bofh/nginx_sites
9
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Unify configs, enhance SSL security

Browse Source
This commit is contained in:
root
2018-03-25 20:23:08 +02:00
parent 83354160ea
commit 69047a611c
18 changed files with 446 additions and 373 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
fachschaften.at/crawler.conf
View File

@@ -1,30 +1,26 @@
# -*-nginx-*-
server{
server {
listen 80;
server_name www.crawler.fachschaften.at crawler.fachschaften.at;
root /srv/pxy/fachschaften;
# Location .well known is required for certificate renewal
location /.well-known {
allow all;
root /srv/pxy/fachschaften;
allow all;
}
# Force SSL
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen 443 ssl http2;
server_name www.crawler.fachschaften.at crawler.fachschaften.at;
ssl_certificate /etc/letsencrypt/live/www.fachschaften.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.fachschaften.at/privkey.pem;
root /srv/pxy/fachschaften;
location /.well-known {
allow all;
}
ssl_trusted_certificate /etc/letsencrypt/live/www.fachschaften.at/chain.pem;
include snippets/ssl.conf;
location /sections {
auth_basic " under construction ";
@@ -32,7 +28,6 @@ server {
try_files $uri @crawler;
}
location /articles {
satisfy any;
auth_basic " under construction ";
@@ -44,7 +39,6 @@ server {
location /downloads {
try_files $uri @crawler;
}
location @crawler {
proxy_pass http://fachschaften:8080;
proxy_set_header Host $host;
@@ -52,9 +46,7 @@ server {
}
}
# error_page 503 404 410 /404.html;
# error_page 503 404 410 /404.html;
# access_log /var/log/crawler/nginxaccess.log;
# error_log /var/log/crawler/nginxerror.log;
# error_log /var/log/crawler/nginxerror.log;

26
fachschaften.at/default.conf
View File

@@ -2,41 +2,35 @@
server {
listen 80;
server_name www.fachschaften.at fachschaften.at;
root /srv/pxy/fachschaften;
# Location .well known is required for certificate renewal
location /.well-known {
root /srv/pxy/fachschaften;
allow all;
}
# Force SSL
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen 443 ssl http2;
server_name www.fachschaften.at fachschaften.at;
# include letsencrypt.conf;
ssl_certificate /etc/letsencrypt/live/www.fachschaften.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.fachschaften.at/privkey.pem;
root /srv/pxy/fachschaften;
ssl_trusted_certificate /etc/letsencrypt/live/www.fachschaften.at/chain.pem;
location /.well-known {
allow all;
}
include snippets/ssl.conf;
location / {
try_files $uri @pxy;
}
location = / {
location = / {
return 301 https://$host/articles;
}
location @pxy {
proxy_pass http://fachschaften.local:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
proxy_pass http://fachschaften.local:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}

50
fet.at/alt.conf
View File

@@ -1,26 +1,26 @@
# -*-nginx-*-
server {
listen 80;
server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at www.alt.fet.at 128.131.95.212;
server {
listen 80;
server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at www.alt.fet.at 128.131.95.212;
location /.well-known {
root /srv/pxy/alt/;
allow all;
root /srv/pxy/alt/;
}
location / {
return 301 https://www.alt.fet.at$request_uri;
}
}
server {
listen 443 ssl http2;
server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at;
ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem;
server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at;
ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.alt.fet.at/privkey.pem;
location /.well-known {
allow all;
root /srv/pxy/alt/;
}
ssl_trusted_certificate /etc/letsencrypt/live/www.alt.fet.at/chain.pem;
include snippets/ssl.conf;
location / {
return 302 https://www.alt.fet.at$request_uri;
@@ -29,45 +29,39 @@ ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem;
server {
listen 443 ssl http2;
# server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at;
server_name www.alt.fet.at;
ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.alt.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.alt.fet.at/chain.pem;
location /.well-known {
allow all;
root /srv/pxy/alt/;
}
include snippets/ssl.conf;
location = / {
return 301 https://$host/twiki/bin/view/Homepage;
}
location = /twiki/ {
return 301 https://$host/twiki/bin/view/Homepage;
return 301 https://$host/twiki/bin/view/Homepage;
}
location = /alt/ {
return 301 https://$host/twiki/bin/view/Homepage;
return 301 https://$host/twiki/bin/view/Homepage;
}
location = /twiki/bin/ {
return 301 https://$host/twiki/bin/view/Homepage;
return 301 https://$host/twiki/bin/view/Homepage;
}
location = /alt/bin/ {
return 301 https://$host/twiki/bin/view/Homepage;
return 301 https://$host/twiki/bin/view/Homepage;
}
location /alt {
rewrite ^/alt(.*) /twiki$1 last;
}
location / {
#
proxy_set_header Host glonass.htu.tuwien.ac.at;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://twikialt.local;
sub_filter /alt/bin /twiki/bin;
sub_filter glonass.htu.tuwien.ac.at www.alt.fet.at;
proxy_pass http://twikialt.local;
sub_filter /alt/bin /twiki/bin;
sub_filter glonass.htu.tuwien.ac.at www.alt.fet.at;
sub_filter http https;
sub_filter_once off;
sub_filter_once off;
}
}

