diff --git a/fachschaften.at/crawler.conf b/fachschaften.at/crawler.conf
index a3a140b..365b906 100644
--- a/fachschaften.at/crawler.conf
+++ b/fachschaften.at/crawler.conf
@@ -1,30 +1,26 @@
# -*-nginx-*-
-server{
+server {
listen 80;
server_name www.crawler.fachschaften.at crawler.fachschaften.at;
- root /srv/pxy/fachschaften;
- # Location .well known is required for certificate renewal
location /.well-known {
- allow all;
+ root /srv/pxy/fachschaften;
+ allow all;
}
- # Force SSL
location / {
return 301 https://$host$request_uri;
}
}
server {
- listen 443 ssl;
+ listen 443 ssl http2;
server_name www.crawler.fachschaften.at crawler.fachschaften.at;
ssl_certificate /etc/letsencrypt/live/www.fachschaften.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.fachschaften.at/privkey.pem;
- root /srv/pxy/fachschaften;
-
- location /.well-known {
- allow all;
- }
+ ssl_trusted_certificate /etc/letsencrypt/live/www.fachschaften.at/chain.pem;
+
+ include snippets/ssl.conf;
location /sections {
auth_basic " under construction ";
@@ -32,7 +28,6 @@ server {
try_files $uri @crawler;
}
-
location /articles {
satisfy any;
auth_basic " under construction ";
@@ -44,7 +39,6 @@ server {
location /downloads {
try_files $uri @crawler;
}
-
location @crawler {
proxy_pass http://fachschaften:8080;
proxy_set_header Host $host;
@@ -52,9 +46,7 @@ server {
}
}
-
-
- # error_page 503 404 410 /404.html;
+# error_page 503 404 410 /404.html;
# access_log /var/log/crawler/nginxaccess.log;
- # error_log /var/log/crawler/nginxerror.log;
+# error_log /var/log/crawler/nginxerror.log;
diff --git a/fachschaften.at/default.conf b/fachschaften.at/default.conf
index bd75d2c..da785d9 100644
--- a/fachschaften.at/default.conf
+++ b/fachschaften.at/default.conf
@@ -2,41 +2,35 @@
server {
listen 80;
server_name www.fachschaften.at fachschaften.at;
- root /srv/pxy/fachschaften;
- # Location .well known is required for certificate renewal
+
location /.well-known {
+ root /srv/pxy/fachschaften;
allow all;
}
- # Force SSL
location / {
return 301 https://$host$request_uri;
}
}
server {
- listen 443 ssl;
+ listen 443 ssl http2;
server_name www.fachschaften.at fachschaften.at;
-# include letsencrypt.conf;
ssl_certificate /etc/letsencrypt/live/www.fachschaften.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.fachschaften.at/privkey.pem;
- root /srv/pxy/fachschaften;
+ ssl_trusted_certificate /etc/letsencrypt/live/www.fachschaften.at/chain.pem;
- location /.well-known {
- allow all;
- }
+ include snippets/ssl.conf;
location / {
try_files $uri @pxy;
}
-
- location = / {
+ location = / {
return 301 https://$host/articles;
}
-
location @pxy {
- proxy_pass http://fachschaften.local:3000;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- }
+ proxy_pass http://fachschaften.local:3000;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ }
}
diff --git a/fet.at/alt.conf b/fet.at/alt.conf
index 366d514..d1a5f46 100644
--- a/fet.at/alt.conf
+++ b/fet.at/alt.conf
@@ -1,26 +1,26 @@
# -*-nginx-*-
-server {
- listen 80;
- server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at www.alt.fet.at 128.131.95.212;
+server {
+ listen 80;
+ server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at www.alt.fet.at 128.131.95.212;
+
location /.well-known {
+ root /srv/pxy/alt/;
allow all;
- root /srv/pxy/alt/;
}
location / {
return 301 https://www.alt.fet.at$request_uri;
}
-
}
server {
listen 443 ssl http2;
- server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at;
-ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem;
+ server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at;
+
+ ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.alt.fet.at/privkey.pem;
- location /.well-known {
- allow all;
- root /srv/pxy/alt/;
- }
+ ssl_trusted_certificate /etc/letsencrypt/live/www.alt.fet.at/chain.pem;
+
