bofh/nginx_sites
9
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Unify configs, enhance SSL security

Browse Source
This commit is contained in:
root
2018-03-25 20:23:08 +02:00
parent 83354160ea
commit 69047a611c
18 changed files with 446 additions and 373 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
fachschaften.at/crawler.conf
View File

@@ -1,30 +1,26 @@
# -*-nginx-*- # -*-nginx-*-
server{ server {
listen 80; listen 80;
server_name www.crawler.fachschaften.at crawler.fachschaften.at; server_name www.crawler.fachschaften.at crawler.fachschaften.at;
root /srv/pxy/fachschaften;
# Location .well known is required for certificate renewal
location /.well-known { location /.well-known {
root /srv/pxy/fachschaften;
allow all; allow all;
} }
# Force SSL
location / { location / {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
} }
server { server {
listen 443 ssl; listen 443 ssl http2;
server_name www.crawler.fachschaften.at crawler.fachschaften.at; server_name www.crawler.fachschaften.at crawler.fachschaften.at;
ssl_certificate /etc/letsencrypt/live/www.fachschaften.at/fullchain.pem; ssl_certificate /etc/letsencrypt/live/www.fachschaften.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.fachschaften.at/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/www.fachschaften.at/privkey.pem;
root /srv/pxy/fachschaften; ssl_trusted_certificate /etc/letsencrypt/live/www.fachschaften.at/chain.pem;
location /.well-known { include snippets/ssl.conf;
allow all;
}
location /sections { location /sections {
auth_basic " under construction "; auth_basic " under construction ";
@@ -32,7 +28,6 @@ server {
try_files $uri @crawler; try_files $uri @crawler;
} }
location /articles { location /articles {
satisfy any; satisfy any;
auth_basic " under construction "; auth_basic " under construction ";
@@ -44,7 +39,6 @@ server {
location /downloads { location /downloads {
try_files $uri @crawler; try_files $uri @crawler;
} }
location @crawler { location @crawler {
proxy_pass http://fachschaften:8080; proxy_pass http://fachschaften:8080;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -52,9 +46,7 @@ server {
} }
} }
# error_page 503 404 410 /404.html;
# error_page 503 404 410 /404.html;
# access_log /var/log/crawler/nginxaccess.log; # access_log /var/log/crawler/nginxaccess.log;
# error_log /var/log/crawler/nginxerror.log; # error_log /var/log/crawler/nginxerror.log;

16
fachschaften.at/default.conf
View File

@@ -2,38 +2,32 @@
server { server {
listen 80; listen 80;
server_name www.fachschaften.at fachschaften.at; server_name www.fachschaften.at fachschaften.at;
root /srv/pxy/fachschaften;
# Location .well known is required for certificate renewal
location /.well-known { location /.well-known {
root /srv/pxy/fachschaften;
allow all; allow all;
} }
# Force SSL
location / { location / {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
} }
server { server {
listen 443 ssl; listen 443 ssl http2;
server_name www.fachschaften.at fachschaften.at; server_name www.fachschaften.at fachschaften.at;
# include letsencrypt.conf;
ssl_certificate /etc/letsencrypt/live/www.fachschaften.at/fullchain.pem; ssl_certificate /etc/letsencrypt/live/www.fachschaften.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.fachschaften.at/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/www.fachschaften.at/privkey.pem;
root /srv/pxy/fachschaften; ssl_trusted_certificate /etc/letsencrypt/live/www.fachschaften.at/chain.pem;
location /.well-known { include snippets/ssl.conf;
allow all;
}
location / { location / {
try_files $uri @pxy; try_files $uri @pxy;
} }
location = / { location = / {
return 301 https://$host/articles; return 301 https://$host/articles;
} }
location @pxy { location @pxy {
proxy_pass http://fachschaften.local:3000; proxy_pass http://fachschaften.local:3000;
proxy_set_header Host $host; proxy_set_header Host $host;