32
fet.at/cloud.conf
View File

@@ -3,37 +3,34 @@ server {
listen 80;
server_name www.cloud.fet.at cloud.fet.at;
root /srv/pxy/cloud2;
location /.well-known {
allow all;
root /srv/pxy/cloud2;
allow all;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen 443 ssl http2;
server_name www.cloud.fet.at cloud.fet.at;
client_max_body_size 4000M;
sendfile on;
send_timeout 600s;
client_body_in_file_only clean;
# include letsencrypt.conf;
ssl_certificate /etc/letsencrypt/live/www.cloud.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.cloud.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.cloud.fet.at/chain.pem;
include snippets/ssl.conf;
# include snippets/ldap.conf;
client_max_body_size 4000M;
sendfile on;
send_timeout 600s;
client_body_in_file_only clean;
# auth_basic " under construction ";
# auth_basic_user_file /srv/fachschaften_htpasswd;
root /srv/pxy/cloud2;
index index.php;
location /.well-known {
allow all;
}
location / {
try_files $uri @pxy;
try_files $uri @pxy;
}
location @pxy {
proxy_pass http://192.168.95.22;
@@ -41,7 +38,6 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_buffering off;
proxy_request_buffering off;
client_body_buffer_size 32K;
client_body_buffer_size 32K;
}
}

70
fet.at/default.conf
View File

@@ -1,27 +1,42 @@
# -*-nginx-*-
server {
listen 80;
listen 443 ssl;
server_name fet.at 128.131.95.208;
ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem;
root /srv/pxy/fet.at;
server_name fet.at 128.131.95.208;
location /.well-known {
allow all;
root /srv/pxy/fet.at;
allow all;
}
location / {
return 302 https://www.fet.at$request_uri;
}
}
server {
listen 80;
server_name www.fet.at;
root /srv/pxy/fet.at;
location /.well-known {
allow all;
}
server {
listen 443 ssl http2;
server_name fet.at;
ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/fet.at/chain.pem;
include snippets/ssl.conf;
location / {
return 302 https://www.fet.at$request_uri;
}
}
server {
listen 80;
server_name www.fet.at;
client_max_body_size 50M;
location /.well-known {
root /srv/pxy/fet.at;
allow all;
}
location /etherpad {
proxy_pass http://192.168.95.11:3333;
proxy_set_header Host $host;
@@ -33,35 +48,24 @@ server {
}
server {
listen 443 ssl;
listen 443 ssl http2;
server_name www.fet.at;
ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.fet.at/chain.pem;
# ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem;
include snippets/ssl.conf;
# include snippets/ldap.conf;
client_max_body_size 50M;
# auth_ldap "FET Login";
# auth_ldap_servers fet;
root /srv/pxy/fet.at;
# root /srv/welcome;
location / {
proxy_pass http://192.168.95.11:3333;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# index index.html;
}
location /.well-known {
allow all;
}
location /alt {
location ~ ^/(alt|twiki) {
return 302 https://www.alt.fet.at$request_uri;
}
location /twiki {
return 302 https://www.alt.fet.at$request_uri;
}
}