+ include snippets/ssl.conf;
location / {
return 302 https://www.alt.fet.at$request_uri;
@@ -29,45 +29,39 @@ ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem;
server {
listen 443 ssl http2;
-# server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at;
server_name www.alt.fet.at;
+
ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.alt.fet.at/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/www.alt.fet.at/chain.pem;
- location /.well-known {
- allow all;
- root /srv/pxy/alt/;
- }
+ include snippets/ssl.conf;
location = / {
return 301 https://$host/twiki/bin/view/Homepage;
}
location = /twiki/ {
- return 301 https://$host/twiki/bin/view/Homepage;
+ return 301 https://$host/twiki/bin/view/Homepage;
}
location = /alt/ {
- return 301 https://$host/twiki/bin/view/Homepage;
+ return 301 https://$host/twiki/bin/view/Homepage;
}
location = /twiki/bin/ {
- return 301 https://$host/twiki/bin/view/Homepage;
+ return 301 https://$host/twiki/bin/view/Homepage;
}
location = /alt/bin/ {
- return 301 https://$host/twiki/bin/view/Homepage;
+ return 301 https://$host/twiki/bin/view/Homepage;
}
-
location /alt {
rewrite ^/alt(.*) /twiki$1 last;
}
-
location / {
-#
proxy_set_header Host glonass.htu.tuwien.ac.at;
proxy_set_header X-Real-IP $remote_addr;
- proxy_pass http://twikialt.local;
- sub_filter /alt/bin /twiki/bin;
- sub_filter glonass.htu.tuwien.ac.at www.alt.fet.at;
+ proxy_pass http://twikialt.local;
+ sub_filter /alt/bin /twiki/bin;
+ sub_filter glonass.htu.tuwien.ac.at www.alt.fet.at;
sub_filter http https;
- sub_filter_once off;
-
+ sub_filter_once off;
}
}
diff --git a/fet.at/cloud.conf b/fet.at/cloud.conf
index 582c425..f728487 100644
--- a/fet.at/cloud.conf
+++ b/fet.at/cloud.conf
@@ -3,37 +3,34 @@ server {
listen 80;
server_name www.cloud.fet.at cloud.fet.at;
- root /srv/pxy/cloud2;
location /.well-known {
- allow all;
+ root /srv/pxy/cloud2;
+ allow all;
}
location / {
return 301 https://$host$request_uri;
}
}
+
server {
-
- listen 443 ssl;
+ listen 443 ssl http2;
server_name www.cloud.fet.at cloud.fet.at;
- client_max_body_size 4000M;
- sendfile on;
- send_timeout 600s;
- client_body_in_file_only clean;
-# include letsencrypt.conf;
ssl_certificate /etc/letsencrypt/live/www.cloud.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.cloud.fet.at/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/www.cloud.fet.at/chain.pem;
+ include snippets/ssl.conf;
+# include snippets/ldap.conf;
+
+ client_max_body_size 4000M;
+ sendfile on;
+ send_timeout 600s;
+ client_body_in_file_only clean;
- # auth_basic " under construction ";
- # auth_basic_user_file /srv/fachschaften_htpasswd;
- root /srv/pxy/cloud2;
index index.php;
- location /.well-known {
- allow all;
- }
location / {
- try_files $uri @pxy;
+ try_files $uri @pxy;
}
location @pxy {
proxy_pass http://192.168.95.22;
@@ -41,7 +38,6 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_buffering off;
proxy_request_buffering off;
- client_body_buffer_size 32K;
+ client_body_buffer_size 32K;
}
-
}
diff --git a/fet.at/default.conf b/fet.at/default.conf
index 9e95638..8b542ec 100644
--- a/fet.at/default.conf
+++ b/fet.at/default.conf
@@ -1,27 +1,42 @@
# -*-nginx-*-
server {
listen 80;
- listen 443 ssl;
- server_name fet.at 128.131.95.208;
- ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem;
- root /srv/pxy/fet.at;
+ server_name fet.at 128.131.95.208;
+
location /.well-known {
- allow all;
+ root /srv/pxy/fet.at;
+ allow all;
}
location / {
return 302 https://www.fet.at$request_uri;
}
}
-
-server {
- listen 80;
- server_name www.fet.at;
- root /srv/pxy/fet.at;
- location /.well-known {
- allow all;
- }
+server {
+ listen 443 ssl http2;
+ server_name fet.at;
+
+ ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/fet.at/chain.pem;
+
+ include snippets/ssl.conf;
+
+ location / {
+ return 302 https://www.fet.at$request_uri;
