +1,25 @@ + +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/etc/nginx/koi-utf b/etc/nginx/koi-utf new file mode 100644 index 0000000..e7974ff --- /dev/null +++ b/etc/nginx/koi-utf @@ -0,0 +1,109 @@ + +# This map is not a full koi8-r <> utf8 map: it does not contain +# box-drawing and some other characters. Besides this map contains +# several koi8-u and Byelorussian letters which are not in koi8-r. +# If you need a full and standard map, use contrib/unicode2nginx/koi-utf +# map instead. + +charset_map koi8-r utf-8 { + + 80 E282AC ; # euro + + 95 E280A2 ; # bullet + + 9A C2A0 ; #   + + 9E C2B7 ; # · + + A3 D191 ; # small yo + A4 D194 ; # small Ukrainian ye + + A6 D196 ; # small Ukrainian i + A7 D197 ; # small Ukrainian yi + + AD D291 ; # small Ukrainian soft g + AE D19E ; # small Byelorussian short u + + B0 C2B0 ; # ° + + B3 D081 ; # capital YO + B4 D084 ; # capital Ukrainian YE + + B6 D086 ; # capital Ukrainian I + B7 D087 ; # capital Ukrainian YI + + B9 E28496 ; # numero sign + + BD D290 ; # capital Ukrainian soft G + BE D18E ; # capital Byelorussian short U + + BF C2A9 ; # (C) + + C0 D18E ; # small yu + C1 D0B0 ; # small a + C2 D0B1 ; # small b + C3 D186 ; # small ts + C4 D0B4 ; # small d + C5 D0B5 ; # small ye + C6 D184 ; # small f + C7 D0B3 ; # small g + C8 D185 ; # small kh + C9 D0B8 ; # small i + CA D0B9 ; # small j + CB D0BA ; # small k + CC D0BB ; # small l + CD D0BC ; # small m + CE D0BD ; # small n + CF D0BE ; # small o + + D0 D0BF ; # small p + D1 D18F ; # small ya + D2 D180 ; # small r + D3 D181 ; # small s + D4 D182 ; # small t + D5 D183 ; # small u + D6 D0B6 ; # small zh + D7 D0B2 ; # small v + D8 D18C ; # small soft sign + D9 D18B ; # small y + DA D0B7 ; # small z + DB D188 ; # small sh + DC D18D ; # small e + DD D189 ; # small shch + DE D187 ; # small ch + DF D18A ; # small hard sign + + E0 D0AE ; # capital YU + E1 D090 ; # capital A + E2 D091 ; # capital B + E3 D0A6 ; # capital TS + E4 D094 ; # capital D + E5 D095 ; # capital YE + E6 D0A4 ; # capital F + E7 D093 ; # capital G + E8 D0A5 ; # capital KH + E9 D098 ; # capital I + EA D099 ; # capital J + EB D09A ; # capital K + EC D09B ; # capital L + ED D09C ; # capital M + EE D09D ; # capital N + EF D09E ; # capital O + + F0 D09F ; # capital P + F1 D0AF ; # capital YA + F2 D0A0 ; # capital R + F3 D0A1 ; # capital S + F4 D0A2 ; # capital T + F5 D0A3 ; # capital U + F6 D096 ; # capital ZH + F7 D092 ; # capital V + F8 D0AC ; # capital soft sign + F9 D0AB ; # capital Y + FA D097 ; # capital Z + FB D0A8 ; # capital SH + FC D0AD ; # capital E + FD D0A9 ; # capital SHCH + FE D0A7 ; # capital CH + FF D0AA ; # capital hard sign +} diff --git a/etc/nginx/koi-win b/etc/nginx/koi-win new file mode 100644 index 0000000..72afabe --- /dev/null +++ b/etc/nginx/koi-win @@ -0,0 +1,103 @@ + +charset_map koi8-r windows-1251 { + + 80 88 ; # euro + + 95 95 ; # bullet + + 9A A0 ; #   + + 9E B7 ; # · + + A3 B8 ; # small yo + A4 BA ; # small Ukrainian ye + + A6 B3 ; # small Ukrainian i + A7 BF ; # small Ukrainian yi + + AD B4 ; # small Ukrainian soft g + AE A2 ; # small Byelorussian short u + + B0 B0 ; # ° + + B3 A8 ; # capital YO + B4 AA ; # capital Ukrainian YE + + B6 B2 ; # capital Ukrainian I + B7 AF ; # capital Ukrainian YI + + B9 B9 ; # numero sign + + BD A5 ; # capital Ukrainian soft G + BE A1 ; # capital Byelorussian short U + + BF A9 ; # (C) + + C0 FE ; # small yu + C1 E0 ; # small a + C2 E1 ; # small b + C3 F6 ; # small ts + C4 E4 ; # small d + C5 E5 ; # small ye + C6 F4 ; # small f + C7 E3 ; # small g + C8 F5 ; # small kh + C9 E8 ; # small i + CA E9 ; # small j + CB EA ; # small k + CC EB ; # small l + CD EC ; # small m + CE ED ; # small n + CF EE ; # small o + + D0 EF ; # small p + D1 FF ; # small ya + D2 F0 ; # small r + D3 F1 ; # small s + D4 F2 ; # small t + D5 F3 ; # small u + D6 E6 ; # small zh + D7 E2 ; # small v + D8 FC ; # small soft sign + D9 FB ; # small y + DA E7 ; # small z + DB F8 ; # small sh + DC FD ; # small e + DD F9 ; # small shch + DE F7 ; # small ch + DF FA ; # small hard sign + + E0 DE ; # capital YU + E1 C0 ; # capital A + E2 C1 ; # capital B + E3 D6 ; # capital TS + E4 C4 ; # capital D + E5 C5 ; # capital YE + E6 D4 ; # capital F + E7 C3 ; # capital G + E8 D5 ; # capital KH + E9 C8 ; # capital I + EA C9 ; # capital J + EB CA ; # capital K + EC CB ; # capital L + ED CC ; # capital M + EE CD ; # capital N + EF CE ; # capital O + + F0 CF ; # capital P + F1 DF ; # capital YA + F2 D0 ; # capital R + F3 D1 ; # capital S + F4 D2 ; # capital T + F5 D3 ; # capital U + F6 C6 ; # capital ZH + F7 C2 ; # capital V + F8 DC ; # capital soft sign + F9 DB ; # capital Y + FA C7 ; # capital Z + FB D8 ; # capital SH + FC DD ; # capital E + FD D9 ; # capital SHCH + FE D7 ; # capital CH + FF DA ; # capital hard sign +} diff --git a/etc/nginx/mime.types b/etc/nginx/mime.types new file mode 100644 index 0000000..89be9a4 --- /dev/null +++ b/etc/nginx/mime.types @@ -0,0 +1,89 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + image/svg+xml svg svgz; + image/webp webp; + + application/font-woff woff; + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.wap.wmlc wmlc; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf new file mode 100644 index 0000000..5ef5926 --- /dev/null +++ b/etc/nginx/nginx.conf @@ -0,0 +1,96 @@ +user www-data; +worker_processes 4; +pid /var/run/nginx.pid; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + server_tokens off; + + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + gzip_disable "msie6"; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # nginx-naxsi config + ## + # Uncomment it if you installed nginx-naxsi + ## + + #include /etc/nginx/naxsi_core.rules; + + ## + # nginx-passenger config + ## + # Uncomment it if you installed nginx-passenger + ## + + #passenger_root /usr; + #passenger_ruby /usr/bin/ruby; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*.site; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/etc/nginx/nginx.conf.dpkg-dist b/etc/nginx/nginx.conf.dpkg-dist new file mode 100644 index 0000000..01a4a21 --- /dev/null +++ b/etc/nginx/nginx.conf.dpkg-dist @@ -0,0 +1,85 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + gzip_disable "msie6"; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/etc/nginx/proxy_params b/etc/nginx/proxy_params new file mode 100644 index 0000000..df75bc5 --- /dev/null +++ b/etc/nginx/proxy_params @@ -0,0 +1,4 @@ +proxy_set_header Host $http_host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; diff --git a/etc/nginx/scgi_params b/etc/nginx/scgi_params new file mode 100644 index 0000000..6d4ce4f --- /dev/null +++ b/etc/nginx/scgi_params @@ -0,0 +1,17 @@ + +scgi_param REQUEST_METHOD $request_method; +scgi_param REQUEST_URI $request_uri; +scgi_param QUERY_STRING $query_string; +scgi_param CONTENT_TYPE $content_type; + +scgi_param DOCUMENT_URI $document_uri; +scgi_param DOCUMENT_ROOT $document_root; +scgi_param SCGI 1; +scgi_param SERVER_PROTOCOL $server_protocol; +scgi_param REQUEST_SCHEME $scheme; +scgi_param HTTPS $https if_not_empty; + +scgi_param REMOTE_ADDR $remote_addr; +scgi_param REMOTE_PORT $remote_port; +scgi_param SERVER_PORT $server_port; +scgi_param SERVER_NAME $server_name; diff --git a/etc/nginx/sites-available/blog-demo.site b/etc/nginx/sites-available/blog-demo.site new file mode 100644 index 0000000..a48a036 --- /dev/null +++ b/etc/nginx/sites-available/blog-demo.site @@ -0,0 +1,43 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name blog.demo.taler.net; + + root /home/demo/merchant/src/frontend_blog; + index index.html; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + + } + + location /fullfillment { + rewrite /(.*) /$1.php; + + } + + location /articles { + + internal; + } + + location ~ \.php$ { + + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:19966; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx/sites-available/default.site b/etc/nginx/sites-available/default.site new file mode 100644 index 0000000..79e41e8 --- /dev/null +++ b/etc/nginx/sites-available/default.site @@ -0,0 +1,86 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# http://wiki.nginx.org/Pitfalls +# http://wiki.nginx.org/QuickStart +# http://wiki.nginx.org/Configuration +# +# Generally, you will want to move this file somewhere, and start with a clean +# file but keep this around for reference. Or just disable in sites-enabled. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { + listen 80 default_server; + listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name _; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php5-cgi alone: + # fastcgi_pass 127.0.0.1:9000; + # # With php5-fpm: + # fastcgi_pass unix:/var/run/php5-fpm.sock; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/etc/nginx/sites-available/ghm_videos.site b/etc/nginx/sites-available/ghm_videos.site new file mode 100644 index 0000000..c438e7f --- /dev/null +++ b/etc/nginx/sites-available/ghm_videos.site @@ -0,0 +1,25 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/taler.net; + + # Make site accessible from http://localhost/ + server_name taler.net; + server_name www.taler.net; + + rewrite ^ https://$server_name$request_uri? permanent; + +# location / { +# autoindex off; +# ssi on; +## ssi_last_modified on; +# rewrite /citizens /citizens.html break; +# rewrite /developers /developers.html break; +# rewrite /merchants /merchants.html break; +# rewrite /governments /governments.html break; +# rewrite /investors /investors.html break; +# rewrite /about /about.html break; +# rewrite /news /news.html break; +# } +} diff --git a/etc/nginx/sites-enabled/api-ssl.site b/etc/nginx/sites-enabled/api-ssl.site new file mode 100644 index 0000000..853a108 --- /dev/null +++ b/etc/nginx/sites-enabled/api-ssl.site @@ -0,0 +1,26 