From 430db6a55226ea4a9c33e322edc4a3a7b325393c Mon Sep 17 00:00:00 2001 From: Nils Gillmann Date: Thu, 27 Sep 2018 19:24:10 +0000 Subject: complications with the way guix builds are made lead me to work on the content of etc in a copied, not symlinked location. Signed-off-by: Nils Gillmann --- guix/etc/nginx/sites-enabled/api-ssl.site | 9 + guix/etc/nginx/sites-enabled/api.site | 8 + guix/etc/nginx/sites-enabled/buildbot-ssl.site | 23 ++ guix/etc/nginx/sites-enabled/buildbot.site | 14 + guix/etc/nginx/sites-enabled/decentralise-ssl.site | 14 + guix/etc/nginx/sites-enabled/decentralise.site | 13 + guix/etc/nginx/sites-enabled/default.site | 18 + guix/etc/nginx/sites-enabled/demo.site | 159 +++++++++ guix/etc/nginx/sites-enabled/docs-ssl.site | 69 ++++ guix/etc/nginx/sites-enabled/docs.site | 7 + guix/etc/nginx/sites-enabled/env.site | 85 +++++ guix/etc/nginx/sites-enabled/gauger-ssl.site | 18 + guix/etc/nginx/sites-enabled/gauger.site | 17 + guix/etc/nginx/sites-enabled/git-ssl.site | 31 ++ guix/etc/nginx/sites-enabled/git.site | 10 + guix/etc/nginx/sites-enabled/intranet-ssl.site | 15 + guix/etc/nginx/sites-enabled/intranet.site | 10 + guix/etc/nginx/sites-enabled/lcov-ssl.site | 20 ++ guix/etc/nginx/sites-enabled/lcov.site | 19 ++ guix/etc/nginx/sites-enabled/sandbox.site | 20 ++ guix/etc/nginx/sites-enabled/test.site | 379 +++++++++++++++++++++ guix/etc/nginx/sites-enabled/trollslayer.site | 16 + guix/etc/nginx/sites-enabled/www-ssl.site | 59 ++++ guix/etc/nginx/sites-enabled/www-stage.site | 78 +++++ guix/etc/nginx/sites-enabled/www.git-ssl.site | 11 + guix/etc/nginx/sites-enabled/www.git.site | 10 + guix/etc/nginx/sites-enabled/www.site | 13 + 27 files changed, 1145 insertions(+) create mode 100644 guix/etc/nginx/sites-enabled/api-ssl.site create mode 100644 guix/etc/nginx/sites-enabled/api.site create mode 100644 guix/etc/nginx/sites-enabled/buildbot-ssl.site create mode 100644 guix/etc/nginx/sites-enabled/buildbot.site create mode 100644 guix/etc/nginx/sites-enabled/decentralise-ssl.site create mode 100644 guix/etc/nginx/sites-enabled/decentralise.site create mode 100644 guix/etc/nginx/sites-enabled/default.site create mode 100644 guix/etc/nginx/sites-enabled/demo.site create mode 100644 guix/etc/nginx/sites-enabled/docs-ssl.site create mode 100644 guix/etc/nginx/sites-enabled/docs.site create mode 100644 guix/etc/nginx/sites-enabled/env.site create mode 100644 guix/etc/nginx/sites-enabled/gauger-ssl.site create mode 100644 guix/etc/nginx/sites-enabled/gauger.site create mode 100644 guix/etc/nginx/sites-enabled/git-ssl.site create mode 100644 guix/etc/nginx/sites-enabled/git.site create mode 100644 guix/etc/nginx/sites-enabled/intranet-ssl.site create mode 100644 guix/etc/nginx/sites-enabled/intranet.site create mode 100644 guix/etc/nginx/sites-enabled/lcov-ssl.site create mode 100644 guix/etc/nginx/sites-enabled/lcov.site create mode 100644 guix/etc/nginx/sites-enabled/sandbox.site create mode 100644 guix/etc/nginx/sites-enabled/test.site create mode 100644 guix/etc/nginx/sites-enabled/trollslayer.site create mode 100644 guix/etc/nginx/sites-enabled/www-ssl.site create mode 100644 guix/etc/nginx/sites-enabled/www-stage.site create mode 100644 guix/etc/nginx/sites-enabled/www.git-ssl.site create mode 100644 guix/etc/nginx/sites-enabled/www.git.site create mode 100644 guix/etc/nginx/sites-enabled/www.site (limited to 'guix/etc/nginx/sites-enabled') diff --git a/guix/etc/nginx/sites-enabled/api-ssl.site b/guix/etc/nginx/sites-enabled/api-ssl.site new file mode 100644 index 0000000..6f5fd69 --- /dev/null +++ b/guix/etc/nginx/sites-enabled/api-ssl.site @@ -0,0 +1,9 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name api.taler.net + www.api.taler.net; + rewrite ^ https://docs.taler.net$request_uri? permanent; +} diff --git a/guix/etc/nginx/sites-enabled/api.site b/guix/etc/nginx/sites-enabled/api.site new file mode 100644 index 0000000..21e7efe --- /dev/null +++ b/guix/etc/nginx/sites-enabled/api.site @@ -0,0 +1,8 @@ +server { + listen 80; + listen [::]:80; + server_name api.taler.net + www.api.taler.net; + + rewrite ^ https://docs.taler.net$request_uri? permanent; +} diff --git a/guix/etc/nginx/sites-enabled/buildbot-ssl.site b/guix/etc/nginx/sites-enabled/buildbot-ssl.site new file mode 100644 index 0000000..ba998bb --- /dev/null +++ b/guix/etc/nginx/sites-enabled/buildbot-ssl.site @@ -0,0 +1,23 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/buildbot/; + + # Make site accessible from http://localhost/ + server_name buildbot.taler.net; + server_name