+ }
+}
+
+server {
+ listen 80;
+ server_name www.fet.at;
+
+ client_max_body_size 50M;
+
+ location /.well-known {
+ root /srv/pxy/fet.at;
+ allow all;
+ }
location /etherpad {
proxy_pass http://192.168.95.11:3333;
proxy_set_header Host $host;
@@ -33,35 +48,24 @@ server {
}
server {
- listen 443 ssl;
+ listen 443 ssl http2;
server_name www.fet.at;
+
ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/www.fet.at/chain.pem;
-# ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem;
-# ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem;
+ include snippets/ssl.conf;
+# include snippets/ldap.conf;
+
+ client_max_body_size 50M;
- # auth_ldap "FET Login";
- # auth_ldap_servers fet;
- root /srv/pxy/fet.at;
-
-# root /srv/welcome;
location / {
proxy_pass http://192.168.95.11:3333;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
-
-# index index.html;
}
- location /.well-known {
- allow all;
- }
-
- location /alt {
+ location ~ ^/(alt|twiki) {
return 302 https://www.alt.fet.at$request_uri;
}
- location /twiki {
- return 302 https://www.alt.fet.at$request_uri;
- }
-
}
diff --git a/fet.at/etherpad.conf b/fet.at/etherpad.conf
index 4d14494..c289da8 100644
--- a/fet.at/etherpad.conf
+++ b/fet.at/etherpad.conf
@@ -1,46 +1,31 @@
# -*-nginx-*-
-
-server {
- listen 80;
+server {
+ listen 80;
server_name etherpad.fet.at www.etherpad.fet.at;
- root /srv/pxy/fet.at;
+
location /.well-known {
- allow all;
+ root /srv/pxy/fet.at;
+ allow all;
}
location / {
- proxy_pass http://192.168.95.11:9001;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
+ return 301 https://$host$request_uri;
}
-# location / {
-# return 301 https://$host$request_uri;
-# }
}
server {
- listen 443 ssl;
+ listen 443 ssl http2;
server_name etherpad.fet.at www.etherpad.fet.at;
- ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem;
-# ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem;
-# ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/etherpad.fet.at/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/etherpad.fet.at/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/etherpad.fet.at/chain.pem;
+
+ include snippets/ssl.conf;
- # auth_ldap "FET Login";
- # auth_ldap_servers fet;
- root /srv/pxy/fet.at;
-
-# root /srv/welcome;
location / {
proxy_pass http://192.168.95.11:9001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
-
-# index index.html;
}
- location /.well-known {
- allow all;
- }
-
}
diff --git a/fet.at/git.conf b/fet.at/git.conf
new file mode 100644
index 0000000..61d2d43
--- /dev/null
+++ b/fet.at/git.conf
@@ -0,0 +1,29 @@
+# -*-nginx-*-
+server {
+ listen 80;
+ server_name git.fet.at;
+
+ location /.well-known {
+ root /srv/pxy/git;
+ allow all;
+ }
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
+
+server {
+ listen 443 ssl http2;
+ server_name git.fet.at;
+
+ ssl_certificate /etc/letsencrypt/live/git.fet.at/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/git.fet.at/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/git.fet.at/chain.pem;
+
+ include snippets/ssl.conf;
+ include snippets/header.conf;
+
+ location / {
+ proxy_pass http://zyklon:3000;
+ }
+}
diff --git a/fet.at/mail.conf b/fet.at/mail.conf
index 450394a..fd7b3c1 100644
--- a/fet.at/mail.conf
+++ b/fet.at/mail.conf
@@ -1,11 +1,11 @@
# -*-nginx-*-
-
-server {
- listen 80;
+server {
+ listen 80;
server_name www.mail.fet.at mail.fet.at fet.htu.tuwien.ac.at;
- root /srv/pxy/mail.fet.at;
+
location /.well-known {
- allow all;
+ root /srv/pxy/mail.fet.at;
+ allow all;
}
location / {
return 301 https://$host$request_uri;
@@ -13,31 +13,23 @@ server {
}
server {
- listen 443 ssl;
+ listen 443 ssl http2;
server_name www.mail.fet.at mail.fet.at fet.htu.tuwien.ac.at;
-# server_name fet.at www.fet.at 128.131.95.208;
+