26
fet.at/alt.conf
View File

@@ -2,25 +2,25 @@
server { server {
listen 80; listen 80;
server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at www.alt.fet.at 128.131.95.212; server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at www.alt.fet.at 128.131.95.212;
location /.well-known { location /.well-known {
allow all;
root /srv/pxy/alt/; root /srv/pxy/alt/;
allow all;
} }
location / { location / {
return 301 https://www.alt.fet.at$request_uri; return 301 https://www.alt.fet.at$request_uri;
} }
} }
server { server {
listen 443 ssl http2; listen 443 ssl http2;
server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at; server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at;
ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem;
ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.alt.fet.at/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/www.alt.fet.at/privkey.pem;
location /.well-known { ssl_trusted_certificate /etc/letsencrypt/live/www.alt.fet.at/chain.pem;
allow all;
root /srv/pxy/alt/; include snippets/ssl.conf;
}
location / { location / {
return 302 https://www.alt.fet.at$request_uri; return 302 https://www.alt.fet.at$request_uri;
@@ -29,15 +29,13 @@ ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem;
server { server {
listen 443 ssl http2; listen 443 ssl http2;
# server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at;
server_name www.alt.fet.at; server_name www.alt.fet.at;
ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem; ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.alt.fet.at/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/www.alt.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.alt.fet.at/chain.pem;
location /.well-known { include snippets/ssl.conf;
allow all;
root /srv/pxy/alt/;
}
location = / { location = / {
return 301 https://$host/twiki/bin/view/Homepage; return 301 https://$host/twiki/bin/view/Homepage;
@@ -54,13 +52,10 @@ server {
location = /alt/bin/ { location = /alt/bin/ {
return 301 https://$host/twiki/bin/view/Homepage; return 301 https://$host/twiki/bin/view/Homepage;
} }
location /alt { location /alt {
rewrite ^/alt(.*) /twiki$1 last; rewrite ^/alt(.*) /twiki$1 last;
} }
location / { location / {
#
proxy_set_header Host glonass.htu.tuwien.ac.at; proxy_set_header Host glonass.htu.tuwien.ac.at;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://twikialt.local; proxy_pass http://twikialt.local;
@@ -68,6 +63,5 @@ server {
sub_filter glonass.htu.tuwien.ac.at www.alt.fet.at; sub_filter glonass.htu.tuwien.ac.at www.alt.fet.at;
sub_filter http https; sub_filter http https;
sub_filter_once off; sub_filter_once off;
} }
} }

26
fet.at/cloud.conf
View File

@@ -3,35 +3,32 @@ server {
listen 80; listen 80;
server_name www.cloud.fet.at cloud.fet.at; server_name www.cloud.fet.at cloud.fet.at;
root /srv/pxy/cloud2;
location /.well-known { location /.well-known {
root /srv/pxy/cloud2;
allow all; allow all;
} }
location / { location / {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
} }
server {
listen 443 ssl; server {
listen 443 ssl http2;
server_name www.cloud.fet.at cloud.fet.at; server_name www.cloud.fet.at cloud.fet.at;
ssl_certificate /etc/letsencrypt/live/www.cloud.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.cloud.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.cloud.fet.at/chain.pem;
include snippets/ssl.conf;
# include snippets/ldap.conf;
client_max_body_size 4000M; client_max_body_size 4000M;
sendfile on; sendfile on;
send_timeout 600s; send_timeout 600s;
client_body_in_file_only clean; client_body_in_file_only clean;
# include letsencrypt.conf;
ssl_certificate /etc/letsencrypt/live/www.cloud.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.cloud.fet.at/privkey.pem;
# auth_basic " under construction ";
# auth_basic_user_file /srv/fachschaften_htpasswd;
root /srv/pxy/cloud2;
index index.php; index index.php;
location /.well-known {
allow all;
}
location / { location / {
try_files $uri @pxy; try_files $uri @pxy;
} }
@@ -43,5 +40,4 @@ server {
proxy_request_buffering off; proxy_request_buffering off;
client_body_buffer_size 32K; client_body_buffer_size 32K;
} }
} }