www.buildbot.taler.net; + server_name bb.taler.net; + include conf.d/talerssl; + + location / { + proxy_pass http://127.0.0.1:8010; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + include conf.d/favicon_robots; +} diff --git a/guix/etc/nginx/sites-enabled/buildbot.site b/guix/etc/nginx/sites-enabled/buildbot.site new file mode 100644 index 0000000..77eb805 --- /dev/null +++ b/guix/etc/nginx/sites-enabled/buildbot.site @@ -0,0 +1,14 @@ +server { + listen 80; + listen [::]:80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/buildbot/; + + # Make site accessible from http://localhost/ + server_name buildbot.taler.net; + server_name www.buildbot.taler.net; + server_name bb.taler.net; + + rewrite ^ https://$server_name$request_uri? permanent; +} diff --git a/guix/etc/nginx/sites-enabled/decentralise-ssl.site b/guix/etc/nginx/sites-enabled/decentralise-ssl.site new file mode 100644 index 0000000..9dd0470 --- /dev/null +++ b/guix/etc/nginx/sites-enabled/decentralise-ssl.site @@ -0,0 +1,14 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/decentralise; + + # Make site accessible from http://localhost/ + server_name www.decentralise.rennes.inria.fr; + server_name decentralise.rennes.inria.fr; + include conf.d/talerssl; + + rewrite / http://www.inria.fr/en/teams/decentralise redirect; +} diff --git a/guix/etc/nginx/sites-enabled/decentralise.site b/guix/etc/nginx/sites-enabled/decentralise.site new file mode 100644 index 0000000..b92fb0f --- /dev/null +++ b/guix/etc/nginx/sites-enabled/decentralise.site @@ -0,0 +1,13 @@ +server { + listen 80; + listen [::]:80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/decentralise; + + # Make site accessible from http://localhost/ + server_name www.decentralise.rennes.inria.fr; + server_name decentralise.rennes.inria.fr; + + rewrite / http://www.inria.fr/en/teams/decentralise redirect; +} diff --git a/guix/etc/nginx/sites-enabled/default.site b/guix/etc/nginx/sites-enabled/default.site new file mode 100644 index 0000000..e295383 --- /dev/null +++ b/guix/etc/nginx/sites-enabled/default.site @@ -0,0 +1,18 @@ +# matched when no other server name matches +server { + listen 80 default_server; + listen [::]:80 default_server; + # server name must simply something invalid ... + server_name _; + # drop connection, special nginx status code + return 444; +} +server { + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + include conf.d/talerssl; + # server name must simply something invalid ... + server_name _; + # drop connection, special nginx status code + return 444; +} diff --git a/guix/etc/nginx/sites-enabled/demo.site b/guix/etc/nginx/sites-enabled/demo.site new file mode 100644 index 0000000..16d9698 --- /dev/null +++ b/guix/etc/nginx/sites-enabled/demo.site @@ -0,0 +1,159 @@ +server { + listen 80; + listen [::]:80; + server_name demo.taler.net + bank.demo.taler.net + shop.demo.taler.net + donations.demo.taler.net + survey.demo.taler.net + auditor.demo.taler.net + exchange.demo.taler.net; + + # 301-based ridirects allows the user agent to *change* the + # method used in the second request. This breaks all the API + # using POST, as some user agents do the second request using + # GET. 307 is meant to tell the user agent to not change the + # method in the second request. + if ($request_method = POST) { return 307 https://$host$request_uri; } + return 301 https://$host$request_uri; + +} + + +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name auditor.demo.taler.net; + include conf.d/talerssl; + location / { + rewrite ^/$ /en/ redirect; + rewrite ^/(..)/$ /$1/index.html break; + recursive_error_pages on; + root /home/demo/auditor; + } + include conf.d/favicon_robots; +} + + +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name demo.taler.net www.demo.taler.net; + rewrite /javascript /javascript.html break; + include conf.d/talerssl; + location / { + rewrite ^/$ /en/ redirect; + rewrite ^/(..)/$ /$1/index.html break; + root /home/demo/landing/demo; + } + + include conf.d/favicon_robots; +} + + +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name exchange.demo.taler.net; + root /dev/null; + include conf.d/talerssl; + + location /admin { + proxy_pass http://unix:/home/demo/sockets/exchange-admin.http; + proxy_redirect off; + proxy_set_header Host $host; + } + + location / { + proxy_pass http://unix:/home/demo/sockets/exchange.http:/; + proxy_redirect off; + proxy_set_header Host $host; + } +} + +server { + listen 443 ssl; + listen 80; + listen [::]:443 ssl; + listen [::]:80; + server_name backend.demo.taler.net; + include conf.d/talerssl; + + location /public { + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host "backend.demo.taler.net"; + proxy_set_header X-Forwarded-Proto "https"; + proxy_pass http://unix:/home/demo/sockets/merchant.http:/public; + } + + location / { + # match the ApiKey part ignoring case, and the actual key + # with case-sensitivity on. + if ($http_authorization !