ssl_certificate /etc/letsencrypt/live/www.mail.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.mail.fet.at/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/www.mail.fet.at/chain.pem;
-# ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem;
-# ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem;
+ include snippets/ssl.conf;
+# include snippets/ldap.conf;
- # auth_ldap "FET Login";
- # auth_ldap_servers fet;
- root /srv/pxy/mail.fet.at;
-
-# root /srv/welcome;
location / {
proxy_bind $host:443;
proxy_pass http://192.168.95.11:80;
# proxy_redirect https://$host:8000/ https://$host:443/;
# proxy_redirect https://mail.fet.at:8000/ https://mail.fet.at:443/;
# proxy_redirect https://$host:8000/ https://$host:443/;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X_FORWARDED_SSL on;
- proxy_set_header HTTP_X_FORWARDED_SSL on;
- proxy_set_header X-Forwarded-For $remote_addr;
+ include snippets/proxy_header.conf;
# index index.html;
}
location /http {
@@ -47,10 +39,6 @@ server {
alias /srv/www/mail/static;
}
location = / {
- return 302 https://mail.fet.at/mail/;
+ return 302 https://mail.fet.at/http/;
}
- location /.well-known {
- allow all;
- }
-
}
diff --git a/meinetu.at.conf b/meinetu.at.conf
index 6dcbbf4..626e977 100644
--- a/meinetu.at.conf
+++ b/meinetu.at.conf
@@ -1,11 +1,11 @@
# -*-nginx-*-
-
-server {
- listen 80;
+server {
+ listen 80;
server_name meinetu.at www.meinetu.at;
- root /srv/welcome;
+
location /.well-known {
- allow all;
+ root /srv/welcome;
+ allow all;
}
location / {
return 301 https://$host$request_uri;
@@ -18,18 +18,14 @@ server {
ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem;
+
+ include snippets/ssl.conf;
+# include snippets/ldap.conf
- # auth_ldap "FET Login";
- # auth_ldap_servers fet;
root /srv/meinetu;
-
-# root /srv/welcome;
location / {
return 503;
index index.html;
}
- location /.well-known {
- allow all;
- }
-
}
diff --git a/triton.fet.at/git.conf b/triton.fet.at/git.conf
index 57129fb..e0829e9 100644
--- a/triton.fet.at/git.conf
+++ b/triton.fet.at/git.conf
@@ -2,21 +2,25 @@
server {
listen 80;
server_name www.git.triton.fet.at git.triton.fet.at;
+
+ location /.well-known {
+ root /srv/welcome;
+ allow all;
+ }
location /{
return 301 https://$host$request_uri;
}
- location /.well-known {
- root /srv/welcome;
- allow all;
- }
-
}
+
server {
- listen 443 ssl;
- # listen 80;
+ listen 443 ssl http2;
server_name www.git.triton.fet.at git.triton.fet.at;
+
ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem;
+
+ include snippets/ssl.conf;
# satisfy any;
# allow 192.168.95.0/24;
@@ -25,54 +29,66 @@ server {
#
# auth_ldap "FET Login";
# auth_ldap_servers fet;
+ access_log logs/git.triton.access.log;
- location /.well-known {
- root /srv/welcome;
- allow all;
- }
location = / {
- return 302 https://$host/http/;
- }
-
+ return 302 https://$host/git/;
+ }
location /http {
- auth_ldap "FET Login";
- auth_ldap_servers fet;
- root /srv/git/;
+ include snippets/ldap.conf;
+ root /mnt/git_repo/;
index index.html;
}
+ location /static {
+ alias /srv/gitweb/static;
+ allow all;
+ }
+ location /git/static {
+ alias /srv/gitweb/static;
+ allow all;
+ }
+ location /git {
+ include snippets/ldap.conf;
+
+ fastcgi_pass unix:/var/run/fcgiwrap.socket;
+ fastcgi_param SCRIPT_FILENAME /srv/gitweb/gitweb.cgi;
+# fastcgi_param GIT_HTTP_EXPORT_ALL "";
+ fastcgi_param GIT_PROJECT_ROOT /mnt/git_repo;
+ fastcgi_param PATH_INFO $uri;
+ fastcgi_param REMOTE_USER $remote_user;
+ include fastcgi_params;
+ }
location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
- satisfy any;
- allow 192.168.95.0/24;
- allow 127.0.0.1;
- deny all;
+ satisfy any;
+ allow 192.168.95.0/24;
+ allow 127.0.0.1;
+ deny all;
- auth_ldap "FET Login";
- auth_ldap_servers fet;
- root /srv/git/git/;
+ include snippets/ldap.conf;
+ root /mnt/git_repo/;
}
location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