52
fet.at/default.conf
View File

@@ -1,12 +1,10 @@
# -*-nginx-*- # -*-nginx-*-
server { server {
listen 80; listen 80;
listen 443 ssl;
server_name fet.at 128.131.95.208; server_name fet.at 128.131.95.208;
ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem;
root /srv/pxy/fet.at;
location /.well-known { location /.well-known {
root /srv/pxy/fet.at;
allow all; allow all;
} }
location / { location / {
@@ -14,14 +12,31 @@ server {
} }
} }
server {
listen 443 ssl http2;
server_name fet.at;
ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/fet.at/chain.pem;
include snippets/ssl.conf;
location / {
return 302 https://www.fet.at$request_uri;
}
}
server { server {
listen 80; listen 80;
server_name www.fet.at; server_name www.fet.at;
root /srv/pxy/fet.at;
client_max_body_size 50M;
location /.well-known { location /.well-known {
root /srv/pxy/fet.at;
allow all; allow all;
} }
location /etherpad { location /etherpad {
proxy_pass http://192.168.95.11:3333; proxy_pass http://192.168.95.11:3333;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -33,35 +48,24 @@ server {
} }
server { server {
listen 443 ssl; listen 443 ssl http2;
server_name www.fet.at; server_name www.fet.at;
ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem; ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.fet.at/chain.pem;
# ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem; include snippets/ssl.conf;
# ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem; # include snippets/ldap.conf;
# auth_ldap "FET Login"; client_max_body_size 50M;
# auth_ldap_servers fet;
root /srv/pxy/fet.at;
# root /srv/welcome;
location / { location / {
proxy_pass http://192.168.95.11:3333; proxy_pass http://192.168.95.11:3333;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
# index index.html;
} }
location /.well-known { location ~ ^/(alt|twiki) {
allow all;
}
location /alt {
return 302 https://www.alt.fet.at$request_uri; return 302 https://www.alt.fet.at$request_uri;
} }
location /twiki {
return 302 https://www.alt.fet.at$request_uri;
}
} }

31
fet.at/etherpad.conf
View File

@@ -1,46 +1,31 @@
# -*-nginx-*- # -*-nginx-*-
server { server {
listen 80; listen 80;
server_name etherpad.fet.at www.etherpad.fet.at; server_name etherpad.fet.at www.etherpad.fet.at;
root /srv/pxy/fet.at;
location /.well-known { location /.well-known {
root /srv/pxy/fet.at;
allow all; allow all;
} }
location / { location / {
proxy_pass http://192.168.95.11:9001; return 301 https://$host$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
} }
# location / {
# return 301 https://$host$request_uri;
# }
} }
server { server {
listen 443 ssl; listen 443 ssl http2;
server_name etherpad.fet.at www.etherpad.fet.at; server_name etherpad.fet.at www.etherpad.fet.at;
ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem;
# ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem; ssl_certificate /etc/letsencrypt/live/etherpad.fet.at/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/etherpad.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/etherpad.fet.at/chain.pem;
# auth_ldap "FET Login"; include snippets/ssl.conf;
# auth_ldap_servers fet;
root /srv/pxy/fet.at;
# root /srv/welcome;
location / { location / {
proxy_pass http://192.168.95.11:9001; proxy_pass http://192.168.95.11:9001;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
# index index.html;
} }
location /.well-known {
allow all;
}
} }

29
fet.at/git.conf Normal file
View File

@@ -0,0 +1,29 @@
# -*-nginx-*-
server {
listen 80;
server_name git.fet.at;
location /.well-known {
root /srv/pxy/git;
allow all;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
server_name git.fet.at;
ssl_certificate /etc/letsencrypt/live/git.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/git.fet.at/chain.pem;
include snippets/ssl.conf;
include snippets/header.conf;
location / {
proxy_pass http://zyklon:3000;
}
}

