Unify configs, enhance SSL security

2018-03-25 20:23:08 +02:00
parent 83354160ea
commit 69047a611c
18 changed files with 446 additions and 373 deletions
--- a/triton.fet.at/testrbyandi.conf
+++ b/triton.fet.at/testrbyandi.conf
@@ -0,0 +1,61 @@
+# -*-nginx-*-
+server {
+    server_name testrbyandi.triton.fet.at;
+    listen 80;
+    listen 443 ssl;
+    ssl_certificate /etc/letsencrypt/live/testrby.triton.fet.at/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/testrby.triton.fet.at/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/testrby.triton.fet.at/chain.pem;
+
+    include snippets/ssl.conf;
+
+    location /.well-known {
+        root /srv/pxy/testrby;
+        allow all;
+    }
+    location / {
+        return 302 https://www.testrbyandi.trition.fet.at$request_uri;
+    }
+}
+
+server {
+    server_name www.testrbyandi.triton.fet.at;
+    listen 80;
+
+    location /.well-known {
+        root /srv/pxy/testrby;
+        allow all;
+    }
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    server_name www.testrbyandi.triton.fet.at;
+    listen 443 ssl;
+    ssl_certificate /etc/letsencrypt/live/testrby.triton.fet.at/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/testrby.triton.fet.at/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/testrby.triton.fet.at/chain.pem;
+
+    include snippets/ssl.conf;
+    include snippets/ldap.conf;
+
+    location / {
+        proxy_pass http://mogok.local:3002;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+    location /tc {
+        rewrite ^/tc/(.*)$ /$1 break;
+        proxy_pass http://triton-amp.local:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+    location /conf {
+        rewrite ^/conf/(.*)$ /$1 break;
+        proxy_pass http://mogok.local:8001;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+}