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/api.taler.net/_build/html; + + # Make site accessible from http://localhost/ + server_name api.taler.net; + server_name www.api.taler.net; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + autoindex off; + ssi on; +# ssi_last_modified on; + } +} diff --git a/etc/nginx/sites-enabled/api.site b/etc/nginx/sites-enabled/api.site new file mode 100644 index 0000000..1ca56bd --- /dev/null +++ b/etc/nginx/sites-enabled/api.site @@ -0,0 +1,16 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/api.taler.net/_build/html; + + # Make site accessible from http://localhost/ + server_name api.taler.net; + server_name www.api.taler.net; + + location / { + autoindex off; + ssi on; +# ssi_last_modified on; + } +} diff --git a/etc/nginx/sites-enabled/bank-demo-ssl.site b/etc/nginx/sites-enabled/bank-demo-ssl.site new file mode 100644 index 0000000..e682d08 --- /dev/null +++ b/etc/nginx/sites-enabled/bank-demo-ssl.site @@ -0,0 +1,28 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/demo/bank/website; + index index.php; + + # Make site accessible from http://localhost/ + server_name bank.demo.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; + +} diff --git a/etc/nginx/sites-enabled/bank-demo.site b/etc/nginx/sites-enabled/bank-demo.site new file mode 100644 index 0000000..12781ab --- /dev/null +++ b/etc/nginx/sites-enabled/bank-demo.site @@ -0,0 +1,31 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/demo/bank/website; + index index.php; + + # Make site accessible from http://localhost/ + server_name bank.demo.taler.net; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + +# To be uncommented when testing Django bank +# location ~ ^/auth/static { +# root /home/demo/bank/TalerBank/Bank/templates; +# rewrite /auth/static/(.*) /$1 break; +# } +# +# # Reach Django +# location ~ ^/(auth|admin) { +# uwsgi_pass django; +# include /home/demo/bank/TalerBank/uwsgi_params; +# } + + rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; + +} diff --git a/etc/nginx/sites-enabled/bank-test-ssl.site b/etc/nginx/sites-enabled/bank-test-ssl.site new file mode 100644 index 0000000..5975adc --- /dev/null +++ b/etc/nginx/sites-enabled/bank-test-ssl.site @@ -0,0 +1,28 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/test/bank/website; + index index.php; + + # Make site accessible from http://localhost/ + server_name bank.test.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + rewrite ^/shop $scheme://shop.test.taler.net/ redirect; + rewrite ^/mint $scheme://mint.demo.taler.net/ redirect; +} diff --git a/etc/nginx/sites-enabled/bank-test.site b/etc/nginx/sites-enabled/bank-test.site new file mode 100644 index 0000000..2664780 --- /dev/null +++ b/etc/nginx/sites-enabled/bank-test.site @@ -0,0 +1,37 @@ +upstream django { + server 127.0.0.1:8000; +} + +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/test/bank/website; + index index.php; + + # Make site accessible from http://localhost/ + server_name bank.test.taler.net; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location ~ ^/auth/static { + rewrite /auth/static/(.*) /static/$1 break; + uwsgi_pass django; + include /home/test/bank/TalerBank/uwsgi_params; + + } + + # Reach Django + location ~ ^/(auth|admin|static) { + uwsgi_pass django; + include /home/test/bank/TalerBank/uwsgi_params; + } + + rewrite ^/shop$ $scheme://shop.test.taler.net/ redirect; + rewrite ^/mint$ $scheme://mint.demo.taler.net/ redirect; + rewrite ^/mint/(.*)$ $scheme://mint.demo.taler.net/$1 redirect; +} diff --git a/etc/nginx/sites-enabled/blog-demo-ssl.site b/etc/nginx/sites-enabled/blog-demo-ssl.site new file mode 100644 index 0000000..447b295 --- /dev/null +++ b/etc/nginx/sites-enabled/blog-demo-ssl.site @@ -0,0 +1,50 @@ +server { + #listen 80; + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name blog.demo.taler.net; + + root /home/demo/merchant/examples/blog/; + index index.html; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + } + + location /fullfillment { + rewrite /(.*) /$1.php; + } + + location /articles { + + internal; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:19966; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx/sites-enabled/blog-demo.site b/etc/nginx/sites-enabled/blog-demo.site new file mode 100644 index 0000000..e28303a --- /dev/null +++ b/etc/nginx/sites-enabled/blog-demo.site @@ -0,0 +1,43 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name blog.demo.taler.net; + + root /home/demo/merchant/examples/blog; + index index.html; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + + } + + location /fullfillment { + rewrite /(.