30
fet.at/mail.conf
View File

@@ -1,10 +1,10 @@
# -*-nginx-*- # -*-nginx-*-
server { server {
listen 80; listen 80;
server_name www.mail.fet.at mail.fet.at fet.htu.tuwien.ac.at; server_name www.mail.fet.at mail.fet.at fet.htu.tuwien.ac.at;
root /srv/pxy/mail.fet.at;
location /.well-known { location /.well-known {
root /srv/pxy/mail.fet.at;
allow all; allow all;
} }
location / { location / {
@@ -13,31 +13,23 @@ server {
} }
server { server {
listen 443 ssl; listen 443 ssl http2;
server_name www.mail.fet.at mail.fet.at fet.htu.tuwien.ac.at; server_name www.mail.fet.at mail.fet.at fet.htu.tuwien.ac.at;
# server_name fet.at www.fet.at 128.131.95.208;
ssl_certificate /etc/letsencrypt/live/www.mail.fet.at/fullchain.pem; ssl_certificate /etc/letsencrypt/live/www.mail.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.mail.fet.at/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/www.mail.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.mail.fet.at/chain.pem;
# ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem; include snippets/ssl.conf;
# ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem; # include snippets/ldap.conf;
# auth_ldap "FET Login";
# auth_ldap_servers fet;
root /srv/pxy/mail.fet.at;
# root /srv/welcome;
location / { location / {
proxy_bind $host:443; proxy_bind $host:443;
proxy_pass http://192.168.95.11:80; proxy_pass http://192.168.95.11:80;
# proxy_redirect https://$host:8000/ https://$host:443/; # proxy_redirect https://$host:8000/ https://$host:443/;
# proxy_redirect https://mail.fet.at:8000/ https://mail.fet.at:443/; # proxy_redirect https://mail.fet.at:8000/ https://mail.fet.at:443/;
# proxy_redirect https://$host:8000/ https://$host:443/; # proxy_redirect https://$host:8000/ https://$host:443/;
proxy_set_header Host $host; include snippets/proxy_header.conf;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X_FORWARDED_SSL on;
proxy_set_header HTTP_X_FORWARDED_SSL on;
proxy_set_header X-Forwarded-For $remote_addr;
# index index.html; # index index.html;
} }
location /http { location /http {
@@ -47,10 +39,6 @@ server {
alias /srv/www/mail/static; alias /srv/www/mail/static;
} }
location = / { location = / {
return 302 https://mail.fet.at/mail/; return 302 https://mail.fet.at/http/;
} }
location /.well-known {
allow all;
}
} }

16
meinetu.at.conf
View File

@@ -1,10 +1,10 @@
# -*-nginx-*- # -*-nginx-*-
server { server {
listen 80; listen 80;
server_name meinetu.at www.meinetu.at; server_name meinetu.at www.meinetu.at;
root /srv/welcome;
location /.well-known { location /.well-known {
root /srv/welcome;
allow all; allow all;
} }
location / { location / {
@@ -18,18 +18,14 @@ server {
ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem;
include snippets/ssl.conf;
# include snippets/ldap.conf
# auth_ldap "FET Login";
# auth_ldap_servers fet;
root /srv/meinetu; root /srv/meinetu;
# root /srv/welcome;
location / { location / {
return 503; return 503;
index index.html; index index.html;
} }
location /.well-known {
allow all;
}
} }

64
triton.fet.at/git.conf
View File

@@ -2,21 +2,25 @@
server { server {
listen 80; listen 80;
server_name www.git.triton.fet.at git.triton.fet.at; server_name www.git.triton.fet.at git.triton.fet.at;
location /{
return 301 https://$host$request_uri;
}
location /.well-known { location /.well-known {
root /srv/welcome; root /srv/welcome;
allow all; allow all;
} }
location /{
return 301 https://$host$request_uri;
}
} }
server { server {
listen 443 ssl; listen 443 ssl http2;
# listen 80;
server_name www.git.triton.fet.at git.triton.fet.at; server_name www.git.triton.fet.at git.triton.fet.at;
ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem;
include snippets/ssl.conf;
# satisfy any; # satisfy any;
# allow 192.168.95.0/24; # allow 192.168.95.0/24;
@@ -25,20 +29,34 @@ server {
# #
# auth_ldap "FET Login"; # auth_ldap "FET Login";
# auth_ldap_servers fet; # auth_ldap_servers fet;
access_log logs/git.triton.access.log;
location /.well-known { location = / {
root /srv/welcome; return 302 https://$host/git/;
}
location /http {
include snippets/ldap.conf;
root /mnt/git_repo/;
index index.html;
}
location /static {
alias /srv/gitweb/static;
allow all; allow all;
} }
location = / { location /git/static {
return 302 https://$host/http/; alias /srv/gitweb/static;
allow all;
} }
location /git {
include snippets/ldap.conf;
location /http { fastcgi_pass unix:/var/run/fcgiwrap.socket;
auth_ldap "FET Login"; fastcgi_param SCRIPT_FILENAME /srv/gitweb/gitweb.cgi;
auth_ldap_servers fet; # fastcgi_param GIT_HTTP_EXPORT_ALL "";
root /srv/git/; fastcgi_param GIT_PROJECT_ROOT /mnt/git_repo;
index index.html; fastcgi_param PATH_INFO $uri;
fastcgi_param REMOTE_USER $remote_user;
include fastcgi_params;
} }
location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ { location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
satisfy any; satisfy any;
@@ -46,21 +64,19 @@ server {
allow 127.0.0.1; allow 127.0.0.1;
deny all; deny all;
auth_ldap "FET Login"; include snippets/ldap.conf;
auth_ldap_servers fet; root /mnt/git_repo/;
root /srv/git/git/;
} }
location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ { location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
# satisfy any; # satisfy any;
# allow 192.168.95.0/24; # allow 192.168.95.0/24;
# allow 127.0.0.1; # allow 127.0.0.1;
# deny all; # deny all;
auth_ldap "FET Login"; include snippets/ldap.conf;
auth_ldap_servers fet;
root /srv/git/git/; root /mnt/git_repo/git/;
# if ($remote_user = '') { # if ($remote_user = '') {
# set $my_remote_user "nobody"; # set $remote_user "nobody";
# } # }
# if ($remote_user ~* '') # if ($remote_user ~* '')
# { set $my_remote_user $remote_user; # { set $my_remote_user $remote_user;
@@ -69,10 +85,10 @@ server {
fastcgi_pass unix:/var/run/fcgiwrap.socket; fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL ""; fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /srv/git; fastcgi_param GIT_PROJECT_ROOT /mnt/git_repo;
fastcgi_param PATH_INFO $uri; fastcgi_param PATH_INFO $uri;
fastcgi_param REMOTE_USER $remote_user; fastcgi_param REMOTE_USER $remote_user;
include fastcgi_params; include fastcgi_params;
} }
} }

