Unify configs, enhance SSL security

2018-03-25 20:23:08 +02:00
parent 83354160ea
commit 69047a611c
18 changed files with 446 additions and 373 deletions
--- a/triton.fet.at/onetufree.conf
+++ b/triton.fet.at/onetufree.conf
@@ -0,0 +1,89 @@
+# -*-nginx-*-
+server {
+    listen 80;
+    server_name onetufree.at;
+
+    location /.well-known {
+        root /srv/pxy/onetufree;  
+        allow all;
+    }
+    location / {
+        return 302 https://www.onetufree.at$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name onetufree.at;
+
+    ssl_certificate /etc/letsencrypt/live/www.onetufree.at/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.onetufree.at/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/www.onetufree.at/chain.pem;
+
+    include snippets/ssl.conf;
+
+    location / {
+        return 302 https://www.onetufree.at$request_uri;
+    }
+}
+
+server {
+    listen 80;
+    server_name www.onetufree.at;
+
+    location /.well-known {
+        root /srv/pxy/onetufree;  
+        allow all;
+    }
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+upstream triamp {
+    server triton-amp.local:8001;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name www.onetufree.at;
+
+    ssl_certificate /etc/letsencrypt/live/www.onetufree.at/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.onetufree.at/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/www.onetufree.at/chain.pem;
+
+    include snippets/ssl.conf;
+
+#    include snippets/ldap.conf;
+#    auth_basic "Under construction";
+#    auth_basic_user_file /srv/.passwd;
+
+    satisfy any;
+
+    location / {
+#        rewrite ^/wp/(.*)$ /$1 break;
+#        return 301 http://$host$request_uri;
+        proxy_pass http://triamp;
+        proxy_set_header Accept-Encoding ""; 
+        proxy_set_header Host www.onetufree.at;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X_FORWARDED_SSL on;
+        proxy_set_header HTTP_X_FORWARDED_SSL on;
+        proxy_redirect default;
+
+#        more_set_headers 'Link: <https://wp.triton.fet.at/index.php/wp-json/>; rel="https://api.w.org/", <https://wp.triton.fet.at/>; rel=shortlink'
+#        more_set_headers 'Hello: World'
+#        sub_filter http https;
+#        sub_filter WordPress WP;
+
+        # force https Links
+        sub_filter http://wp.triton.fet.at https://www.onetufree.at;
+        sub_filter https://wp.triton.fet.at https://www.onetufree.at;
+        sub_filter http://www.onetufree.at https://www.onetufree.at;
+        sub_filter http: https:;
+
+#        sub_filter_types text/html;
+#        sub_filter_types application/javascript, text/javascript, text/html;# application/html text/* application/x-javascript text/xml;
+        sub_filter_once off;
+    }
+}