commit 5aee8b30d0d509e56e78d777d2820e95abec08ca parent 223ecf4a2bab3453b0136e43a3547b0de1d06585 Author: Florian Dold <florian.dold@gmail.com> Date: Tue, 1 Mar 2016 18:20:31 +0100 nginx config files Diffstat:
| A | etc/nginx-sites-enabled/api | | | 16 | ++++++++++++++++ |
| A | etc/nginx-sites-enabled/api-ssl | | | 26 | ++++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/bank-demo | | | 31 | +++++++++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/bank-demo-ssl | | | 28 | ++++++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/bank-test | | | 37 | +++++++++++++++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/bank-test-ssl | | | 28 | ++++++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/blog-demo | | | 43 | +++++++++++++++++++++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/blog-demo-ssl | | | 50 | ++++++++++++++++++++++++++++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/blog-test | | | 43 | +++++++++++++++++++++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/blog-test-ssl | | | 49 | +++++++++++++++++++++++++++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/buildbot | | | 16 | ++++++++++++++++ |
| A | etc/nginx-sites-enabled/buildbot-ssl | | | 25 | +++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/decentralise | | | 12 | ++++++++++++ |
| A | etc/nginx-sites-enabled/decentralise-ssl | | | 21 | +++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/demo | | | 20 | ++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/demo-ssl | | | 34 | ++++++++++++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/drupal-demo | | | 40 | ++++++++++++++++++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/drupal-demo-ssl | | | 49 | +++++++++++++++++++++++++++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/exchange-demo | | | 15 | +++++++++++++++ |
| A | etc/nginx-sites-enabled/exchange-demo-ssl | | | 25 | +++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/exchange-test | | | 15 | +++++++++++++++ |
| A | etc/nginx-sites-enabled/exchange-test-ssl | | | 24 | ++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/gauger | | | 16 | ++++++++++++++++ |
| A | etc/nginx-sites-enabled/gauger-ssl | | | 25 | +++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/git | | | 12 | ++++++++++++ |
| A | etc/nginx-sites-enabled/git-ssl | | | 21 | +++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/lcov | | | 16 | ++++++++++++++++ |
| A | etc/nginx-sites-enabled/lcov-ssl | | | 25 | +++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/mint-demo | | | 15 | +++++++++++++++ |
| A | etc/nginx-sites-enabled/mint-demo-ssl | | | 24 | ++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/mint-test | | | 15 | +++++++++++++++ |
| A | etc/nginx-sites-enabled/mint-test-ssl | | | 24 | ++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/shop-demo | | | 47 | +++++++++++++++++++++++++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/shop-demo-ssl | | | 54 | ++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/shop-test | | | 48 | ++++++++++++++++++++++++++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/shop-test-ssl | | | 54 | ++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/test | | | 26 | ++++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/test-ssl | | | 33 | +++++++++++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/trollslayer | | | 15 | +++++++++++++++ |
| A | etc/nginx-sites-enabled/www | | | 25 | +++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/www-ssl | | | 36 | ++++++++++++++++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/www.git | | | 23 | +++++++++++++++++++++++ |
| A | etc/nginx-sites-enabled/www.git-ssl | | | 32 | ++++++++++++++++++++++++++++++++ |
43 files changed, 1233 insertions(+), 0 deletions(-)
diff --git a/etc/nginx-sites-enabled/api b/etc/nginx-sites-enabled/api @@ -0,0 +1,16 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/api.taler.net/_build/html; + + # Make site accessible from http://localhost/ + server_name api.taler.net; + server_name www.api.taler.net; + + location / { + autoindex off; + ssi on; +# ssi_last_modified on; + } +} diff --git a/etc/nginx-sites-enabled/api-ssl b/etc/nginx-sites-enabled/api-ssl @@ -0,0 +1,26 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/api.taler.net/_build/html; + + # Make site accessible from http://localhost/ + server_name api.taler.net; + server_name www.api.taler.net; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + autoindex off; + ssi on; +# ssi_last_modified on; + } +} diff --git a/etc/nginx-sites-enabled/bank-demo b/etc/nginx-sites-enabled/bank-demo @@ -0,0 +1,31 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/demo/bank/website; + index index.php; + + # Make site accessible from http://localhost/ + server_name bank.demo.taler.net; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + +# To be uncommented when testing Django bank +# location ~ ^/auth/static { +# root /home/demo/bank/TalerBank/Bank/templates; +# rewrite /auth/static/(.