~ "(?i)ApiKey (?-i)sandbox") { + return 401; + } + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host "backend.demo.taler.net"; + proxy_set_header X-Forwarded-Proto "https"; + proxy_pass http://unix:/home/demo/sockets/merchant.http:/; + } +} + + +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name donations.demo.taler.net; + include conf.d/talerssl; + + location / { + uwsgi_pass unix:/home/demo/sockets/donations.uwsgi; + include /etc/nginx/uwsgi_params; + } + + include conf.d/favicon_robots; +} + + +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name shop.demo.taler.net; + include conf.d/talerssl; + + location / { + uwsgi_pass unix:/home/demo/sockets/shop.uwsgi; + include /etc/nginx/uwsgi_params; + } + + include conf.d/favicon_robots; +} + + +server { + server_name survey.demo.taler.net; + listen 443 ssl; + listen [::]:443 ssl; + include conf.d/talerssl; + + location / { + uwsgi_pass unix:/home/demo/sockets/survey.uwsgi; + include /etc/nginx/uwsgi_params; + } +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name bank.demo.taler.net; + include conf.d/talerssl; + + location / { + uwsgi_pass unix:/home/demo/sockets/bank.uwsgi; + include /etc/nginx/uwsgi_params; + } + + include conf.d/favicon_robots; +} diff --git a/guix/etc/nginx/sites-enabled/docs-ssl.site b/guix/etc/nginx/sites-enabled/docs-ssl.site new file mode 100644 index 0000000..923d703 --- /dev/null +++ b/guix/etc/nginx/sites-enabled/docs-ssl.site @@ -0,0 +1,69 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + # Temporary, as this doesn't do i18n + root /home/docbuilder/build/docs-landing/; + + # Make site accessible from http://localhost/ + server_name docs.taler.net + www.docs.taler.net; + + include conf.d/talerssl; + + location / { + autoindex off; + ssi off; +# ssi_last_modified on; + + + rewrite ^/$ /$index_redirect_uri/ redirect; + rewrite ^/(..)/$ /$1/index.html break; + } + + + location /code/exchange { + alias /home/docbuilder/build/exchange/doxygen; + } + + location /code/merchant { + alias /home/docbuilder/build/merchant-backend/doxygen; + } + + location /onboarding { + alias /home/docbuilder/build/onboarding/; + } + + location /bank { + alias /home/docbuilder/build/bank/manual; + } + + location /backoffice { + alias /home/docbuilder/build/backoffice/; + } + + location /exchange { + alias /home/docbuilder/build/exchange/manual; + } + + location /merchant/backend { + alias /home/docbuilder/build/merchant-backend/manual; + } + + location /merchant/frontend { + alias /home/docbuilder/build/merchant-frontend/; + } + + location /api { + autoindex off; + alias /home/docbuilder/build/api/html; + } + + # Associated to /api route. + location /_static { + alias /home/docbuilder/api/html/_static; + } + + include conf.d/favicon_robots; +} diff --git a/guix/etc/nginx/sites-enabled/docs.site b/guix/etc/nginx/sites-enabled/docs.site new file mode 100644 index 0000000..8e01608 --- /dev/null +++ b/guix/etc/nginx/sites-enabled/docs.site @@ -0,0 +1,7 @@ +server { + listen 80; + listen [::]:80; + server_name docs.taler.net; + + rewrite ^ https://$host$request_uri? permanent; +} diff --git a/guix/etc/nginx/sites-enabled/env.site b/guix/etc/nginx/sites-enabled/env.site new file mode 100644 index 0000000..fbe31aa --- /dev/null +++ b/guix/etc/nginx/sites-enabled/env.site @@ -0,0 +1,85 @@ +server { + listen 80; + listen [::]:80; + server_name env.taler.net; + rewrite ^ https://$host$request_uri? permanent; +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name env.taler.net; + include conf.d/talerssl; + root /dev/null; + # rewrite_log on; + + # add trailing slashes to apps + rewrite ^/(?[a-zA-Z0-9-_]+)/(?[a-zA-Z0-9-_]+)$ /$user/$app/ redirect; + # add trailing slashes to user + rewrite ^/(?[a-zA-Z0-9-_]+)$ /$user/ redirect; + rewrite ^/(?[a-zA-Z0-9-_]+)/$ /$user/en/ redirect; + + # aliases to get from one page to the other + rewrite ^/(?[a-zA-Z0-9-_]+)/(?[a-zA-Z0-9-_]+)/landing /$user/ redirect; + rewrite ^/(?[a-zA-Z0-9-_]+)/(?[a-zA-Z0-9-_]+)/bank /$user/bank redirect; + rewrite ^/(?[a-zA-Z0-9-_]+)/(?[a-zA-Z0-9-_]+)/shop /$user/shop redirect; + rewrite ^/(?[a-zA-Z0-9-_]+)/(?