*) /$1.php; + + } + + location /articles { + + internal; + } + + location ~ \.php$ { + + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:9966; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx/sites-enabled/blog-test-ssl.site b/etc/nginx/sites-enabled/blog-test-ssl.site new file mode 100644 index 0000000..c3d84f2 --- /dev/null +++ b/etc/nginx/sites-enabled/blog-test-ssl.site @@ -0,0 +1,49 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name blog.test.taler.net; + + root /home/test/merchant/examples/blog/; + index index.html; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + } + + location /fullfillment { + rewrite /(.*) /$1.php; + } + + location /articles { + + internal; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:19966; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx/sites-enabled/blog-test.site b/etc/nginx/sites-enabled/blog-test.site new file mode 100644 index 0000000..2937763 --- /dev/null +++ b/etc/nginx/sites-enabled/blog-test.site @@ -0,0 +1,43 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name blog.test.taler.net; + + root /home/test/merchant/examples/blog; + index index.html; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + + } + + location /fullfillment { + rewrite /(.*) /$1.php; + + } + + location /articles { + + internal; + } + + location ~ \.php$ { + + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:19966; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx/sites-enabled/buildbot-ssl.site b/etc/nginx/sites-enabled/buildbot-ssl.site new file mode 100644 index 0000000..cbbef7b --- /dev/null +++ b/etc/nginx/sites-enabled/buildbot-ssl.site @@ -0,0 +1,25 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/buildbot/; + + # Make site accessible from http://localhost/ + server_name buildbot.taler.net; + server_name www.buildbot.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + proxy_pass http://localhost:1802; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx/sites-enabled/buildbot.site b/etc/nginx/sites-enabled/buildbot.site new file mode 100644 index 0000000..bec2149 --- /dev/null +++ b/etc/nginx/sites-enabled/buildbot.site @@ -0,0 +1,16 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/buildbot/; + + # Make site accessible from http://localhost/ + server_name buildbot.taler.net; + server_name www.buildbot.taler.net; + + location / { + proxy_pass http://localhost:1802; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx/sites-enabled/decentralise-ssl.site b/etc/nginx/sites-enabled/decentralise-ssl.site new file mode 100644 index 0000000..952986f --- /dev/null +++ b/etc/nginx/sites-enabled/decentralise-ssl.site @@ -0,0 +1,21 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/decentralise; + + # Make site accessible from http://localhost/ + server_name www.decentralise.rennes.inria.fr; + server_name decentralise.rennes.inria.fr; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + rewrite / http://www.inria.fr/en/teams/decentralise redirect; +} diff --git a/etc/nginx/sites-enabled/decentralise.site b/etc/nginx/sites-enabled/decentralise.site new file mode 100644 index 0000000..61c1976 --- /dev/null +++ b/etc/nginx/sites-enabled/decentralise.site @@ -0,0 +1,12 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/decentralise; + + # Make site accessible from http://localhost/ + server_name www.decentralise.rennes.inria.fr; + server_name decentralise.rennes.inria.fr; + + rewrite / http://www.inria.fr/en/teams/decentralise redirect; +} diff --git a/etc/nginx/sites-enabled/demo-ssl.site b/etc/nginx/sites-enabled/demo-ssl.site new file mode 100644 index 0000000..0b2b8da --- /dev/null +++ b/etc/nginx/sites-enabled/demo-ssl.site @@ -0,0 +1,34 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/test/landing/; + index index.html; + + # Make site accessible from http://localhost/ + server_name demo.taler.net; + server_name www.demo.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /extension { + root /home/demo/wallet/wallet_button/firefox_src/xpi/; + rewrite /extension /taler-wallet.xpi break; + } + + rewrite ^/bank $scheme://bank.demo.taler.net/ redirect; + rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; +} diff --git a/etc/nginx/sites-enabled/demo.site b/etc/nginx/sites-enabled/demo.site new file mode 100644 index 0000000..f08f8cd --- /dev/null +++ b/etc/nginx/sites-enabled/demo.site @@ -0,0 +1,20 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/demo/landing/; + index index.html; + + # Make site accessible from http://localhost/ + server_name demo.taler.net; + server_name www.demo.taler.net; + + rewrite ^/bank $scheme://bank.demo.taler.net/ redirect; + rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } +} diff --git a/etc/nginx/sites-enabled/drupal-demo-ssl.site b/etc/nginx/sites-enabled/drupal-demo-ssl.site new file mode 100644 index 0000000..400020e --- /dev/null +++ b/etc/nginx/sites-enabled/drupal-demo-ssl.site @@ -0,0 +1,49 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name drupal.demo.taler.net; + + root /home/demo/drupal-demo; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + # Make site accessible from http://localhost/ + +# location / { +# try_files $uri $uri/ =404; +# rewrite /taler/pay /pay.php; +# rewrite /taler/contract /generate_taler_contract.php; +# } + +# location /fullfillment { +# rewrite /(.