*) /$1 break; +# } +# +# # Reach Django +# location ~ ^/(auth|admin) { +# uwsgi_pass django; +# include /home/demo/bank/TalerBank/uwsgi_params; +# } + + rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; + +} diff --git a/etc/nginx-sites-enabled/bank-demo-ssl b/etc/nginx-sites-enabled/bank-demo-ssl @@ -0,0 +1,28 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/demo/bank/website; + index index.php; + + # Make site accessible from http://localhost/ + server_name bank.demo.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; + +} diff --git a/etc/nginx-sites-enabled/bank-test b/etc/nginx-sites-enabled/bank-test @@ -0,0 +1,37 @@ +upstream django { + server 127.0.0.1:8000; +} + +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/test/bank/website; + index index.php; + + # Make site accessible from http://localhost/ + server_name bank.test.taler.net; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location ~ ^/auth/static { + rewrite /auth/static/(.*) /static/$1 break; + uwsgi_pass django; + include /home/test/bank/TalerBank/uwsgi_params; + + } + + # Reach Django + location ~ ^/(auth|admin|static) { + uwsgi_pass django; + include /home/test/bank/TalerBank/uwsgi_params; + } + + rewrite ^/shop$ $scheme://shop.test.taler.net/ redirect; + rewrite ^/mint$ $scheme://mint.demo.taler.net/ redirect; + rewrite ^/mint/(.*)$ $scheme://mint.demo.taler.net/$1 redirect; +} diff --git a/etc/nginx-sites-enabled/bank-test-ssl b/etc/nginx-sites-enabled/bank-test-ssl @@ -0,0 +1,28 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/test/bank/website; + index index.php; + + # Make site accessible from http://localhost/ + server_name bank.test.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + rewrite ^/shop $scheme://shop.test.taler.net/ redirect; + rewrite ^/mint $scheme://mint.demo.taler.net/ redirect; +} diff --git a/etc/nginx-sites-enabled/blog-demo b/etc/nginx-sites-enabled/blog-demo @@ -0,0 +1,43 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name blog.demo.taler.net; + + root /home/demo/merchant/examples/blog; + index index.html; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + + } + + location /fullfillment { + rewrite /(.*) /$1.php; + + } + + location /articles { + + internal; + } + + location ~ \.php$ { + + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:9966; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx-sites-enabled/blog-demo-ssl b/etc/nginx-sites-enabled/blog-demo-ssl @@ -0,0 +1,50 @@ +server { + #listen 80; + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name blog.demo.taler.net; + + root /home/demo/merchant/examples/blog/; + index index.html; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + } + + location /fullfillment { + rewrite /(.*) /$1.php; + } + + location /articles { + + internal; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:19966; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx-sites-enabled/blog-test b/etc/nginx-sites-enabled/blog-test @@ -0,0 +1,43 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name blog.test.taler.net; + + root /home/test/merchant/examples/blog; + index index.html; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + + } + + location /fullfillment { + rewrite /(.*) /$1.php; + + } + + location /articles { + + internal; + } + + location ~ \.php$ { + + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:19966; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx-sites-enabled/blog-test-ssl b/etc/nginx-sites-enabled/blog-test-ssl @@ -0,0 +1,49 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name blog.test.taler.net; + + root /home/test/merchant/examples/blog/; + index index.html; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + } + + location /fullfillment { + rewrite /(.*) /$1.php; + } + + location /articles { + + internal; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:19966; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx-sites-enabled/buildbot b/etc/nginx-sites-enabled/buildbot @@ -0,0 +1,16 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/buildbot/; + + # Make site accessible from http://localhost/ + server_name buildbot.taler.net; + server_name www.buildbot.taler.net; + + location / { + proxy_pass http://localhost:1802; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx-sites-enabled/buildbot-ssl b/etc/nginx-sites-enabled/buildbot-ssl @@ -0,0 +1,25 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/buildbot/; + + # Make site accessible from http://localhost/ + server_name buildbot.taler.net; + server_name www.buildbot.