# satisfy any;
# allow 192.168.95.0/24;
# allow 127.0.0.1;
# deny all;
- auth_ldap "FET Login";
- auth_ldap_servers fet;
+ include snippets/ldap.conf;
- root /srv/git/git/;
+ root /mnt/git_repo/git/;
# if ($remote_user = '') {
- # set $my_remote_user "nobody";
+ # set $remote_user "nobody";
# }
# if ($remote_user ~* '')
# { set $my_remote_user $remote_user;
# }
- client_max_body_size 0;
- fastcgi_pass unix:/var/run/fcgiwrap.socket;
- fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
- fastcgi_param GIT_HTTP_EXPORT_ALL "";
- fastcgi_param GIT_PROJECT_ROOT /srv/git;
- fastcgi_param PATH_INFO $uri;
- fastcgi_param REMOTE_USER $remote_user;
- include fastcgi_params;
-
+ client_max_body_size 0;
+ fastcgi_pass unix:/var/run/fcgiwrap.socket;
+ fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
+ fastcgi_param GIT_HTTP_EXPORT_ALL "";
+ fastcgi_param GIT_PROJECT_ROOT /mnt/git_repo;
+ fastcgi_param PATH_INFO $uri;
+ fastcgi_param REMOTE_USER $remote_user;
+ include fastcgi_params;
}
}
+
diff --git a/triton.fet.at/intern.conf b/triton.fet.at/intern.conf
index 1cbbc72..e3cb9e4 100644
--- a/triton.fet.at/intern.conf
+++ b/triton.fet.at/intern.conf
@@ -1,12 +1,11 @@
# -*-nginx-*-
-
-server {
- listen 80;
+server {
+ listen 80;
server_name intern.triton.fet.at www.intern.triton.fet.at;
location /.well-known {
- root /srv/welcome;
- allow all;
+ root /srv/welcome;
+ allow all;
}
location / {
return 301 https://$host$request_uri;
@@ -14,26 +13,32 @@ server {
}
server {
- listen 443 ssl;
- #listen 8081;
+ listen 443 ssl http2;
server_name intern.triton.fet.at www.intern.triton.fet.at;
+
ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
- satisfy any;
- auth_ldap "FET Login";
- auth_ldap_servers fet;
+ ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem;
+
+ include snippets/ssl.conf;
+ include snippets/ldap.conf;
auth_basic "Alternative Login";
auth_basic_user_file /srv/auth/.basic_user;
+ satisfy any;
+
location / {
include uwsgi_params;
uwsgi_pass unix:/srv/run/intern.sock;
}
+ location = /intern/ {
+ return 301 https://$host/intern/inde1x.html;
+ }
+ location /intern {
+ rewrite ^/intern(.*)$ $1 break;
+ include uwsgi_params;
+ uwsgi_pass unix:/srv/run/intern.sock;
+ }
location = / {
return 301 https://$host/index;
- }
- location /.well-known {
- root /srv/welcome;
- allow all;
}
-
}
diff --git a/triton.fet.at/onetufree.conf b/triton.fet.at/onetufree.conf
new file mode 100644
index 0000000..03d0c44
--- /dev/null
+++ b/triton.fet.at/onetufree.conf
@@ -0,0 +1,89 @@
+# -*-nginx-*-
+server {
+ listen 80;
+ server_name onetufree.at;
+
+ location /.well-known {
+ root /srv/pxy/onetufree;
+ allow all;
+ }
+ location / {
+ return 302 https://www.onetufree.at$request_uri;
+ }
+}
+
+server {
+ listen 443 ssl http2;
+ server_name onetufree.at;
+
+ ssl_certificate /etc/letsencrypt/live/www.onetufree.at/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/www.onetufree.at/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/www.onetufree.at/chain.pem;
+
+ include snippets/ssl.conf;
+
+ location / {
+ return 302 https://www.onetufree.at$request_uri;
+ }
+}
+
+server {
+ listen 80;
+ server_name www.onetufree.at;
+
+ location /.well-known {
+ root /srv/pxy/onetufree;
+ allow all;
+ }
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
+
+upstream triamp {
+ server triton-amp.local:8001;
+}
+
+server {
+ listen 443 ssl http2;
+ server_name www.onetufree.at;
+
+ ssl_certificate /etc/letsencrypt/live/www.onetufree.at/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/www.onetufree.at/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/www.onetufree.at/chain.pem;
+
+ include snippets/ssl.conf;
+
+# include snippets/ldap.conf;
+# auth_basic "Under construction";
+# auth_basic_user_file /srv/.passwd;
+
+ satisfy any;
+
+ location / {
+# rewrite ^/wp/(.*)$ /$1 break;
+# return 301 http://$host$request_uri;