27
triton.fet.at/intern.conf
View File

@@ -1,5 +1,4 @@
# -*-nginx-*- # -*-nginx-*-
server { server {
listen 80; listen 80;
server_name intern.triton.fet.at www.intern.triton.fet.at; server_name intern.triton.fet.at www.intern.triton.fet.at;
@@ -14,26 +13,32 @@ server {
} }
server { server {
listen 443 ssl; listen 443 ssl http2;
#listen 8081;
server_name intern.triton.fet.at www.intern.triton.fet.at; server_name intern.triton.fet.at www.intern.triton.fet.at;
ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
satisfy any; ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem;
auth_ldap "FET Login";
auth_ldap_servers fet; include snippets/ssl.conf;
include snippets/ldap.conf;
auth_basic "Alternative Login"; auth_basic "Alternative Login";
auth_basic_user_file /srv/auth/.basic_user; auth_basic_user_file /srv/auth/.basic_user;
satisfy any;
location / { location / {
include uwsgi_params; include uwsgi_params;
uwsgi_pass unix:/srv/run/intern.sock; uwsgi_pass unix:/srv/run/intern.sock;
} }
location = /intern/ {
return 301 https://$host/intern/inde1x.html;
}
location /intern {
rewrite ^/intern(.*)$ $1 break;
include uwsgi_params;
uwsgi_pass unix:/srv/run/intern.sock;
}
location = / { location = / {
return 301 https://$host/index; return 301 https://$host/index;
} }
location /.well-known {
root /srv/welcome;
allow all;
}
} }