39
fet.at/etherpad.conf
View File

@@ -1,46 +1,31 @@
# -*-nginx-*-
server {
listen 80;
server {
listen 80;
server_name etherpad.fet.at www.etherpad.fet.at;
root /srv/pxy/fet.at;
location /.well-known {
allow all;
root /srv/pxy/fet.at;
allow all;
}
location / {
proxy_pass http://192.168.95.11:9001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
return 301 https://$host$request_uri;
}
# location / {
# return 301 https://$host$request_uri;
# }
}
server {
listen 443 ssl;
listen 443 ssl http2;
server_name etherpad.fet.at www.etherpad.fet.at;
ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem;
# ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem;
ssl_certificate /etc/letsencrypt/live/etherpad.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/etherpad.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/etherpad.fet.at/chain.pem;
include snippets/ssl.conf;
# auth_ldap "FET Login";
# auth_ldap_servers fet;
root /srv/pxy/fet.at;
# root /srv/welcome;
location / {
proxy_pass http://192.168.95.11:9001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# index index.html;
}
location /.well-known {
allow all;
}
}

29
fet.at/git.conf Normal file
View File

@@ -0,0 +1,29 @@
# -*-nginx-*-
server {
listen 80;
server_name git.fet.at;
location /.well-known {
root /srv/pxy/git;
allow all;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
server_name git.fet.at;
ssl_certificate /etc/letsencrypt/live/git.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/git.fet.at/chain.pem;
include snippets/ssl.conf;
include snippets/header.conf;
location / {
proxy_pass http://zyklon:3000;
}
}

36
fet.at/mail.conf
View File

@@ -1,11 +1,11 @@
# -*-nginx-*-
server {
listen 80;
server {
listen 80;
server_name www.mail.fet.at mail.fet.at fet.htu.tuwien.ac.at;
root /srv/pxy/mail.fet.at;
location /.well-known {
allow all;
root /srv/pxy/mail.fet.at;
allow all;
}
location / {
return 301 https://$host$request_uri;
@@ -13,31 +13,23 @@ server {
}
server {
listen 443 ssl;
listen 443 ssl http2;
server_name www.mail.fet.at mail.fet.at fet.htu.tuwien.ac.at;
# server_name fet.at www.fet.at 128.131.95.208;
ssl_certificate /etc/letsencrypt/live/www.mail.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.mail.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.mail.fet.at/chain.pem;
# ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem;
include snippets/ssl.conf;
# include snippets/ldap.conf;
# auth_ldap "FET Login";
# auth_ldap_servers fet;
root /srv/pxy/mail.fet.at;
# root /srv/welcome;
location / {
proxy_bind $host:443;
proxy_pass http://192.168.95.11:80;
# proxy_redirect https://$host:8000/ https://$host:443/;
# proxy_redirect https://mail.fet.at:8000/ https://mail.fet.at:443/;
# proxy_redirect https://$host:8000/ https://$host:443/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X_FORWARDED_SSL on;
proxy_set_header HTTP_X_FORWARDED_SSL on;
proxy_set_header X-Forwarded-For $remote_addr;
include snippets/proxy_header.conf;
# index index.html;
}
location /http {
@@ -47,10 +39,6 @@ server {
alias /srv/www/mail/static;
}
location = / {
return 302 https://mail.fet.at/mail/;
return 302 https://mail.fet.at/http/;
}
location /.well-known {
allow all;
}
}

22
meinetu.at.conf
View File

@@ -1,11 +1,11 @@
# -*-nginx-*-
server {
listen 80;
server {
listen 80;
server_name meinetu.at www.meinetu.at;
root /srv/welcome;
location /.well-known {
allow all;
root /srv/welcome;
allow all;
}
location / {
return 301 https://$host$request_uri;
@@ -18,18 +18,14 @@ server {
ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem;
include snippets/ssl.conf;
# include snippets/ldap.conf
# auth_ldap "FET Login";
# auth_ldap_servers fet;
root /srv/meinetu;
# root /srv/welcome;
location / {
return 503;
index index.html;
}
location /.well-known {
allow all;
}
}

