bofh/nginx_sites
9
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Unify configs, enhance SSL security

Browse Source
This commit is contained in:
root
2018-03-25 20:23:08 +02:00
parent 83354160ea
commit 69047a611c
18 changed files with 446 additions and 373 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
fet.at/alt.conf
View File

@@ -1,26 +1,26 @@
# -*-nginx-*-
server {
listen 80;
server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at www.alt.fet.at 128.131.95.212;
server {
listen 80;
server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at www.alt.fet.at 128.131.95.212;
location /.well-known {
root /srv/pxy/alt/;
allow all;
root /srv/pxy/alt/;
}
location / {
return 301 https://www.alt.fet.at$request_uri;
}
}
server {
listen 443 ssl http2;
server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at;
ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem;
server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at;
ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.alt.fet.at/privkey.pem;
location /.well-known {
allow all;
root /srv/pxy/alt/;
}
ssl_trusted_certificate /etc/letsencrypt/live/www.alt.fet.at/chain.pem;
include snippets/ssl.conf;
location / {
return 302 https://www.alt.fet.at$request_uri;
@@ -29,45 +29,39 @@ ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem;
server {
listen 443 ssl http2;
# server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at;
server_name www.alt.fet.at;
ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.alt.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.alt.fet.at/chain.pem;
location /.well-known {
allow all;
root /srv/pxy/alt/;
}
include snippets/ssl.conf;
location = / {
return 301 https://$host/twiki/bin/view/Homepage;
}
location = /twiki/ {
return 301 https://$host/twiki/bin/view/Homepage;
return 301 https://$host/twiki/bin/view/Homepage;
}
location = /alt/ {
return 301 https://$host/twiki/bin/view/Homepage;
return 301 https://$host/twiki/bin/view/Homepage;
}
location = /twiki/bin/ {
return 301 https://$host/twiki/bin/view/Homepage;
return 301 https://$host/twiki/bin/view/Homepage;
}
location = /alt/bin/ {
return 301 https://$host/twiki/bin/view/Homepage;
return 301 https://$host/twiki/bin/view/Homepage;
}
location /alt {
rewrite ^/alt(.*) /twiki$1 last;
}
location / {
#
proxy_set_header Host glonass.htu.tuwien.ac.at;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://twikialt.local;
sub_filter /alt/bin /twiki/bin;
sub_filter glonass.htu.tuwien.ac.at www.alt.fet.at;
proxy_pass http://twikialt.local;
sub_filter /alt/bin /twiki/bin;
sub_filter glonass.htu.tuwien.ac.at www.alt.fet.at;
sub_filter http https;
sub_filter_once off;
sub_filter_once off;
}
}

32
fet.at/cloud.conf
View File

@@ -3,37 +3,34 @@ server {
listen 80;
server_name www.cloud.fet.at cloud.fet.at;
root /srv/pxy/cloud2;
location /.well-known {
allow all;
root /srv/pxy/cloud2;
allow all;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen 443 ssl http2;
server_name www.cloud.fet.at cloud.fet.at;
client_max_body_size 4000M;
sendfile on;
send_timeout 600s;
client_body_in_file_only clean;
# include letsencrypt.conf;
ssl_certificate /etc/letsencrypt/live/www.cloud.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.cloud.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.cloud.fet.at/chain.pem;
include snippets/ssl.conf;
# include snippets/ldap.conf;
client_max_body_size 4000M;
sendfile on;
send_timeout 600s;
client_body_in_file_only clean;
# auth_basic " under construction ";
# auth_basic_user_file /srv/fachschaften_htpasswd;
root /srv/pxy/cloud2;
index index.php;
location /.well-known {
allow all;
}
location / {
try_files $uri @pxy;
try_files $uri @pxy;
}
location @pxy {
proxy_pass http://192.168.95.22;
@@ -41,7 +38,6 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_buffering off;
proxy_request_buffering off;
client_body_buffer_size 32K;
client_body_buffer_size 32K;
}
}