*) /$1.php; +# } + + location ~ \.php$ { + fastcgi_index index.php; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + +# location /backend { +# rewrite /backend/(.*) /$1 break; +# proxy_pass http://127.0.0.1:19966; +# proxy_redirect off; +# proxy_set_header Host $host; +# } + + client_max_body_size 10M; + client_body_buffer_size 128k; + + include apps/drupal/drupal.conf; +} diff --git a/etc/nginx/sites-enabled/drupal-demo.site b/etc/nginx/sites-enabled/drupal-demo.site new file mode 100644 index 0000000..d91c3f7 --- /dev/null +++ b/etc/nginx/sites-enabled/drupal-demo.site @@ -0,0 +1,40 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name drupal.demo.taler.net; + + root /home/demo/drupal-demo; + + # Make site accessible from http://localhost/ + +# location / { +# try_files $uri $uri/ =404; +# rewrite /taler/pay /pay.php; +# rewrite /taler/contract /generate_taler_contract.php; +# } + +# location /fullfillment { +# rewrite /(.*) /$1.php; +# } + + + location ~ \.php$ { + fastcgi_index index.php; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + +# location /backend { +# rewrite /backend/(.*) /$1 break; +# proxy_pass http://127.0.0.1:19966; +# proxy_redirect off; +# proxy_set_header Host $host; +# } + + client_max_body_size 10M; + client_body_buffer_size 128k; + + include apps/drupal/drupal.conf; +} diff --git a/etc/nginx/sites-enabled/exchange-demo-ssl.site b/etc/nginx/sites-enabled/exchange-demo-ssl.site new file mode 100644 index 0000000..5761d4f --- /dev/null +++ b/etc/nginx/sites-enabled/exchange-demo-ssl.site @@ -0,0 +1,25 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name exchange.demo.taler.net; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + proxy_pass http://localhost:4241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx/sites-enabled/exchange-demo.site b/etc/nginx/sites-enabled/exchange-demo.site new file mode 100644 index 0000000..5e8f1b0 --- /dev/null +++ b/etc/nginx/sites-enabled/exchange-demo.site @@ -0,0 +1,15 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name exchange.demo.taler.net; + + location / { + proxy_pass http://localhost:4241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx/sites-enabled/exchange-test-ssl.site b/etc/nginx/sites-enabled/exchange-test-ssl.site new file mode 100644 index 0000000..029bce0 --- /dev/null +++ b/etc/nginx/sites-enabled/exchange-test-ssl.site @@ -0,0 +1,24 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name exchange.test.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + proxy_pass http://localhost:14241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx/sites-enabled/exchange-test.site b/etc/nginx/sites-enabled/exchange-test.site new file mode 100644 index 0000000..2841980 --- /dev/null +++ b/etc/nginx/sites-enabled/exchange-test.site @@ -0,0 +1,15 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name exchange.test.taler.net; + + location / { + proxy_pass http://localhost:14241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx/sites-enabled/gauger-ssl.site b/etc/nginx/sites-enabled/gauger-ssl.site new file mode 100644 index 0000000..42c40ef --- /dev/null +++ b/etc/nginx/sites-enabled/gauger-ssl.site @@ -0,0 +1,25 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/gauger/; + + # Make site accessible from http://localhost/ + server_name gauger.taler.net; + server_name www.gauger.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + proxy_pass http://localhost:1801; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx/sites-enabled/gauger.site b/etc/nginx/sites-enabled/gauger.site new file mode 100644 index 0000000..63e0cdb --- /dev/null +++ b/etc/nginx/sites-enabled/gauger.site @@ -0,0 +1,16 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/gauger/; + + # Make site accessible from http://localhost/ + server_name gauger.taler.net; + server_name www.gauger.taler.net; + + location / { + proxy_pass http://localhost:1801; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx/sites-enabled/git-ssl.site b/etc/nginx/sites-enabled/git-ssl.site new file mode 100644 index 0000000..3ea1af2 --- /dev/null +++ b/etc/nginx/sites-enabled/git-ssl.site @@ -0,0 +1,21 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/git; + # Make site accessible from http://localhost/ + server_name git.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + autoindex off; + } +} diff --git a/etc/nginx/sites-enabled/git.site b/etc/nginx/sites-enabled/git.site new file mode 100644 index 0000000..c194202 --- /dev/null +++ b/etc/nginx/sites-enabled/git.site @@ -0,0 +1,12 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/git; + # Make site accessible from http://localhost/ + server_name git.taler.net; + + location / { + autoindex off; + } +} diff --git a/etc/nginx/sites-enabled/lcov-ssl.site b/etc/nginx/sites-enabled/lcov-ssl.site new file mode 100644 index 0000000..d85486e --- /dev/null +++ b/etc/nginx/sites-enabled/lcov-ssl.site @@ -0,0 +1,25 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/lcov.taler.net/; + + # Make site accessible from http://localhost/ + server_name lcov.taler.net; + server_name www.lcov.