+ proxy_pass http://triamp;
+ proxy_set_header Accept-Encoding "";
+ proxy_set_header Host www.onetufree.at;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X_FORWARDED_SSL on;
+ proxy_set_header HTTP_X_FORWARDED_SSL on;
+ proxy_redirect default;
+
+# more_set_headers 'Link: ; rel="https://api.w.org/", ; rel=shortlink'
+# more_set_headers 'Hello: World'
+# sub_filter http https;
+# sub_filter WordPress WP;
+
+ # force https Links
+ sub_filter http://wp.triton.fet.at https://www.onetufree.at;
+ sub_filter https://wp.triton.fet.at https://www.onetufree.at;
+ sub_filter http://www.onetufree.at https://www.onetufree.at;
+ sub_filter http: https:;
+
+# sub_filter_types text/html;
+# sub_filter_types application/javascript, text/javascript, text/html;# application/html text/* application/x-javascript text/xml;
+ sub_filter_once off;
+ }
+}
diff --git a/triton.fet.at/sql.triton.fet.at.conf b/triton.fet.at/sql.triton.fet.at.conf
index d39ac1d..bb367e8 100644
--- a/triton.fet.at/sql.triton.fet.at.conf
+++ b/triton.fet.at/sql.triton.fet.at.conf
@@ -5,32 +5,28 @@ upstream triampsql {
server {
listen 80;
- server_name sql.triton.fet.at www.sql.triton.fet.at;
- root /srv/pxy/wptriton;
+ server_name sql.triton.fet.at www.sql.triton.fet.at;
+
location /.well-known {
- allow all;
+ root /srv/pxy/wptriton;
+ allow all;
}
location / {
return 301 https://$host$request_uri;
}
}
-
-
server {
listen 443 ssl;
server_name sql.triton.fet.at www.sql.triton.fet.at;
- #ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
- #ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem;
- auth_ldap "FET Login";
- auth_ldap_servers fet;
+ include snippets/ssl.conf;
+ include snippets/ldap.conf;
- location /.well-known {
- allow all;
- }
-
location / {
proxy_pass http://triampsql;
proxy_set_header Accept-Encoding "";
@@ -43,7 +39,5 @@ server {
# sub_filter http://wp.triton.fet.at https://wp.triton.fet.at;
# sub_filter http: https:;
# sub_filter_once off;
-
}
-
}
diff --git a/triton.fet.at/testrby.conf b/triton.fet.at/testrby.conf
index b2034a0..c1cd7d0 100644
--- a/triton.fet.at/testrby.conf
+++ b/triton.fet.at/testrby.conf
@@ -3,15 +3,18 @@ server {
server_name testrby.triton.fet.at;
listen 80;
listen 443 ssl;
- ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/testrby.triton.fet.at/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/testrby.triton.fet.at/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/testrby.triton.fet.at/chain.pem;
+
+ include snippets/ssl.conf;
location /.well-known {
- root /srv/welcome;
- allow all;
+ root /srv/pxy/testrby;
+ allow all;
}
location / {
- return 302 https://www.testrby.trition.fet.at$request_uri;
+ return 302 https://www.testrby.triton.fet.at$request_uri;
}
}
@@ -19,8 +22,8 @@ server {
server_name www.testrby.triton.fet.at;
listen 80;
location /.well-known {
- allow all;
- root /srv/welcome;
+ root /srv/pxy/testrby;
+ allow all;
}
location / {
return 301 https://$host$request_uri;
@@ -30,17 +33,16 @@ server {
server {
server_name www.testrby.triton.fet.at;
listen 443 ssl;
- ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
- auth_ldap "FET Login";
- auth_ldap_servers fet;
- location /.well-known {
- root /srv/welcome;
- allow all;
- }
+ ssl_certificate /etc/letsencrypt/live/testrby.triton.fet.at/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/testrby.triton.fet.at/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/testrby.triton.fet.at/chain.pem;
+
+ include snippets/ssl.conf;
+ include snippets/ldap.conf;
+
location / {
- proxy_pass http://mogok.local:3000;
+ proxy_pass http://mogok.local:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
@@ -56,6 +58,5 @@ server {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
-
}
diff --git a/triton.fet.at/testrbyandi.conf b/triton.fet.at/testrbyandi.conf
new file mode 100644