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + proxy_pass http://localhost:1802; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx-sites-enabled/decentralise b/etc/nginx-sites-enabled/decentralise @@ -0,0 +1,12 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/decentralise; + + # Make site accessible from http://localhost/ + server_name www.decentralise.rennes.inria.fr; + server_name decentralise.rennes.inria.fr; + + rewrite / http://www.inria.fr/en/teams/decentralise redirect; +} diff --git a/etc/nginx-sites-enabled/decentralise-ssl b/etc/nginx-sites-enabled/decentralise-ssl @@ -0,0 +1,21 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/decentralise; + + # Make site accessible from http://localhost/ + server_name www.decentralise.rennes.inria.fr; + server_name decentralise.rennes.inria.fr; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + rewrite / http://www.inria.fr/en/teams/decentralise redirect; +} diff --git a/etc/nginx-sites-enabled/demo b/etc/nginx-sites-enabled/demo @@ -0,0 +1,20 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/demo/landing/; + index index.html; + + # Make site accessible from http://localhost/ + server_name demo.taler.net; + server_name www.demo.taler.net; + + rewrite ^/bank $scheme://bank.demo.taler.net/ redirect; + rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } +} diff --git a/etc/nginx-sites-enabled/demo-ssl b/etc/nginx-sites-enabled/demo-ssl @@ -0,0 +1,34 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/test/landing/; + index index.html; + + # Make site accessible from http://localhost/ + server_name demo.taler.net; + server_name www.demo.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /extension { + root /home/demo/wallet/wallet_button/firefox_src/xpi/; + rewrite /extension /taler-wallet.xpi break; + } + + rewrite ^/bank $scheme://bank.demo.taler.net/ redirect; + rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; +} diff --git a/etc/nginx-sites-enabled/drupal-demo b/etc/nginx-sites-enabled/drupal-demo @@ -0,0 +1,40 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name drupal.demo.taler.net; + + root /home/demo/drupal-demo; + + # Make site accessible from http://localhost/ + +# location / { +# try_files $uri $uri/ =404; +# rewrite /taler/pay /pay.php; +# rewrite /taler/contract /generate_taler_contract.php; +# } + +# location /fullfillment { +# rewrite /(.*) /$1.php; +# } + + + location ~ \.php$ { + fastcgi_index index.php; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + +# location /backend { +# rewrite /backend/(.*) /$1 break; +# proxy_pass http://127.0.0.1:19966; +# proxy_redirect off; +# proxy_set_header Host $host; +# } + + client_max_body_size 10M; + client_body_buffer_size 128k; + + include apps/drupal/drupal.conf; +} diff --git a/etc/nginx-sites-enabled/drupal-demo-ssl b/etc/nginx-sites-enabled/drupal-demo-ssl @@ -0,0 +1,49 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name drupal.demo.taler.net; + + root /home/demo/drupal-demo; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + # Make site accessible from http://localhost/ + +# location / { +# try_files $uri $uri/ =404; +# rewrite /taler/pay /pay.php; +# rewrite /taler/contract /generate_taler_contract.php; +# } + +# location /fullfillment { +# rewrite /(.*) /$1.php; +# } + + location ~ \.php$ { + fastcgi_index index.php; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + +# location /backend { +# rewrite /backend/(.*) /$1 break; +# proxy_pass http://127.0.0.1:19966; +# proxy_redirect off; +# proxy_set_header Host $host; +# } + + client_max_body_size 10M; + client_body_buffer_size 128k; + + include apps/drupal/drupal.conf; +} diff --git a/etc/nginx-sites-enabled/exchange-demo b/etc/nginx-sites-enabled/exchange-demo @@ -0,0 +1,15 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name exchange.demo.taler.net; + + location / { + proxy_pass http://localhost:4241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx-sites-enabled/exchange-demo-ssl b/etc/nginx-sites-enabled/exchange-demo-ssl @@ -0,0 +1,25 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name exchange.demo.taler.net; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + proxy_pass http://localhost:4241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx-sites-enabled/exchange-test b/etc/nginx-sites-enabled/exchange-test @@ -0,0 +1,15 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name exchange.test.taler.net; + + location / { + proxy_pass http://localhost:14241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx-sites-enabled/exchange-test-ssl b/etc/nginx-sites-enabled/exchange-test-ssl @@ -0,0 +1,24 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name exchange.test.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + proxy_pass http://localhost:14241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx-sites-enabled/gauger b/etc/nginx-sites-enabled/gauger @@ -0,0 +1,16 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/gauger/; + + # Make site accessible from http://localhost/ + server_name gauger.taler.net; + server_name www.gauger.taler.net; + + location / { + proxy_pass http://localhost:1801; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx-sites-enabled/gauger-ssl b/etc/nginx-sites-enabled/gauger-ssl @@ -0,0 +1,25 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/gauger/; + + # Make site accessible from http://localhost/ + server_name gauger.taler.net; + server_name www.gauger.