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + autoindex off; + ssi off; +# ssi_last_modified on; + } +} diff --git a/etc/nginx/sites-enabled/lcov.site b/etc/nginx/sites-enabled/lcov.site new file mode 100644 index 0000000..1ddfd83 --- /dev/null +++ b/etc/nginx/sites-enabled/lcov.site @@ -0,0 +1,16 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/lcov.taler.net/; + + # Make site accessible from http://localhost/ + server_name lcov.taler.net; + server_name www.lcov.taler.net; + + location / { + autoindex off; + ssi off; +# ssi_last_modified on; + } +} diff --git a/etc/nginx/sites-enabled/mint-demo-ssl.site b/etc/nginx/sites-enabled/mint-demo-ssl.site new file mode 100644 index 0000000..8eeb3c5 --- /dev/null +++ b/etc/nginx/sites-enabled/mint-demo-ssl.site @@ -0,0 +1,24 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name mint.demo.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + proxy_pass http://localhost:4241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx/sites-enabled/mint-demo.site b/etc/nginx/sites-enabled/mint-demo.site new file mode 100644 index 0000000..070d0c9 --- /dev/null +++ b/etc/nginx/sites-enabled/mint-demo.site @@ -0,0 +1,15 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name mint.demo.taler.net; + + location / { + proxy_pass http://localhost:4241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx/sites-enabled/mint-test-ssl.site b/etc/nginx/sites-enabled/mint-test-ssl.site new file mode 100644 index 0000000..2eeea19 --- /dev/null +++ b/etc/nginx/sites-enabled/mint-test-ssl.site @@ -0,0 +1,24 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name mint.test.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + proxy_pass http://localhost:14241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx/sites-enabled/mint-test.site b/etc/nginx/sites-enabled/mint-test.site new file mode 100644 index 0000000..332d72c --- /dev/null +++ b/etc/nginx/sites-enabled/mint-test.site @@ -0,0 +1,15 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name mint.test.taler.net; + + location / { + proxy_pass http://localhost:14241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx/sites-enabled/shop-demo-ssl.site b/etc/nginx/sites-enabled/shop-demo-ssl.site new file mode 100644 index 0000000..8d34446 --- /dev/null +++ b/etc/nginx/sites-enabled/shop-demo-ssl.site @@ -0,0 +1,54 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name shop.demo.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + root /home/demo/merchant/examples/shop/; + index index.php; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + + } + + location /fullfillment { + rewrite /(.*) /$1.php; + } + + location /test/contract { + rewrite (.*) /generate_taler_contract.php?cli_debug=yes; + } + + location /test/contract/frontend { + rewrite (.*) /generate_taler_contract.php?backend_test=no; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:9966; + proxy_redirect off; + proxy_set_header Host $host; + } + + rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; +} diff --git a/etc/nginx/sites-enabled/shop-demo.site b/etc/nginx/sites-enabled/shop-demo.site new file mode 100644 index 0000000..818c13f --- /dev/null +++ b/etc/nginx/sites-enabled/shop-demo.site @@ -0,0 +1,47 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name shop.demo.taler.net; + + root /home/demo/merchant/examples/shop; + index index.php; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + + } + + location /fullfillment { + rewrite /(.*) /$1.php; + + } + + location /test/contract { + rewrite (.*) /generate_taler_contract.php?cli_debug=yes; + } + + location /test/contract/frontend { + rewrite (.*) /generate_taler_contract.php?backend_test=no; + } + + location ~ \.php$ { + + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:9966; + proxy_redirect off; + proxy_set_header Host $host; + } + + rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; +} diff --git a/etc/nginx/sites-enabled/shop-test-ssl.site b/etc/nginx/sites-enabled/shop-test-ssl.site new file mode 100644 index 0000000..5889f02 --- /dev/null +++ b/etc/nginx/sites-enabled/shop-test-ssl.site @@ -0,0 +1,54 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name shop.test.taler.net; + + root /home/test/merchant/examples/shop/; + index index.php; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + } + + location /fullfillment { + rewrite /(.*) /$1.php; + } + + location /test/contract { + rewrite (.*) /generate_taler_contract.php?cli_debug=yes; + } + + location /test/contract/frontend { + rewrite (.