[a-zA-Z0-9-_]+)/donations /$user/donations redirect; + rewrite ^/(?[a-zA-Z0-9-_]+)/(?[a-zA-Z0-9-_]+)/survey /$user/survey redirect; + + location ~ ^/(?[a-zA-Z0-9-_]+)/exchange/(?.*) { + proxy_pass http://unix:/home/$user/sockets/exchange.http:/$req$is_args$args; + proxy_redirect off; + proxy_set_header Host $host; + } + + location ~ ^/(?[a-zA-Z0-9-_]+)/merchant-backend/(?.*) { + proxy_pass http://unix:/home/$user/sockets/merchant.http:/$req; + proxy_redirect off; + proxy_set_header Host $host; + } + + location ~ ^/(?[a-zA-Z0-9-_]+)/bank(?/?.*|)$ { + uwsgi_pass unix:/home/$user/sockets/bank.uwsgi; + include /etc/nginx/uwsgi_params; + uwsgi_param SCRIPT_NAME "/$user/bank/"; + uwsgi_param PATH_INFO "$req"; + } + + location ~ ^/(?[a-zA-Z0-9-_]+)/shop(?/?.*|)$ { + uwsgi_pass unix:/home/$user/sockets/shop.uwsgi; + include /etc/nginx/uwsgi_params; + uwsgi_param SCRIPT_NAME "/$user/shop/"; + uwsgi_param PATH_INFO "$req"; + } + + location ~ ^/(?[a-zA-Z0-9-_]+)/donations(?/.*|)$ { + uwsgi_pass unix:/home/$user/sockets/donations.uwsgi; + include /etc/nginx/uwsgi_params; + uwsgi_param SCRIPT_NAME "/$user/donations/"; + uwsgi_param PATH_INFO "$req"; + } + + location ~ ^/(?[a-zA-Z0-9-_]+)(?/.*|)$ { + # add index.html + rewrite ^/(.*)/(..)/$ /$1/$2/index.html last; + # strip /user/ + rewrite ^/([a-zA-Z0-9-_]+)/(.*)$ /$2 break; + root /home/$user/landing/demo; + } + + location ~ ^/(?[a-zA-Z0-9-_]+)/auditor(?/.*|)$ { + uwsgi_pass unix:/home/$user/sockets/auditor.uwsgi; + include /etc/nginx/uwsgi_params; + uwsgi_param SCRIPT_NAME "/$user/"; + uwsgi_param PATH_INFO "$req"; + } + + location ~ ^/(?[a-zA-Z0-9-_]+)/survey(?/.*|)$ { + uwsgi_pass unix:/home/$user/sockets/survey.uwsgi; + include /etc/nginx/uwsgi_params; + uwsgi_param SCRIPT_NAME "/$user/"; + uwsgi_param PATH_INFO "$req"; + } + + include conf.d/favicon_robots; +} diff --git a/guix/etc/nginx/sites-enabled/gauger-ssl.site b/guix/etc/nginx/sites-enabled/gauger-ssl.site new file mode 100644 index 0000000..e889b59 --- /dev/null +++ b/guix/etc/nginx/sites-enabled/gauger-ssl.site @@ -0,0 +1,18 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/gauger/; + + # Make site accessible from http://localhost/ + server_name gauger.taler.net; + server_name www.gauger.taler.net; + include conf.d/talerssl; + + location / { + proxy_pass http://localhost:1801; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/guix/etc/nginx/sites-enabled/gauger.site b/guix/etc/nginx/sites-enabled/gauger.site new file mode 100644 index 0000000..967f9e9 --- /dev/null +++ b/guix/etc/nginx/sites-enabled/gauger.site @@ -0,0 +1,17 @@ +server { + listen 80; + listen [::]:80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/gauger/; + + # Make site accessible from http://localhost/ + server_name gauger.taler.net; + server_name www.gauger.taler.net; + + location / { + proxy_pass http://localhost:1801; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/guix/etc/nginx/sites-enabled/git-ssl.site b/guix/etc/nginx/sites-enabled/git-ssl.site new file mode 100644 index 0000000..673ced5 --- /dev/null +++ b/guix/etc/nginx/sites-enabled/git-ssl.site @@ -0,0 +1,31 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/git; + server_name git.taler.net; + include conf.d/talerssl; + + access_log /var/log/nginx/git.taler.net_access.log; + error_log /var/log/nginx/git.taler.net_error.log notice; + + location ~ ^(.*?)\.git/(HEAD|info/refs|objects/.*|git-upload-pack)$ { + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + fastcgi_param GIT_PROJECT_ROOT /home/git/repositories; + fastcgi_param PATH_INFO $uri; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + location /cgit { + root /var/www; + } + + location / { + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME /var/www/cgit/cgit.cgi; + fastcgi_param PATH_INFO $uri; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } +} diff --git a/guix/etc/nginx/sites-enabled/git.site b/guix/etc/nginx/sites-enabled/git.site new file mode 100644 index 0000000..4c0c9ea --- /dev/null +++ b/guix/etc/nginx/sites-enabled/git.site @@ -0,0 +1,10 @@ +server { + listen 80; + listen [::]:80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/git; + server_name git.taler.net; + + rewrite ^ https://$server_name$request_uri? permanent; +} diff --git a/guix/etc/nginx/sites-enabled/intranet-ssl.site b/guix/etc/nginx/sites-enabled/intranet-ssl.site new file mode 100644 index 0000000..3390403 --- /dev/null +++ b/guix/etc/nginx/sites-enabled/intranet-ssl.site @@ -0,0 +1,15 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/git; + server_name intranet.taler.net; + include