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + proxy_pass http://localhost:1801; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx-sites-enabled/git b/etc/nginx-sites-enabled/git @@ -0,0 +1,12 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/git; + # Make site accessible from http://localhost/ + server_name git.taler.net; + + location / { + autoindex off; + } +} diff --git a/etc/nginx-sites-enabled/git-ssl b/etc/nginx-sites-enabled/git-ssl @@ -0,0 +1,21 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/git; + # Make site accessible from http://localhost/ + server_name git.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + autoindex off; + } +} diff --git a/etc/nginx-sites-enabled/lcov b/etc/nginx-sites-enabled/lcov @@ -0,0 +1,16 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/lcov.taler.net/; + + # Make site accessible from http://localhost/ + server_name lcov.taler.net; + server_name www.lcov.taler.net; + + location / { + autoindex off; + ssi off; +# ssi_last_modified on; + } +} diff --git a/etc/nginx-sites-enabled/lcov-ssl b/etc/nginx-sites-enabled/lcov-ssl @@ -0,0 +1,25 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/lcov.taler.net/; + + # Make site accessible from http://localhost/ + server_name lcov.taler.net; + server_name www.lcov.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + autoindex off; + ssi off; +# ssi_last_modified on; + } +} diff --git a/etc/nginx-sites-enabled/mint-demo b/etc/nginx-sites-enabled/mint-demo @@ -0,0 +1,15 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name mint.demo.taler.net; + + location / { + proxy_pass http://localhost:4241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx-sites-enabled/mint-demo-ssl b/etc/nginx-sites-enabled/mint-demo-ssl @@ -0,0 +1,24 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name mint.demo.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + proxy_pass http://localhost:4241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx-sites-enabled/mint-test b/etc/nginx-sites-enabled/mint-test @@ -0,0 +1,15 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name mint.test.taler.net; + + location / { + proxy_pass http://localhost:14241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx-sites-enabled/mint-test-ssl b/etc/nginx-sites-enabled/mint-test-ssl @@ -0,0 +1,24 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /dev/null; + + server_name mint.test.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + proxy_pass http://localhost:14241; + proxy_redirect off; + proxy_set_header Host $host; + } + +} diff --git a/etc/nginx-sites-enabled/shop-demo b/etc/nginx-sites-enabled/shop-demo @@ -0,0 +1,47 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name shop.demo.taler.net; + + root /home/demo/merchant/examples/shop; + index index.php; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + + } + + location /fullfillment { + rewrite /(.*) /$1.php; + + } + + location /test/contract { + rewrite (.*) /generate_taler_contract.php?cli_debug=yes; + } + + location /test/contract/frontend { + rewrite (.*) /generate_taler_contract.php?backend_test=no; + } + + location ~ \.php$ { + + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:9966; + proxy_redirect off; + proxy_set_header Host $host; + } + + rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; +} diff --git a/etc/nginx-sites-enabled/shop-demo-ssl b/etc/nginx-sites-enabled/shop-demo-ssl @@ -0,0 +1,54 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name shop.demo.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + root /home/demo/merchant/examples/shop/; + index index.php; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + + } + + location /fullfillment { + rewrite /(.*) /$1.php; + } + + location /test/contract { + rewrite (.*) /generate_taler_contract.php?cli_debug=yes; + } + + location /test/contract/frontend { + rewrite (.*) /generate_taler_contract.php?backend_test=no; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:9966; + proxy_redirect off; + proxy_set_header Host $host; + } + + rewrite ^/shop $scheme://shop.demo.taler.net/ redirect; +} diff --git a/etc/nginx-sites-enabled/shop-test b/etc/nginx-sites-enabled/shop-test @@ -0,0 +1,48 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name shop.test.taler.net; + + root /home/test/merchant/examples/shop; + index index.php; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + + } + + location /fullfillment { + rewrite /(.*) /$1.php; + + } + + location /test/contract { + rewrite (.*) /generate_taler_contract.php?cli_debug=yes; + } + + location /test/contract/frontend { + rewrite (.*) /generate_taler_contract.php?backend_test=no; + } + + location ~ \.php$ { + + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:19966; + proxy_redirect off; + proxy_set_header Host $host; + } + + rewrite ^/shop $scheme://shop.test.taler.net/ redirect; +} diff --git a/etc/nginx-sites-enabled/shop-test-ssl b/etc/nginx-sites-enabled/shop-test-ssl @@ -0,0 +1,54 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + server_name shop.test.taler.net; + + root /home/test/merchant/examples/shop/; + index index.php; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + # Make site accessible from http://localhost/ + + location / { + try_files $uri $uri/ =404; + rewrite /taler/pay /pay.php; + rewrite /taler/contract /generate_taler_contract.php; + } + + location /fullfillment { + rewrite /(.