89
triton.fet.at/onetufree.conf Normal file
View File

@@ -0,0 +1,89 @@
# -*-nginx-*-
server {
listen 80;
server_name onetufree.at;
location /.well-known {
root /srv/pxy/onetufree;
allow all;
}
location / {
return 302 https://www.onetufree.at$request_uri;
}
}
server {
listen 443 ssl http2;
server_name onetufree.at;
ssl_certificate /etc/letsencrypt/live/www.onetufree.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.onetufree.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.onetufree.at/chain.pem;
include snippets/ssl.conf;
location / {
return 302 https://www.onetufree.at$request_uri;
}
}
server {
listen 80;
server_name www.onetufree.at;
location /.well-known {
root /srv/pxy/onetufree;
allow all;
}
location / {
return 301 https://$host$request_uri;
}
}
upstream triamp {
server triton-amp.local:8001;
}
server {
listen 443 ssl http2;
server_name www.onetufree.at;
ssl_certificate /etc/letsencrypt/live/www.onetufree.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.onetufree.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.onetufree.at/chain.pem;
include snippets/ssl.conf;
# include snippets/ldap.conf;
# auth_basic "Under construction";
# auth_basic_user_file /srv/.passwd;
satisfy any;
location / {
# rewrite ^/wp/(.*)$ /$1 break;
# return 301 http://$host$request_uri;
proxy_pass http://triamp;
proxy_set_header Accept-Encoding "";
proxy_set_header Host www.onetufree.at;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X_FORWARDED_SSL on;
proxy_set_header HTTP_X_FORWARDED_SSL on;
proxy_redirect default;
# more_set_headers 'Link: <https://wp.triton.fet.at/index.php/wp-json/>; rel="https://api.w.org/", <https://wp.triton.fet.at/>; rel=shortlink'
# more_set_headers 'Hello: World'
# sub_filter http https;
# sub_filter WordPress WP;
# force https Links
sub_filter http://wp.triton.fet.at https://www.onetufree.at;
sub_filter https://wp.triton.fet.at https://www.onetufree.at;
sub_filter http://www.onetufree.at https://www.onetufree.at;
sub_filter http: https:;
# sub_filter_types text/html;
# sub_filter_types application/javascript, text/javascript, text/html;# application/html text/* application/x-javascript text/xml;
sub_filter_once off;
}
}

20
triton.fet.at/sql.triton.fet.at.conf
View File

@@ -6,8 +6,9 @@ upstream triampsql {
server { server {
listen 80; listen 80;
server_name sql.triton.fet.at www.sql.triton.fet.at; server_name sql.triton.fet.at www.sql.triton.fet.at;
root /srv/pxy/wptriton;
location /.well-known { location /.well-known {
root /srv/pxy/wptriton;
allow all; allow all;
} }
location / { location / {
@@ -15,21 +16,16 @@ server {
} }
} }
server { server {
listen 443 ssl; listen 443 ssl;
server_name sql.triton.fet.at www.sql.triton.fet.at; server_name sql.triton.fet.at www.sql.triton.fet.at;
#ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem;
auth_ldap "FET Login"; include snippets/ssl.conf;
auth_ldap_servers fet; include snippets/ldap.conf;
location /.well-known {
allow all;
}
location / { location / {
proxy_pass http://triampsql; proxy_pass http://triampsql;
@@ -43,7 +39,5 @@ server {
# sub_filter http://wp.triton.fet.at https://wp.triton.fet.at; # sub_filter http://wp.triton.fet.at https://wp.triton.fet.at;
# sub_filter http: https:; # sub_filter http: https:;
# sub_filter_once off; # sub_filter_once off;
} }
} }

31
triton.fet.at/testrby.conf
View File

@@ -3,15 +3,18 @@ server {
server_name testrby.triton.fet.at; server_name testrby.triton.fet.at;
listen 80; listen 80;
listen 443 ssl; listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; ssl_certificate /etc/letsencrypt/live/testrby.triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/testrby.triton.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/testrby.triton.fet.at/chain.pem;
include snippets/ssl.conf;
location /.well-known { location /.well-known {
root /srv/welcome; root /srv/pxy/testrby;
allow all; allow all;
} }
location / { location / {
return 302 https://www.testrby.trition.fet.at$request_uri; return 302 https://www.testrby.triton.fet.at$request_uri;
} }
} }
@@ -19,8 +22,8 @@ server {
server_name www.testrby.triton.fet.at; server_name www.testrby.triton.fet.at;
listen 80; listen 80;
location /.well-known { location /.well-known {
root /srv/pxy/testrby;
allow all; allow all;
root /srv/welcome;
} }
location / { location / {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
@@ -30,17 +33,16 @@ server {
server { server {
server_name www.testrby.triton.fet.at; server_name www.testrby.triton.fet.at;
listen 443 ssl; listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
auth_ldap "FET Login";
auth_ldap_servers fet;
location /.well-known { ssl_certificate /etc/letsencrypt/live/testrby.triton.fet.at/fullchain.pem;
root /srv/welcome; ssl_certificate_key /etc/letsencrypt/live/testrby.triton.fet.at/privkey.pem;
allow all; ssl_trusted_certificate /etc/letsencrypt/live/testrby.triton.fet.at/chain.pem;
}
include snippets/ssl.conf;
include snippets/ldap.conf;
location / { location / {
proxy_pass http://mogok.local:3000; proxy_pass http://mogok.local:3001;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
} }
@@ -56,6 +58,5 @@ server {
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
} }
} }