conf.d/talerssl; + location / { + proxy_pass http://127.0.0.1:8018; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header HTTPS on; + } +} diff --git a/guix/etc/nginx/sites-enabled/intranet.site b/guix/etc/nginx/sites-enabled/intranet.site new file mode 100644 index 0000000..66217db --- /dev/null +++ b/guix/etc/nginx/sites-enabled/intranet.site @@ -0,0 +1,10 @@ +server { + listen 80; + listen [::]:80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + # Make site accessible from http://localhost/ + server_name intranet.taler.net; + + rewrite ^ https://$server_name$request_uri? permanent; +} diff --git a/guix/etc/nginx/sites-enabled/lcov-ssl.site b/guix/etc/nginx/sites-enabled/lcov-ssl.site new file mode 100644 index 0000000..0620bfe --- /dev/null +++ b/guix/etc/nginx/sites-enabled/lcov-ssl.site @@ -0,0 +1,20 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/lcov.taler.net/; + + # Make site accessible from http://localhost/ + server_name lcov.taler.net; + server_name www.lcov.taler.net; + include conf.d/talerssl; + + location / { + autoindex on; + ssi off; +# ssi_last_modified on; + } + + include conf.d/favicon_robots; +} diff --git a/guix/etc/nginx/sites-enabled/lcov.site b/guix/etc/nginx/sites-enabled/lcov.site new file mode 100644 index 0000000..979c387 --- /dev/null +++ b/guix/etc/nginx/sites-enabled/lcov.site @@ -0,0 +1,19 @@ +server { + listen 80; + listen [::]:80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/lcov.taler.net/; + + # Make site accessible from http://localhost/ + server_name lcov.taler.net; + server_name www.lcov.taler.net; + + location / { + autoindex on; + ssi off; +# ssi_last_modified on; + } + + include conf.d/favicon_robots; +} diff --git a/guix/etc/nginx/sites-enabled/sandbox.site b/guix/etc/nginx/sites-enabled/sandbox.site new file mode 100644 index 0000000..9e32b17 --- /dev/null +++ b/guix/etc/nginx/sites-enabled/sandbox.site @@ -0,0 +1,20 @@ +server { + listen 80; + listen [::]:80; + server_name sandbox.taler.net *.sandbox.taler.net; + rewrite ^ https://$host$request_uri? permanent; +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name sandbox.taler.net; + include conf.d/talerssl; + + location / { + root /home/sandbox/sandbox_landing/; + autoindex off; + index index.html; + } +} diff --git a/guix/etc/nginx/sites-enabled/test.site b/guix/etc/nginx/sites-enabled/test.site new file mode 100644 index 0000000..7c4f847 --- /dev/null +++ b/guix/etc/nginx/sites-enabled/test.site @@ -0,0 +1,379 @@ +server { + listen 80; + listen [::]:80; + server_name test.taler.net + bank.test.taler.net + shop.test.taler.net + donations.test.taler.net + survey.test.taler.net + auditor.test.taler.net + exchange.test.taler.net + backoffice.test.taler.net; + + # 301-based ridirects allows the user agent to *change* the + # method used in the second request. This breaks all the API + # using POST, as some user agents do the second request using + # GET. 307 is meant to tell the user agent to not change the + # method in the second request. + if ($request_method = POST) { return 307 https://$host$request_uri; } + return 301 https://$host$request_uri; +} + +server { + server_name test.taler.net www.test.taler.net; + listen 443 ssl; + listen [::]:443 ssl; + rewrite /javascript /javascript.html break; + include conf.d/talerssl; + location @green { + add_header X-Taler-Deployment-Color green; + root /home/test-green/landing/demo; + } + location @blue { + add_header X-Taler-Deployment-Color blue; + root /home/test-blue/landing/demo; + } + location / { + # Redirection technique explainted at + # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ + error_page 418 = @blue; + error_page 419 = @green; + rewrite ^/$ /en/ redirect; + rewrite ^/(..)/$ /$1/index.html break; + recursive_error_pages on; + if ($http_x_taler_deployment_color ~ "blue") { return 418; } + if ($http_x_taler_deployment_color ~ "green") { return 419; } + root /home/test/landing/demo; + } + include conf.d/favicon_robots; +} + + +server { + server_name auditor.test.taler.net; + listen 443 ssl; + listen [::]:443 ssl; + root /dev/null; + include conf.d/talerssl; + location @green { + add_header X-Taler-Deployment-Color green; + root /home/test-green/auditor; + } + location @blue { + add_header X-Taler-Deployment-Color blue; + root /home/test-blue/auditor; + } + location / { + # Redirection technique explainted at + # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ + error_page 418 = @blue; + error_page 419 = @green; + rewrite ^/$ /en/ redirect; + rewrite ^/(..)