*) /generate_taler_contract.php?backend_test=no; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:19966; + proxy_redirect off; + proxy_set_header Host $host; + } + + rewrite ^/shop $scheme://shop.test.taler.net/ redirect; +} diff --git a/etc/nginx/sites-enabled/shop-test.site b/etc/nginx/sites-enabled/shop-test.site new file mode 100644 index 0000000..58fe8c1 --- /dev/null +++ b/etc/nginx/sites-enabled/shop-test.site @@ -0,0 +1,48 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name shop.test.taler.net; + + root /home/test/merchant/examples/shop; + index index.php; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + + } + + location /fullfillment { + rewrite /(.*) /$1.php; + + } + + location /test/contract { + rewrite (.*) /generate_taler_contract.php?cli_debug=yes; + } + + location /test/contract/frontend { + rewrite (.*) /generate_taler_contract.php?backend_test=no; + } + + location ~ \.php$ { + + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:19966; + proxy_redirect off; + proxy_set_header Host $host; + } + + rewrite ^/shop $scheme://shop.test.taler.net/ redirect; +} diff --git a/etc/nginx/sites-enabled/test b/etc/nginx/sites-enabled/test new file mode 100644 index 0000000..629b69d --- /dev/null +++ b/etc/nginx/sites-enabled/test @@ -0,0 +1,15 @@ +root /home/test/landing/; +index index.html; + +# Make site accessible from http://localhost/ +server_name test.taler.net; +server_name www.test.taler.net; + +rewrite ^/bank $scheme://bank.test.taler.net/ redirect; +rewrite ^/shop $scheme://shop.test.taler.net/ redirect; + +location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; +} diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site new file mode 100644 index 0000000..1a277c6 --- /dev/null +++ b/etc/nginx/sites-enabled/test.site @@ -0,0 +1,9 @@ +server { + listen 80; + include sites-enabled/test; +} +server { + listen 443 ssl; + include sites-enabled/test; + include talerssl; +} diff --git a/etc/nginx/sites-enabled/trollslayer.site b/etc/nginx/sites-enabled/trollslayer.site new file mode 100644 index 0000000..c7d5de9 --- /dev/null +++ b/etc/nginx/sites-enabled/trollslayer.site @@ -0,0 +1,15 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/trollslayer/; + + # Make site accessible from http://localhost/ + server_name trollslayer.decentralise.rennes.inria.fr; + + location / { + proxy_pass http://gnunet.org:20070/shell/; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx/sites-enabled/www-ssl.site b/etc/nginx/sites-enabled/www-ssl.site new file mode 100644 index 0000000..e86cafd --- /dev/null +++ b/etc/nginx/sites-enabled/www-ssl.site @@ -0,0 +1,36 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + + # Make site accessible from http://localhost/ + server_name taler.net; + server_name www.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + root /var/www/taler.net; + autoindex off; + ssi on; +# ssi_last_modified on; + rewrite /citizens /citizens.html break; + rewrite /developers /developers.html break; + rewrite /merchants /merchants.html break; + rewrite /governments /governments.html break; + rewrite /investors /investors.html break; + rewrite /about /about.html break; + rewrite /news /news.html break; + } +# Note: this will go to /var/www/videos, which we took out of Git + location /videos/ { + root /var/www; + } +} diff --git a/etc/nginx/sites-enabled/www.git-ssl.site b/etc/nginx/sites-enabled/www.git-ssl.site new file mode 100644 index 0000000..78c4091 --- /dev/null +++ b/etc/nginx/sites-enabled/www.git-ssl.site @@ -0,0 +1,32 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + # Make site accessible from http://localhost/ + server_name www.git.taler.net; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location /index.cgi { + root /usr/share/gitweb/; + + include fastcgi_params; + gzip off; + fastcgi_param SCRIPT_NAME $uri; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + location / { + root /usr/share/gitweb/; + index index.cgi; + } +} diff --git a/etc/nginx/sites-enabled/www.git.site b/etc/nginx/sites-enabled/www.git.site new file mode 100644 index 0000000..54f932f --- /dev/null +++ b/etc/nginx/sites-enabled/www.git.site @@ -0,0 +1,23 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + # Make site accessible from http://localhost/ + server_name www.git.taler.net; + + + location /index.cgi { + root /usr/share/gitweb/; + + include fastcgi_params; + gzip off; + fastcgi_param SCRIPT_NAME $uri; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + location / { + root /usr/share/gitweb/; + index index.cgi; + } +} diff --git a/etc/nginx/sites-enabled/www.site b/etc/nginx/sites-enabled/www.site new file mode 100644 index 0000000..c438e7f --- /dev/null +++ b/etc/nginx/sites-enabled/www.site @@ -0,0 +1,25 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/taler.net; + + # Make site accessible from http://localhost/ + server_name taler.net; + server_name