61
triton.fet.at/testrbyandi.conf Normal file
View File

@@ -0,0 +1,61 @@
# -*-nginx-*-
server {
server_name testrbyandi.triton.fet.at;
listen 80;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/testrby.triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/testrby.triton.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/testrby.triton.fet.at/chain.pem;
include snippets/ssl.conf;
location /.well-known {
root /srv/pxy/testrby;
allow all;
}
location / {
return 302 https://www.testrbyandi.trition.fet.at$request_uri;
}
}
server {
server_name www.testrbyandi.triton.fet.at;
listen 80;
location /.well-known {
root /srv/pxy/testrby;
allow all;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name www.testrbyandi.triton.fet.at;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/testrby.triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/testrby.triton.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/testrby.triton.fet.at/chain.pem;
include snippets/ssl.conf;
include snippets/ldap.conf;
location / {
proxy_pass http://mogok.local:3002;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
location /tc {
rewrite ^/tc/(.*)$ /$1 break;
proxy_pass http://triton-amp.local:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
location /conf {
rewrite ^/conf/(.*)$ /$1 break;
proxy_pass http://mogok.local:8001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}

19
triton.fet.at/welcome.conf
View File

@@ -4,8 +4,9 @@
server { server {
listen 80; listen 80;
server_name triton.fet.at www.triton.fet.at triton.local; server_name triton.fet.at www.triton.fet.at triton.local;
root /srv/welcome;
location /.well-known { location /.well-known {
root /srv/welcome;
allow all; allow all;
} }
location / { location / {
@@ -14,18 +15,17 @@ server {
} }
server { server {
listen 443 ssl; listen 443 ssl http2;
server_name triton.fet.at www.triton.fet.at triton.local; server_name triton.fet.at www.triton.fet.at triton.local;
ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem;
auth_ldap "FET Login - TT"; include snippets/ssl.conf;
auth_ldap_servers fet; include snippets/ldap.conf;
root /srv/welcome; root /srv/welcome/build;
location /.well-known {
allow all;
}
location / { location / {
ssi on; ssi on;
index index.html; index index.html;
@@ -34,7 +34,6 @@ server {
rewrite ^/conf/(.*)$ /$1 break; rewrite ^/conf/(.*)$ /$1 break;
proxy_pass http://localhost:8080; proxy_pass http://localhost:8080;
} }
location /doc { location /doc {
return 301 https://intern.triton.fet.at$request_uri; return 301 https://intern.triton.fet.at$request_uri;
# include uwsgi_params; # include uwsgi_params;
@@ -43,6 +42,4 @@ server {
# rewrite ^/doc/(.*)$ /$1 break; # rewrite ^/doc/(.*)$ /$1 break;
# proxy_pass http://localhost:8081; # proxy_pass http://localhost:8081;
} }
} }

