commit c6cee9b50a7ca256474e9b46aab360841ca95f41
parent 0c2c8a5786eef10ff2225ff9dadb34e24e3cd808
Author: Florian Dold <florian.dold@gmail.com>
Date: Tue, 26 Apr 2016 03:52:24 +0200
Simplify configuration.
Diffstat:
10 files changed, 89 insertions(+), 177 deletions(-)
diff --git a/etc/nginx/sites-enabled/bank-test-ssl.site b/etc/nginx/sites-enabled/bank-test-ssl.site
@@ -1,18 +0,0 @@
-upstream talerbank-test {
- server 127.0.0.1:8000;
-}
-
-server {
- listen 443 ssl;
-
- server_name bank.test.taler.net;
- ssi on;
-
- location / {
- uwsgi_pass talerbank-test;
- include /etc/nginx/uwsgi_params;
- }
-
- include conf.d/test.redirects;
- include conf.d/talerssl;
-}
diff --git a/etc/nginx/sites-enabled/bank-test.site b/etc/nginx/sites-enabled/bank-test.site
@@ -1,5 +0,0 @@
-server {
- listen 80;
- server_name bank.test.taler.net;
- rewrite ^ https://$server_name$request_uri? permanent;
-}
diff --git a/etc/nginx/sites-enabled/blog-test-ssl.site b/etc/nginx/sites-enabled/blog-test-ssl.site
@@ -1,22 +0,0 @@
-server {
- listen 443 ssl;
-
- server_name blog.test.taler.net;
- ssi on;
-
- location / {
- uwsgi_pass unix:/home/test/sockets/blog.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
-
-
- location /backend {
- rewrite /backend/(.*) /$1 break;
- proxy_pass http://unix:/home/test/sockets/merchant.http:/;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-
- include conf.d/test.redirects;
- include conf.d/talerssl;
-}
diff --git a/etc/nginx/sites-enabled/exchange-test-ssl.site b/etc/nginx/sites-enabled/exchange-test-ssl.site
@@ -1,24 +0,0 @@
-server {
- listen 443 ssl; ## listen for ipv4; this line is default and implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /dev/null;
-
- server_name exchange.test.taler.net;
- ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
- ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:10m;
- ssl_dhparam /etc/ssl/certs/dhparam.pem;
- ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
- ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
-
- add_header Strict-Transport-Security "max-age=63072000; preload";
-
- location / {
- proxy_pass http://unix:/home/test/sockets/exchange.http:/;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-
-}
diff --git a/etc/nginx/sites-enabled/mint-test-ssl.site b/etc/nginx/sites-enabled/mint-test-ssl.site
@@ -1,24 +0,0 @@
-server {
- listen 443 ssl; ## listen for ipv4; this line is default and implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /dev/null;
-
- server_name mint.test.taler.net;
- ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
- ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:10m;
- ssl_dhparam /etc/ssl/certs/dhparam.pem;
- ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
- ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
-
- add_header Strict-Transport-Security "max-age=63072000; preload";
-
- location / {
- proxy_pass http://localhost:14241;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-
-}
diff --git a/etc/nginx/sites-enabled/mint-test.site b/etc/nginx/sites-enabled/mint-test.site
@@ -1,15 +0,0 @@
-server {
- listen 80; ## listen for ipv4; this line is default and implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /dev/null;
-
- server_name mint.test.taler.net;
-
- location / {
- proxy_pass http://localhost:14241;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-
-}
diff --git a/etc/nginx/sites-enabled/shop-test-ssl.site b/etc/nginx/sites-enabled/shop-test-ssl.site
@@ -1,26 +0,0 @@
-upstream talershop-test {
- server 127.0.0.1:8003;
-}
-
-server {
- listen 443 ssl;
-
- server_name shop.test.taler.net;
- ssi on;
-
- location / {
- uwsgi_pass unix:/home/test/sockets/donations.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
-
-
- location /backend {
- rewrite /backend/(.*) /$1 break;
- proxy_pass http://unix:/home/test/sockets/merchant.http:/;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-
- include conf.d/test.redirects;
- include conf.d/talerssl;
-}
diff --git a/etc/nginx/sites-enabled/shop-test.site b/etc/nginx/sites-enabled/shop-test.site
@@ -1,5 +0,0 @@
-server {
- listen 80;
- server_name shop.test.taler.net;
- rewrite ^ https://$server_name$request_uri? permanent;
-}
diff --git a/etc/nginx/sites-enabled/test-ssl.site b/etc/nginx/sites-enabled/test-ssl.site
@@ -1,34 +0,0 @@
-server {
- listen 443 ssl; ## listen for ipv4; this line is default and implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- ssi on;
- root /home/test/landing/;
- index index.html;
-
- # Make site accessible from http://localhost/
- server_name test.taler.net;
- server_name www.test.taler.net;
- ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
- ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:10m;
- ssl_dhparam /etc/ssl/certs/dhparam.pem;
- ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
- ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
-
- add_header Strict-Transport-Security "max-age=63072000; preload";
-
- location ~ \.php$ {
- fastcgi_pass unix:/var/run/php5-fpm.sock;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- include fastcgi_params;
- }
-
- location /extension {
- root /home/test/wallet/wallet_button/firefox_src/xpi/;
- rewrite /extension /taler-wallet.xpi break;
- }
-
- include conf.d/test.redirects;
-}
diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site
@@ -1,6 +1,91 @@
server {
- listen 80;
- server_name test.taler.net;
- server_name www.test.taler.net;
- rewrite ^ https://$server_name$request_uri? permanent;
+ listen 80;
+ server_name *.taler.net;
+ rewrite ^ https://$server_name$request_uri? permanent;
+}
+
+
+server {
+ listen 443 ssl;
+ server_name test.taler.net www.test.taler.net;
+ root /home/test/landing/;
+ include conf.d/test.redirects;
+ include conf.d/talerssl;
+ ssi on;
+ index index.html;
+}
+
+
+server {
+ listen 443 ssl;
+ server_name exchange.test.taler.net;
+ root /dev/null;
+ include conf.d/talerssl;
+
+ location / {
+ proxy_pass http://unix:/home/test/sockets/exchange.http:/;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ }
+}
+
+
+server {
+ listen 443 ssl;
+ server_name blog.test.taler.net;
+ root /dev/null;
+ include conf.d/test.redirects;
+ include conf.d/talerssl;
+ ssi on;
+
+ location / {
+ uwsgi_pass unix:/home/test/sockets/blog.uwsgi;
+ include /etc/nginx/uwsgi_params;
+ }
+
+ location /backend {
+ rewrite /backend/(.*) /$1 break;
+ proxy_pass http://unix:/home/test/sockets/merchant.http:/;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ }
+}
+
+
+server {
+ listen 443 ssl;
+ server_name shop.test.taler.net;
+ ssi on;
+ include conf.d/test.redirects;
+ include conf.d/talerssl;
+
+ location / {
+ uwsgi_pass unix:/home/test/sockets/donations.uwsgi;
+ include /etc/nginx/uwsgi_params;
+ }
+
+
+ location /backend {
+ rewrite /backend/(.*) /$1 break;
+ proxy_pass http://unix:/home/test/sockets/merchant.http:/;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ }
+}
+
+
+server {
+ listen 443 ssl;
+ server_name bank.test.taler.net;
+ ssi on;
+ include conf.d/test.redirects;
+ include conf.d/talerssl;
+
+ location / {
+ uwsgi_pass talerbank-test;
+ include /etc/nginx/uwsgi_params;
+ }
+
+ include conf.d/test.redirects;
+ include conf.d/talerssl;
}