www.taler.net; + + rewrite ^ https://$server_name$request_uri? permanent; + +# location / { +# autoindex off; +# ssi on; +## ssi_last_modified on; +# rewrite /citizens /citizens.html break; +# rewrite /developers /developers.html break; +# rewrite /merchants /merchants.html break; +# rewrite /governments /governments.html break; +# rewrite /investors /investors.html break; +# rewrite /about /about.html break; +# rewrite /news /news.html break; +# } +} diff --git a/etc/nginx/talerssl b/etc/nginx/talerssl new file mode 100644 index 0000000..3deae2c --- /dev/null +++ b/etc/nginx/talerssl @@ -0,0 +1,9 @@ +ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; +ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; +ssl_prefer_server_ciphers on; +ssl_session_cache shared:SSL:10m; +ssl_dhparam /etc/ssl/certs/dhparam.pem; +ssl_protocols TLSv1.2 TLSv1.1 TLSv1; +ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + +add_header Strict-Transport-Security "max-age=63072000; preload"; diff --git a/etc/nginx/uwsgi_params b/etc/nginx/uwsgi_params new file mode 100644 index 0000000..09c732c --- /dev/null +++ b/etc/nginx/uwsgi_params @@ -0,0 +1,17 @@ + +uwsgi_param QUERY_STRING $query_string; +uwsgi_param REQUEST_METHOD $request_method; +uwsgi_param CONTENT_TYPE $content_type; +uwsgi_param CONTENT_LENGTH $content_length; + +uwsgi_param REQUEST_URI $request_uri; +uwsgi_param PATH_INFO $document_uri; +uwsgi_param DOCUMENT_ROOT $document_root; +uwsgi_param SERVER_PROTOCOL $server_protocol; +uwsgi_param REQUEST_SCHEME $scheme; +uwsgi_param HTTPS $https if_not_empty; + +uwsgi_param REMOTE_ADDR $remote_addr; +uwsgi_param REMOTE_PORT $remote_port; +uwsgi_param SERVER_PORT $server_port; +uwsgi_param SERVER_NAME $server_name; diff --git a/etc/nginx/win-utf b/etc/nginx/win-utf new file mode 100644 index 0000000..774fd9f --- /dev/null +++ b/etc/nginx/win-utf @@ -0,0 +1,125 @@ +# This map is not a full windows-1251 <> utf8 map: it does not +# contain Serbian and Macedonian letters. If you need a full map, +# use contrib/unicode2nginx/win-utf map instead. + +charset_map windows-1251 utf-8 { + + 82 E2809A; # single low-9 quotation mark + + 84 E2809E; # double low-9 quotation mark + 85 E280A6; # ellipsis + 86 E280A0; # dagger + 87 E280A1; # double dagger + 88 E282AC; # euro + 89 E280B0; # per mille + + 91 E28098; # left single quotation mark + 92 E28099; # right single quotation mark + 93 E2809C; # left double quotation mark + 94 E2809D; # right double quotation mark + 95 E280A2; # bullet + 96 E28093; # en dash + 97 E28094; # em dash + + 99 E284A2; # trade mark sign + + A0 C2A0; #   + A1 D18E; # capital Byelorussian short U + A2 D19E; # small Byelorussian short u + + A4 C2A4; # currency sign + A5 D290; # capital Ukrainian soft G + A6 C2A6; # borken bar + A7 C2A7; # section sign + A8 D081; # capital YO + A9 C2A9; # (C) + AA D084; # capital Ukrainian YE + AB C2AB; # left-pointing double angle quotation mark + AC C2AC; # not sign + AD C2AD; # soft hypen + AE C2AE; # (R) + AF D087; # capital Ukrainian YI + + B0 C2B0; # ° + B1 C2B1; # plus-minus sign + B2 D086; # capital Ukrainian I + B3 D196; # small Ukrainian i + B4 D291; # small Ukrainian soft g + B5 C2B5; # micro sign + B6 C2B6; # pilcrow sign + B7 C2B7; # · + B8 D191; # small yo + B9 E28496; # numero sign + BA D194; # small Ukrainian ye + BB C2BB; # right-pointing double angle quotation mark + + BF D197; # small Ukrainian yi + + C0 D090; # capital A + C1 D091; # capital B + C2 D092; # capital V + C3 D093; # capital G + C4 D094; # capital D + C5 D095; # capital YE + C6 D096; # capital ZH + C7 D097; # capital Z + C8 D098; # capital I + C9 D099; # capital J + CA D09A; # capital K + CB D09B; # capital L + CC D09C; # capital M + CD D09D; # capital N + CE D09E; # capital O + CF D09F; # capital P + + D0 D0A0; # capital R + D1 D0A1; # capital S + D2 D0A2; # capital T + D3 D0A3; # capital U + D4 D0A4; # capital F + D5 D0A5; # capital KH + D6 D0A6; # capital TS + D7 D0A7; # capital CH + D8 D0A8; # capital SH + D9 D0A9; # capital SHCH + DA D0AA; # capital hard sign + DB D0AB; # capital Y + DC D0AC; # capital soft sign + DD D0AD; # capital E + DE D0AE; # capital YU + DF D0AF; # capital YA + + E0 D0B0; # small a + E1 D0B1; # small b + E2 D0B2; # small v + E3 D0B3; # small g + E4 D0B4; # small d + E5 D0B5; # small ye + E6 D0B6; # small zh + E7 D0B7; # small z + E8 D0B8; # small i + E9 D0B9; # small j + EA D0BA; # small k + EB D0BB; # small l + EC D0BC; # small m + ED D0BD; # small n + EE D0BE; # small o + EF D0BF; # small p + + F0 D180; # small r + F1 D181; # small s + F2 D182; # small t + F3 D183; # small u + F4 D184; # small f + F5 D185; # small kh + F6 D186; # small ts + F7 D187; # small ch + F8 D188; # small sh + F9 D189; # small shch + FA D18A; # small hard sign + FB D18B; # small y + FC D18C; # small soft sign + FD D18D; # small e + FE D18E; # small yu + FF D18F; # small ya +} -- cgit v1.2.3