index 0000000..50ca753
--- /dev/null
+++ b/triton.fet.at/testrbyandi.conf
@@ -0,0 +1,61 @@
+# -*-nginx-*-
+server {
+ server_name testrbyandi.triton.fet.at;
+ listen 80;
+ listen 443 ssl;
+ ssl_certificate /etc/letsencrypt/live/testrby.triton.fet.at/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/testrby.triton.fet.at/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/testrby.triton.fet.at/chain.pem;
+
+ include snippets/ssl.conf;
+
+ location /.well-known {
+ root /srv/pxy/testrby;
+ allow all;
+ }
+ location / {
+ return 302 https://www.testrbyandi.trition.fet.at$request_uri;
+ }
+}
+
+server {
+ server_name www.testrbyandi.triton.fet.at;
+ listen 80;
+
+ location /.well-known {
+ root /srv/pxy/testrby;
+ allow all;
+ }
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
+
+server {
+ server_name www.testrbyandi.triton.fet.at;
+ listen 443 ssl;
+ ssl_certificate /etc/letsencrypt/live/testrby.triton.fet.at/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/testrby.triton.fet.at/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/testrby.triton.fet.at/chain.pem;
+
+ include snippets/ssl.conf;
+ include snippets/ldap.conf;
+
+ location / {
+ proxy_pass http://mogok.local:3002;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ }
+ location /tc {
+ rewrite ^/tc/(.*)$ /$1 break;
+ proxy_pass http://triton-amp.local:8080;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ }
+ location /conf {
+ rewrite ^/conf/(.*)$ /$1 break;
+ proxy_pass http://mogok.local:8001;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ }
+}
diff --git a/triton.fet.at/welcome.conf b/triton.fet.at/welcome.conf
index de1b7db..0ada501 100644
--- a/triton.fet.at/welcome.conf
+++ b/triton.fet.at/welcome.conf
@@ -1,12 +1,13 @@
# -*-nginx-*-
# Beschreibung: Dies ist ein fallback falls kein sonstiger Server gewaehlt wurde. Im geschuetzten Bereich befinden sich Infos zur Konfiguration!
-server {
- listen 80;
- server_name triton.fet.at www.triton.fet.at triton.local;
- root /srv/welcome;
+server {
+ listen 80;
+ server_name triton.fet.at www.triton.fet.at triton.local;
+
location /.well-known {
- allow all;
+ root /srv/welcome;
+ allow all;
}
location / {
return 301 https://$host$request_uri;
@@ -14,18 +15,17 @@ server {
}
server {
- listen 443 ssl;
- server_name triton.fet.at www.triton.fet.at triton.local;
+ listen 443 ssl http2;
+ server_name triton.fet.at www.triton.fet.at triton.local;
+
ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem;
- auth_ldap "FET Login - TT";
- auth_ldap_servers fet;
+ include snippets/ssl.conf;
+ include snippets/ldap.conf;
- root /srv/welcome;
- location /.well-known {
- allow all;
- }
+ root /srv/welcome/build;
location / {
ssi on;
index index.html;
@@ -34,7 +34,6 @@ server {
rewrite ^/conf/(.*)$ /$1 break;
proxy_pass http://localhost:8080;
}
-
location /doc {
return 301 https://intern.triton.fet.at$request_uri;
# include uwsgi_params;
@@ -43,6 +42,4 @@ server {
# rewrite ^/doc/(.*)$ /$1 break;
# proxy_pass http://localhost:8081;
}
-
-
}
diff --git a/triton.fet.at/wp.conf b/triton.fet.at/wp.conf
index 26070cf..b846e98 100644
--- a/triton.fet.at/wp.conf
+++ b/triton.fet.at/wp.conf
@@ -1,89 +1,28 @@
# -*-nginx-*-
server {
listen 80;
- server_name www.onetufree.at;
-# root /srv/pxy/wptriton;
+ server_name wp.triton.fet.at;
-
location /.well-known {
- root /srv/pxy/onetufree;
- allow all;
+ root /srv/welcome;
+ allow all;
}
location / {
- return 301 https://$host$request_uri;
+ return 302 https://www.onetufree.at$request_uri;
}
}
server {
- listen 80;
- listen 443 ssl;
- server_name onetufree.at wp.triton.fet.at www.wp.triton.fet.at;
-# root /srv/pxy/wptriton;
+ listen 443 ssl http2;
+ server_name wp.triton.fet.at;
+
+ ssl_certificate /etc/letsencrypt/live/wp.triton.fet.at/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/wp.triton.fet.at/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/wp.triton.fet.at/chain.pem;