/$ /$1/index.html break; + recursive_error_pages on; + if ($http_x_taler_deployment_color ~ "blue") { return 418; } + if ($http_x_taler_deployment_color ~ "green") { return 419; } + root /home/test/auditor; + } + include conf.d/favicon_robots; +} + + +server { + server_name exchange.test.taler.net; + listen 443 ssl; + listen [::]:443 ssl; + root /dev/null; + include conf.d/talerssl; + location @blue-admin { + add_header X-Taler-Deployment-Color blue; + proxy_pass http://unix:/home/test-blue/sockets/exchange-admin.http; + proxy_redirect off; + proxy_set_header Host $host; + } + location @green-admin { + add_header X-Taler-Deployment-Color green; + proxy_pass http://unix:/home/test-green/sockets/exchange-admin.http; + proxy_redirect off; + proxy_set_header Host $host; + } + + location @blue { + add_header X-Taler-Deployment-Color blue; + proxy_pass http://unix:/home/test-blue/sockets/exchange.http; + proxy_redirect off; + proxy_set_header Host $host; + } + + location @green { + add_header X-Taler-Deployment-Color green; + proxy_pass http://unix:/home/test-green/sockets/exchange.http; + proxy_redirect off; + proxy_set_header Host $host; + } + + location /admin { + error_page 418 = @blue-admin; + error_page 419 = @green-admin; + recursive_error_pages on; + if ($http_x_taler_deployment_color ~ "blue") { return 418; } + if ($http_x_taler_deployment_color ~ "green") { return 419; } + proxy_pass http://unix:/home/test/sockets/exchange-admin.http; + proxy_redirect off; + proxy_set_header Host $host; + } + + location / { + error_page 418 = @blue; + error_page 419 = @green; + recursive_error_pages on; + if ($http_x_taler_deployment_color ~ "blue") { return 418; } + if ($http_x_taler_deployment_color ~ "green") { return 419; } + proxy_pass http://unix:/home/test/sockets/exchange.http:/; + proxy_redirect off; + proxy_set_header Host $host; + } +} + + +server { + server_name shop.test.taler.net; + listen 443 ssl; + listen [::]:443 ssl; + root /dev/null; + include conf.d/talerssl; + + location @blue { + add_header X-Taler-Deployment-Color blue; + uwsgi_pass unix:/home/test-blue/sockets/shop.uwsgi; + include /etc/nginx/uwsgi_params; + } + location @green { + add_header X-Taler-Deployment-Color green; + uwsgi_pass unix:/home/test-green/sockets/shop.uwsgi; + include /etc/nginx/uwsgi_params; + } + + location / { + # Redirection technique explainted at + # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ + error_page 418 = @blue; + error_page 419 = @green; + recursive_error_pages on; + if ($http_x_taler_deployment_color ~ "blue") { return 418; } + if ($http_x_taler_deployment_color ~ "green") { return 419; } + uwsgi_pass unix:/home/test/sockets/shop.uwsgi; + include /etc/nginx/uwsgi_params; + } + + include conf.d/favicon_robots; +} + + +server { + server_name playground.test.taler.net; + listen 443 ssl; + listen [::]:443 ssl; + root /dev/null; + include conf.d/talerssl; + + location @blue { + add_header X-Taler-Deployment-Color blue; + uwsgi_pass unix:/home/test-blue/sockets/playground.uwsgi; + include /etc/nginx/uwsgi_params; + } + location @green { + add_header X-Taler-Deployment-Color green; + uwsgi_pass unix:/home/test-green/sockets/playground.uwsgi; + include /etc/nginx/uwsgi_params; + } + + location / { + # Redirection technique explainted at + # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ + error_page 418 = @blue; + error_page 419 = @green; + recursive_error_pages on; + if ($http_x_taler_deployment_color ~ "blue") { return 418; } + if ($http_x_taler_deployment_color ~ "green") { return 419; } + uwsgi_pass unix:/home/test/sockets/playground.uwsgi; + include /etc/nginx/uwsgi_params; + } + + include conf.d/favicon_robots; +} + + +server { + server_name backend.test.taler.net; + listen 443 ssl; + listen 80; + listen [::]:443 ssl; + listen [::]:80; + include conf.d/talerssl; + + location @blue { + add_header X-Taler-Deployment-Color blue; + proxy_pass http://unix:/home/test-blue/sockets/merchant.http; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host "backend.test.taler.net"; + proxy_set_header X-Forwarded-Proto "https"; + } + location @green { + add_header X-Taler-Deployment-Color green; + proxy_pass http://unix:/home/test-green/sockets/merchant.http; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host "backend.test.taler.net"; + proxy_set_header X-Forwarded-Proto "https"; + } + + location /public { + # Redirection technique explainted at + # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ + error_page 418 = @blue; + error_page 419 = @green; + recursive_error_pages on; + + if ($http_x_taler_deployment_color ~ "blue") { return 418; } + if ($http_x_taler_deployment_color ~ "green") { return 419; } + proxy_set_header X-Forwarded-Host "backend.test.taler.net"; + proxy_set_header X-Forwarded-Proto "https"; + proxy_pass http://unix:/home/test/sockets/merchant.http:/public; + proxy_redirect off; + proxy_set_header Host $host; + } + + location / { + # Redirection technique explainted at + # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ + error_page 418 = @blue; + error_page 419 = @green; + recursive_error_pages on; + + # match the ApiKey part ignoring case, and the actual key + # with case-sensitivity on. + if ($http_authorization !