81
triton.fet.at/wp.conf
View File

@@ -1,89 +1,28 @@
# -*-nginx-*- # -*-nginx-*-
server { server {
listen 80; listen 80;
server_name www.onetufree.at; server_name wp.triton.fet.at;
# root /srv/pxy/wptriton;
location /.well-known { location /.well-known {
root /srv/pxy/onetufree; root /srv/welcome;
allow all; allow all;
} }
location / { location / {
return 301 https://$host$request_uri; return 302 https://www.onetufree.at$request_uri;
} }
} }
server { server {
listen 80; listen 443 ssl http2;
listen 443 ssl; server_name wp.triton.fet.at;
server_name onetufree.at wp.triton.fet.at www.wp.triton.fet.at;
# root /srv/pxy/wptriton;
ssl_certificate /etc/letsencrypt/live/wp.triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wp.triton.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/wp.triton.fet.at/chain.pem;
location /.well-known { include snippets/ssl.conf;
root /srv/pxy/onetufree;
allow all;
}
location / {
return 301 https://www.onetufree.at$request_uri;
}
}
upstream triamp {
server triton-amp.local:8001;
}
server {
listen 443 ssl;
server_name www.onetufree.at;# onetufree.at wp.triton.fet.at www.wp.triton.fet.at;
ssl_certificate /etc/letsencrypt/live/www.onetufree.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.onetufree.at/privkey.pem;
satisfy any;
auth_ldap "Under construction";
auth_ldap_servers fet;
auth_basic "Under construction";
auth_basic_user_file /srv/.passwd;
location /.well-known {
root /srv/pxy/onetufree;
allow all;
}
location / { location / {
# rewrite ^/wp/(.*)$ /$1 break; return 302 https://www.onetufree.at$request_uri;
# return 301 http://$host$request_uri;
proxy_pass http://triamp;
proxy_set_header Accept-Encoding "";
proxy_set_header Host www.onetufree.at;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X_FORWARDED_SSL on;
proxy_set_header HTTP_X_FORWARDED_SSL on;
proxy_redirect default;
# more_set_headers 'Link: <https://wp.triton.fet.at/index.php/wp-json/>; rel="https://api.w.org/", <https://wp.triton.fet.at/>; rel=shortlink'
# more_set_headers 'Hello: World'
# sub_filter http https;
# sub_filter WordPress WP;
# force https Links
sub_filter http://wp.triton.fet.at https://www.onetufree.at;
sub_filter https://wp.triton.fet.at https://www.onetufree.at;
sub_filter http://www.onetufree.at https://www.onetufree.at;
sub_filter http: https:;
# sub_filter_types text/html;
# sub_filter_types application/javascript, text/javascript, text/html;# application/html text/* application/x-javascript text/xml;
sub_filter_once off;
} }
} }

29
triton.fet.at/wp2.conf
View File

@@ -16,27 +16,24 @@ upstream triamp2 {
server triton-amp.local:8003; server triton-amp.local:8003;
} }
server { server {
listen 443 ssl; listen 443 ssl http2;
server_name wp2.triton.fet.at www.wp2.triton.fet.at; server_name wp2.triton.fet.at www.wp2.triton.fet.at;
ssl_certificate /etc/letsencrypt/live/wp.triton.fet.at/fullchain.pem; ssl_certificate /etc/letsencrypt/live/wp.triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wp.triton.fet.at/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/wp.triton.fet.at/privkey.pem;
satisfy any; ssl_trusted_certificate /etc/letsencrypt/live/wp.triton.fet.at/chain.pem;
auth_ldap "Under construction";
auth_ldap_servers fet;
include snippets/ssl.conf;
satisfy any;
location / {
include snippets/ldap.conf;
auth_basic "Under construction"; auth_basic "Under construction";
auth_basic_user_file /srv/.passwd; auth_basic_user_file /srv/.passwd;
location /.well-known { # rewrite ^/wp/(.*)$ /$1 break;
root /srv/welcome;
allow all;
}
location / {
# rewrite ^/wp/(.*)$ /$1 break;
# return 301 http://$host$request_uri; # return 301 http://$host$request_uri;
proxy_pass http://triamp2; proxy_pass http://triamp2;
proxy_set_header Accept-Encoding ""; proxy_set_header Accept-Encoding "";
@@ -47,7 +44,7 @@ server {
proxy_set_header HTTP_X_FORWARDED_SSL on; proxy_set_header HTTP_X_FORWARDED_SSL on;
proxy_redirect default; proxy_redirect default;
# more_set_headers 'Link: <https://wp.triton.fet.at/index.php/wp-json/>; rel="https://api.w.org/", <https://wp.triton.fet.at/>; rel=shortlink' # more_set_headers 'Link: <https://wp.triton.fet.at/index.php/wp-json/>; rel="https://api.w.org/", <https://wp.triton.fet.at/>; rel=shortlink'
# more_set_headers 'Hello: World' # more_set_headers 'Hello: World'
# sub_filter http https; # sub_filter http https;
# sub_filter WordPress WP; # sub_filter WordPress WP;
@@ -56,12 +53,8 @@ server {
sub_filter http://wp2.triton.fet.at https://wp2.triton.fet.at; sub_filter http://wp2.triton.fet.at https://wp2.triton.fet.at;
# sub_filter http: https:; # sub_filter http: https:;
# sub_filter_types text/html;
# sub_filter_types text/html;
# sub_filter_types application/javascript, text/javascript, text/html;# application/html text/* application/x-javascript text/xml; # sub_filter_types application/javascript, text/javascript, text/html;# application/html text/* application/x-javascript text/xml;
sub_filter_once off; sub_filter_once off;
} }
} }