*) /$1.php; + } + + location /test/contract { + rewrite (.*) /generate_taler_contract.php?cli_debug=yes; + } + + location /test/contract/frontend { + rewrite (.*) /generate_taler_contract.php?backend_test=no; + } + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /backend { + rewrite /backend/(.*) /$1 break; + proxy_pass http://127.0.0.1:19966; + proxy_redirect off; + proxy_set_header Host $host; + } + + rewrite ^/shop $scheme://shop.test.taler.net/ redirect; +} diff --git a/etc/nginx-sites-enabled/test b/etc/nginx-sites-enabled/test @@ -0,0 +1,26 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/test/landing/; + index index.html; + + # Make site accessible from http://localhost/ + server_name test.taler.net; + server_name www.test.taler.net; + + rewrite ^/bank $scheme://bank.test.taler.net/ redirect; + rewrite ^/shop $scheme://shop.test.taler.net/ redirect; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /extension { + root /home/test/wallet/wallet_button/firefox_src/xpi/; + rewrite /extension /taler-wallet.xpi break; + } + +} diff --git a/etc/nginx-sites-enabled/test-ssl b/etc/nginx-sites-enabled/test-ssl @@ -0,0 +1,33 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /home/test/landing/; + index index.html; + + # Make site accessible from http://localhost/ + server_name test.taler.net; + server_name www.test.taler.net; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location ~ \.php$ { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location /extension { + root /home/test/wallet/wallet_button/firefox_src/xpi/; + rewrite /extension /taler-wallet.xpi break; + } + +} diff --git a/etc/nginx-sites-enabled/trollslayer b/etc/nginx-sites-enabled/trollslayer @@ -0,0 +1,15 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/trollslayer/; + + # Make site accessible from http://localhost/ + server_name trollslayer.decentralise.rennes.inria.fr; + + location / { + proxy_pass http://gnunet.org:20070/shell/; + proxy_redirect off; + proxy_set_header Host $host; + } +} diff --git a/etc/nginx-sites-enabled/www b/etc/nginx-sites-enabled/www @@ -0,0 +1,25 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + root /var/www/taler.net; + + # Make site accessible from http://localhost/ + server_name taler.net; + server_name www.taler.net; + + rewrite ^ https://$server_name$request_uri? permanent; + +# location / { +# autoindex off; +# ssi on; +## ssi_last_modified on; +# rewrite /citizens /citizens.html break; +# rewrite /developers /developers.html break; +# rewrite /merchants /merchants.html break; +# rewrite /governments /governments.html break; +# rewrite /investors /investors.html break; +# rewrite /about /about.html break; +# rewrite /news /news.html break; +# } +} diff --git a/etc/nginx-sites-enabled/www-ssl b/etc/nginx-sites-enabled/www-ssl @@ -0,0 +1,36 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + + # Make site accessible from http://localhost/ + server_name taler.net; + server_name www.taler.net; + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location / { + root /var/www/taler.net; + autoindex off; + ssi on; +# ssi_last_modified on; + rewrite /citizens /citizens.html break; + rewrite /developers /developers.html break; + rewrite /merchants /merchants.html break; + rewrite /governments /governments.html break; + rewrite /investors /investors.html break; + rewrite /about /about.html break; + rewrite /news /news.html break; + } +# Note: this will go to /var/www/videos, which we took out of Git + location /videos/ { + root /var/www; + } +} diff --git a/etc/nginx-sites-enabled/www.git b/etc/nginx-sites-enabled/www.git @@ -0,0 +1,23 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + # Make site accessible from http://localhost/ + server_name www.git.taler.net; + + + location /index.cgi { + root /usr/share/gitweb/; + + include fastcgi_params; + gzip off; + fastcgi_param SCRIPT_NAME $uri; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + location / { + root /usr/share/gitweb/; + index index.cgi; + } +} diff --git a/etc/nginx-sites-enabled/www.git-ssl b/etc/nginx-sites-enabled/www.git-ssl @@ -0,0 +1,32 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 + + # Make site accessible from http://localhost/ + server_name www.git.taler.net; + + ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.1 TLSv1; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + + location /index.cgi { + root /usr/share/gitweb/; + + include fastcgi_params; + gzip off; + fastcgi_param SCRIPT_NAME $uri; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + location / { + root /usr/share/gitweb/; + index index.cgi; + } +}