blob: 16d9698daf4a56359c2540e16c7ca4fd88d27118 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
server {
listen 80;
listen [::]:80;
server_name demo.taler.net
bank.demo.taler.net
shop.demo.taler.net
donations.demo.taler.net
survey.demo.taler.net
auditor.demo.taler.net
exchange.demo.taler.net;
# 301-based ridirects allows the user agent to *change* the
# method used in the second request. This breaks all the API
# using POST, as some user agents do the second request using
# GET. 307 is meant to tell the user agent to not change the
# method in the second request.
if ($request_method = POST) { return 307 https://$host$request_uri; }
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name auditor.demo.taler.net;
include conf.d/talerssl;
location / {
rewrite ^/$ /en/ redirect;
rewrite ^/(..)/$ /$1/index.html break;
recursive_error_pages on;
root /home/demo/auditor;
}
include conf.d/favicon_robots;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name demo.taler.net www.demo.taler.net;
rewrite /javascript /javascript.html break;
include conf.d/talerssl;
location / {
rewrite ^/$ /en/ redirect;
rewrite ^/(..)/$ /$1/index.html break;
root /home/demo/landing/demo;
}
include conf.d/favicon_robots;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name exchange.demo.taler.net;
root /dev/null;
include conf.d/talerssl;
location /admin {
proxy_pass http://unix:/home/demo/sockets/exchange-admin.http;
proxy_redirect off;
proxy_set_header Host $host;
}
location / {
proxy_pass http://unix:/home/demo/sockets/exchange.http:/;
proxy_redirect off;
proxy_set_header Host $host;
}
}
server {
listen 443 ssl;
listen 80;
listen [::]:443 ssl;
listen [::]:80;
server_name backend.demo.taler.net;
include conf.d/talerssl;
location /public {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host "backend.demo.taler.net";
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://unix:/home/demo/sockets/merchant.http:/public;
}
location / {
# match the ApiKey part ignoring case, and the actual key
# with case-sensitivity on.
if ($http_authorization !~ "(?i)ApiKey (?-i)sandbox") {
return 401;
}
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host "backend.demo.taler.net";
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://unix:/home/demo/sockets/merchant.http:/;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name donations.demo.taler.net;
include conf.d/talerssl;
location / {
uwsgi_pass unix:/home/demo/sockets/donations.uwsgi;
include /etc/nginx/uwsgi_params;
}
include conf.d/favicon_robots;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name shop.demo.taler.net;
include conf.d/talerssl;
location / {
uwsgi_pass unix:/home/demo/sockets/shop.uwsgi;
include /etc/nginx/uwsgi_params;
}
include conf.d/favicon_robots;
}
server {
server_name survey.demo.taler.net;
listen 443 ssl;
listen [::]:443 ssl;
include conf.d/talerssl;
location / {
uwsgi_pass unix:/home/demo/sockets/survey.uwsgi;
include /etc/nginx/uwsgi_params;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name bank.demo.taler.net;
include conf.d/talerssl;
location / {
uwsgi_pass unix:/home/demo/sockets/bank.uwsgi;
include /etc/nginx/uwsgi_params;
}
include conf.d/favicon_robots;
}
|