70
fet.at/default.conf
View File

@@ -1,27 +1,42 @@
# -*-nginx-*-
server {
listen 80;
listen 443 ssl;
server_name fet.at 128.131.95.208;
ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem;
root /srv/pxy/fet.at;
server_name fet.at 128.131.95.208;
location /.well-known {
allow all;
root /srv/pxy/fet.at;
allow all;
}
location / {
return 302 https://www.fet.at$request_uri;
}
}
server {
listen 80;
server_name www.fet.at;
root /srv/pxy/fet.at;
location /.well-known {
allow all;
}
server {
listen 443 ssl http2;
server_name fet.at;
ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/fet.at/chain.pem;
include snippets/ssl.conf;
location / {
return 302 https://www.fet.at$request_uri;
}
}
server {
listen 80;
server_name www.fet.at;
client_max_body_size 50M;
location /.well-known {
root /srv/pxy/fet.at;
allow all;
}
location /etherpad {
proxy_pass http://192.168.95.11:3333;
proxy_set_header Host $host;
@@ -33,35 +48,24 @@ server {
}
server {
listen 443 ssl;
listen 443 ssl http2;
server_name www.fet.at;
ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.fet.at/chain.pem;
# ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem;
include snippets/ssl.conf;
# include snippets/ldap.conf;
client_max_body_size 50M;
# auth_ldap "FET Login";
# auth_ldap_servers fet;
root /srv/pxy/fet.at;
# root /srv/welcome;
location / {
proxy_pass http://192.168.95.11:3333;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# index index.html;
}
location /.well-known {
allow all;
}
location /alt {
location ~ ^/(alt|twiki) {
return 302 https://www.alt.fet.at$request_uri;
}
location /twiki {
return 302 https://www.alt.fet.at$request_uri;
}
}

39
fet.at/etherpad.conf
View File

@@ -1,46 +1,31 @@
# -*-nginx-*-
server {
listen 80;
server {
listen 80;
server_name etherpad.fet.at www.etherpad.fet.at;
root /srv/pxy/fet.at;
location /.well-known {
allow all;
root /srv/pxy/fet.at;
allow all;
}
location / {
proxy_pass http://192.168.95.11:9001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
return 301 https://$host$request_uri;
}
# location / {
# return 301 https://$host$request_uri;
# }
}
server {
listen 443 ssl;
listen 443 ssl http2;
server_name etherpad.fet.at www.etherpad.fet.at;
ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem;
# ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem;
ssl_certificate /etc/letsencrypt/live/etherpad.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/etherpad.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/etherpad.fet.at/chain.pem;
include snippets/ssl.conf;
# auth_ldap "FET Login";
# auth_ldap_servers fet;
root /srv/pxy/fet.at;
# root /srv/welcome;
location / {
proxy_pass http://192.168.95.11:9001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# index index.html;
}
location /.well-known {
allow all;
}
}

29
fet.at/git.conf Normal file
View File

@@ -0,0 +1,29 @@
# -*-nginx-*-
server {
listen 80;
server_name git.fet.at;
location /.well-known {
root /srv/pxy/git;
allow all;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
server_name git.fet.at;
ssl_certificate /etc/letsencrypt/live/git.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/git.fet.at/chain.pem;
include snippets/ssl.conf;
include snippets/header.conf;
location / {
proxy_pass http://zyklon:3000;
}
}

36
fet.at/mail.conf
View File

@@ -1,11 +1,11 @@
# -*-nginx-*-
server {
listen 80;
server {
listen 80;
server_name www.mail.fet.at mail.fet.at fet.htu.tuwien.ac.at;
root /srv/pxy/mail.fet.at;
location /.well-known {
allow all;
root /srv/pxy/mail.fet.at;
allow all;
}
location / {
return 301 https://$host$request_uri;
@@ -13,31 +13,23 @@ server {
}
server {
listen 443 ssl;
listen 443 ssl http2;
server_name www.mail.fet.at mail.fet.at fet.htu.tuwien.ac.at;
# server_name fet.at www.fet.at 128.131.95.208;
ssl_certificate /etc/letsencrypt/live/www.mail.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.mail.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.mail.fet.at/chain.pem;
# ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem;
include snippets/ssl.conf;
# include snippets/ldap.conf;
# auth_ldap "FET Login";
# auth_ldap_servers fet;
root /srv/pxy/mail.fet.at;
# root /srv/welcome;
location / {
proxy_bind $host:443;
proxy_pass http://192.168.95.11:80;
# proxy_redirect https://$host:8000/ https://$host:443/;
# proxy_redirect https://mail.fet.at:8000/ https://mail.fet.at:443/;
# proxy_redirect https://$host:8000/ https://$host:443/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X_FORWARDED_SSL on;
proxy_set_header HTTP_X_FORWARDED_SSL on;
proxy_set_header X-Forwarded-For $remote_addr;
include snippets/proxy_header.conf;
# index index.html;
}
location /http {
@@ -47,10 +39,6 @@ server {
alias /srv/www/mail/static;
}
location = / {
return 302 https://mail.fet.at/mail/;
return 302 https://mail.fet.at/http/;
}
location /.well-known {
allow all;
}
}