~ "(?i)ApiKey (?-i)sandbox") { + return 401; + } + + if ($http_x_taler_deployment_color ~ "blue") { return 418; } + if ($http_x_taler_deployment_color ~ "green") { return 419; } + proxy_set_header X-Forwarded-Host "backend.test.taler.net"; + proxy_set_header X-Forwarded-Proto "https"; + proxy_pass http://unix:/home/test/sockets/merchant.http:/; + proxy_redirect off; + proxy_set_header Host $host; + } +} + + +server { + server_name survey.test.taler.net; + listen 443 ssl; + listen [::]:443 ssl; + include conf.d/talerssl; + + location / { + uwsgi_pass unix:/home/test/sockets/survey.uwsgi; + include /etc/nginx/uwsgi_params; + } +} + +server { + server_name donations.test.taler.net; + listen 443 ssl; + listen [::]:443 ssl; + include conf.d/talerssl; + + location @blue { + add_header X-Taler-Deployment-Color blue; + uwsgi_pass unix:/home/test-blue/sockets/donations.uwsgi; + include /etc/nginx/uwsgi_params; + } + location @green { + add_header X-Taler-Deployment-Color green; + uwsgi_pass unix:/home/test-green/sockets/donations.uwsgi; + include /etc/nginx/uwsgi_params; + } + + location / { + # Redirection technique explainted at + # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ + error_page 418 = @blue; + error_page 419 = @green; + recursive_error_pages on; + if ($http_x_taler_deployment_color ~ "blue") { return 418; } + if ($http_x_taler_deployment_color ~ "green") { return 419; } + uwsgi_pass unix:/home/test/sockets/donations.uwsgi; + include /etc/nginx/uwsgi_params; + } + + include conf.d/favicon_robots; +} + + +server { + server_name bank.test.taler.net; + listen 443 ssl; + listen [::]:443 ssl; + include conf.d/talerssl; + + location @blue { + add_header X-Taler-Deployment-Color blue; + uwsgi_pass unix:/home/test-blue/sockets/bank.uwsgi; + include /etc/nginx/uwsgi_params; + } + location @green { + add_header X-Taler-Deployment-Color green; + uwsgi_pass unix:/home/test-green/sockets/bank.uwsgi; + include /etc/nginx/uwsgi_params; + } + + location / { + # Redirection technique explainted at + # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ + error_page 418 = @blue; + error_page 419 = @green; + recursive_error_pages on; + if ($http_x_taler_deployment_color ~ "blue") { return 418; } + if ($http_x_taler_deployment_color ~ "green") { return 419; } + uwsgi_pass unix:/home/test/sockets/bank.uwsgi; + include /etc/nginx/uwsgi_params; + } + + include conf.d/favicon_robots; +} + +server { + server_name backoffice.test.taler.net; + listen 443 ssl; + listen [::]:443 ssl; + include conf.d/talerssl; + + location @blue { + add_header X-Taler-Deployment-Color blue; + uwsgi_pass unix:/home/test-blue/sockets/backoffice.uwsgi; + include /etc/nginx/uwsgi_params; + } + location @green { + add_header X-Taler-Deployment-Color green; + uwsgi_pass unix:/home/test-green/sockets/backoffice.uwsgi; + include /etc/nginx/uwsgi_params; + } + + location / { + # Redirection technique explainted at + # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ + error_page 418 = @blue; + error_page 419 = @green; + recursive_error_pages on; + if ($http_x_taler_deployment_color ~ "blue") { return 418; } + if ($http_x_taler_deployment_color ~ "green") { return 419; } + uwsgi_pass unix:/home/test/sockets/backoffice.uwsgi; + include /etc/nginx/uwsgi_params; + } + + include conf.d/favicon_robots; +} diff --git a/guix/etc/nginx/sites-enabled/trollslayer.site b/guix/etc/nginx/sites-enabled/trollslayer.site new file mode 100644 index 0000000..1767fe6 --- /dev/null +++ b/guix/etc/nginx/sites-enabled/trollslayer.site @@ -0,0 +1,16 @@ +server { + listen 80; + listen [::]:80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/trollslayer/; + + # Make site accessible from http://localhost/ + server_name trollslayer.decentralise.rennes.inria.fr; + + location / { + proxy_pass http://gnunet.org:20070/shell/; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/guix/etc/nginx/sites-enabled/www-ssl.site b/guix/etc/nginx/sites-enabled/www-ssl.site new file mode 100644 index 0000000..d7776b3 --- /dev/null +++ b/guix/etc/nginx/sites-enabled/www-ssl.site @@ -0,0 +1,59 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied + #listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + + # Make site accessible from http://localhost/ + server_name taler.net; + server_name www.taler.net; + include conf.d/talerssl; + + location / { + root /home/docbuilder/www.taler.net; + autoindex off; + ssi on; + #ssi_last_modified on; + + rewrite ^/$ /$index_redirect_uri/ redirect; + + rewrite ^/(..)