+
+ include snippets/ssl.conf;
-
- location /.well-known {
- root /srv/pxy/onetufree;
- allow all;
- }
location / {
- return 301 https://www.onetufree.at$request_uri;
+ return 302 https://www.onetufree.at$request_uri;
}
}
-
-
-
-
-upstream triamp {
- server triton-amp.local:8001;
-}
-
-
-server {
- listen 443 ssl;
- server_name www.onetufree.at;# onetufree.at wp.triton.fet.at www.wp.triton.fet.at;
-
- ssl_certificate /etc/letsencrypt/live/www.onetufree.at/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/www.onetufree.at/privkey.pem;
- satisfy any;
- auth_ldap "Under construction";
- auth_ldap_servers fet;
-
- auth_basic "Under construction";
- auth_basic_user_file /srv/.passwd;
-
- location /.well-known {
- root /srv/pxy/onetufree;
- allow all;
- }
-
- location / {
- # rewrite ^/wp/(.*)$ /$1 break;
-# return 301 http://$host$request_uri;
- proxy_pass http://triamp;
- proxy_set_header Accept-Encoding "";
- proxy_set_header Host www.onetufree.at;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X_FORWARDED_SSL on;
- proxy_set_header HTTP_X_FORWARDED_SSL on;
- proxy_redirect default;
-
- # more_set_headers 'Link: ; rel="https://api.w.org/", ; rel=shortlink'
-# more_set_headers 'Hello: World'
-# sub_filter http https;
-# sub_filter WordPress WP;
-
- # force https Links
- sub_filter http://wp.triton.fet.at https://www.onetufree.at;
- sub_filter https://wp.triton.fet.at https://www.onetufree.at;
- sub_filter http://www.onetufree.at https://www.onetufree.at;
- sub_filter http: https:;
-
-
- # sub_filter_types text/html;
-# sub_filter_types application/javascript, text/javascript, text/html;# application/html text/* application/x-javascript text/xml;
- sub_filter_once off;
-
- }
-
-}
-
diff --git a/triton.fet.at/wp2.conf b/triton.fet.at/wp2.conf
index 6b392dc..ba7f15f 100644
--- a/triton.fet.at/wp2.conf
+++ b/triton.fet.at/wp2.conf
@@ -1,11 +1,11 @@
# -*-nginx-*-
server {
listen 80;
- server_name wp2.triton.fet.at www.wp2.triton.fet.at;
-
+ server_name wp2.triton.fet.at www.wp2.triton.fet.at;
+
location /.well-known {
- root /srv/welcome;
- allow all;
+ root /srv/welcome;
+ allow all;
}
location / {
return 301 https://$host$request_uri;
@@ -16,27 +16,24 @@ upstream triamp2 {
server triton-amp.local:8003;
}
-
server {
- listen 443 ssl;
+ listen 443 ssl http2;
server_name wp2.triton.fet.at www.wp2.triton.fet.at;
ssl_certificate /etc/letsencrypt/live/wp.triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wp.triton.fet.at/privkey.pem;
- satisfy any;
- auth_ldap "Under construction";
- auth_ldap_servers fet;
+ ssl_trusted_certificate /etc/letsencrypt/live/wp.triton.fet.at/chain.pem;
- auth_basic "Under construction";
- auth_basic_user_file /srv/.passwd;
-
- location /.well-known {
- root /srv/welcome;
- allow all;
- }
+ include snippets/ssl.conf;
+
+ satisfy any;
location / {
- # rewrite ^/wp/(.*)$ /$1 break;
+ include snippets/ldap.conf;
+ auth_basic "Under construction";
+ auth_basic_user_file /srv/.passwd;
+
+# rewrite ^/wp/(.*)$ /$1 break;
# return 301 http://$host$request_uri;
proxy_pass http://triamp2;
proxy_set_header Accept-Encoding "";
@@ -47,7 +44,7 @@ server {
proxy_set_header HTTP_X_FORWARDED_SSL on;
proxy_redirect default;
- # more_set_headers 'Link: ; rel="https://api.w.org/", ; rel=shortlink'
+# more_set_headers 'Link: ; rel="https://api.w.org/", ; rel=shortlink'
# more_set_headers 'Hello: World'
# sub_filter http https;
# sub_filter WordPress WP;
@@ -56,12 +53,8 @@ server {
sub_filter http://wp2.triton.fet.at https://wp2.triton.fet.at;
# sub_filter http: https:;
-
- # sub_filter_types text/html;
+# sub_filter_types text/html;
# sub_filter_types application/javascript, text/javascript, text/html;# application/html text/* application/x-javascript text/xml;
sub_filter_once off;
-
}
-
}
-