/$ /$1/index.html break; + + rewrite ^/(help/empty-wallet)$ /$1.html break; + rewrite ^/wallet-installation\.html$ /en/wallet.html redirect; + # just to get around cached old redirect + rewrite ^/wallet\.en\.html$ /en/wallet.html redirect; + rewrite ^/wallet$ /en/wallet.html redirect; + rewrite ^/press$ /en/press.html redirect; + } + + gzip on; + gzip_disable "msie6"; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript; + + + # Note: this will go to /var/www/(videos|releases), which we took out of Git + location /videos { + root /var/www; + expires max; + } + + location ~* /videos/.*\.(png|jpg|ogv|webm|gif|svg)$ { + root /var/www; + expires max; + } + + location /releases { + root /var/www; + autoindex on; + } + + location /files { + root /var/www; + } +} diff --git a/guix/etc/nginx/sites-enabled/www-stage.site b/guix/etc/nginx/sites-enabled/www-stage.site new file mode 100644 index 0000000..e8a988b --- /dev/null +++ b/guix/etc/nginx/sites-enabled/www-stage.site @@ -0,0 +1,78 @@ +server { + listen 80; + listen [::]:80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/docbuilder/stage.taler.net; + + # Make site accessible from http://localhost/ + server_name stage.taler.net; + + rewrite ^ https://$server_name$request_uri? permanent; +} + +server { + listen 443 ssl; + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied + #listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + + # Make site accessible from http://localhost/ + server_name stage.taler.net; + include conf.d/talerssl; + + location / { + root /home/docbuilder/stage.taler.net; + autoindex off; + + rewrite ^/$ /$index_redirect_uri/ redirect; + + rewrite ^/(..)/$ /$1/index.html break; + + rewrite ^/(help/empty-wallet)$ /$1.html break; + rewrite ^/wallet-installation\.html$ /en/wallet.html redirect; + # just to get around cached old redirect + rewrite ^/wallet\.en\.html$ /en/wallet.html redirect; + rewrite ^/wallet$ /en/wallet.html redirect; + rewrite ^/press$ /en/press.html redirect; + + } + + gzip on; + gzip_disable "msie6"; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript; + + + # Note: this will go to /var/www/(videos|releases), which we took out of Git + location /videos { + root /var/www; + expires max; + } + + location ~* /videos/.*\.(png|jpg|ogv|webm|gif|svg)$ { + root /var/www; + expires max; + } + + # FIXME: this location newest files are from Oct'16 + location /releases { + root /var/www; + autoindex on; + } + + location /files { + root /var/www; + } + + location ~* \.(png|jpg|jpeg|gif|ico|svg|js|css)$ { + root /home/docbuilder/stage.taler.net; + expires 1y; + } + + +} diff --git a/guix/etc/nginx/sites-enabled/www.git-ssl.site b/guix/etc/nginx/sites-enabled/www.git-ssl.site new file mode 100644 index 0000000..5ba4831 --- /dev/null +++ b/guix/etc/nginx/sites-enabled/www.git-ssl.site @@ -0,0 +1,11 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/git; + server_name www.git.taler.net; + include conf.d/talerssl; + + rewrite ^ https://git.taler.net/ permanent; +} diff --git a/guix/etc/nginx/sites-enabled/www.git.site b/guix/etc/nginx/sites-enabled/www.git.site new file mode 100644 index 0000000..645923f --- /dev/null +++ b/guix/etc/nginx/sites-enabled/www.git.site @@ -0,0 +1,10 @@ +server { + listen 80; + listen [::]:80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/git; + server_name www.git.taler.net; + + rewrite ^ https://git.taler.net/ permanent; +} diff --git a/guix/etc/nginx/sites-enabled/www.site b/guix/etc/nginx/sites-enabled/www.site new file mode 100644 index 0000000..ae178e5 --- /dev/null +++ b/guix/etc/nginx/sites-enabled/www.site @@ -0,0 +1,13 @@ +server { + listen 80; + listen [::]:80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/docbuilder/www.taler.net; + + # Make site accessible from http://localhost/ + server_name taler.net; + server_name www.taler.net; + + rewrite ^ https://$server_name$request_uri? permanent; +} -- cgit v1.2.3