90
triton.fet.at/git.conf
View File

@@ -2,21 +2,25 @@
server {
listen 80;
server_name www.git.triton.fet.at git.triton.fet.at;
location /.well-known {
root /srv/welcome;
allow all;
}
location /{
return 301 https://$host$request_uri;
}
location /.well-known {
root /srv/welcome;
allow all;
}
}
server {
listen 443 ssl;
# listen 80;
listen 443 ssl http2;
server_name www.git.triton.fet.at git.triton.fet.at;
ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem;
include snippets/ssl.conf;
# satisfy any;
# allow 192.168.95.0/24;
@@ -25,54 +29,66 @@ server {
#
# auth_ldap "FET Login";
# auth_ldap_servers fet;
access_log logs/git.triton.access.log;
location /.well-known {
root /srv/welcome;
allow all;
}
location = / {
return 302 https://$host/http/;
}
return 302 https://$host/git/;
}
location /http {
auth_ldap "FET Login";
auth_ldap_servers fet;
root /srv/git/;
include snippets/ldap.conf;
root /mnt/git_repo/;
index index.html;
}
location /static {
alias /srv/gitweb/static;
allow all;
}
location /git/static {
alias /srv/gitweb/static;
allow all;
}
location /git {
include snippets/ldap.conf;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_param SCRIPT_FILENAME /srv/gitweb/gitweb.cgi;
# fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /mnt/git_repo;
fastcgi_param PATH_INFO $uri;
fastcgi_param REMOTE_USER $remote_user;
include fastcgi_params;
}
location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
satisfy any;
allow 192.168.95.0/24;
allow 127.0.0.1;
deny all;
satisfy any;
allow 192.168.95.0/24;
allow 127.0.0.1;
deny all;
auth_ldap "FET Login";
auth_ldap_servers fet;
root /srv/git/git/;
include snippets/ldap.conf;
root /mnt/git_repo/;
}
location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
# satisfy any;
# allow 192.168.95.0/24;
# allow 127.0.0.1;
# deny all;
auth_ldap "FET Login";
auth_ldap_servers fet;
include snippets/ldap.conf;
root /srv/git/git/;
root /mnt/git_repo/git/;
# if ($remote_user = '') {
# set $my_remote_user "nobody";
# set $remote_user "nobody";
# }
# if ($remote_user ~* '')
# { set $my_remote_user $remote_user;
# }
client_max_body_size 0;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /srv/git;
fastcgi_param PATH_INFO $uri;
fastcgi_param REMOTE_USER $remote_user;
include fastcgi_params;
client_max_body_size 0;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /mnt/git_repo;
fastcgi_param PATH_INFO $uri;
fastcgi_param REMOTE_USER $remote_user;
include fastcgi_params;
}
}

35
triton.fet.at/intern.conf
View File

@@ -1,12 +1,11 @@
# -*-nginx-*-
server {
listen 80;
server {
listen 80;
server_name intern.triton.fet.at www.intern.triton.fet.at;
location /.well-known {
root /srv/welcome;
allow all;
root /srv/welcome;
allow all;
}
location / {
return 301 https://$host$request_uri;
@@ -14,26 +13,32 @@ server {
}
server {
listen 443 ssl;
#listen 8081;
listen 443 ssl http2;
server_name intern.triton.fet.at www.intern.triton.fet.at;
ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
satisfy any;
auth_ldap "FET Login";
auth_ldap_servers fet;
ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem;
include snippets/ssl.conf;
include snippets/ldap.conf;
auth_basic "Alternative Login";
auth_basic_user_file /srv/auth/.basic_user;
satisfy any;
location / {
include uwsgi_params;
uwsgi_pass unix:/srv/run/intern.sock;
}
location = /intern/ {
return 301 https://$host/intern/inde1x.html;
}
location /intern {
rewrite ^/intern(.*)$ $1 break;
include uwsgi_params;
uwsgi_pass unix:/srv/run/intern.sock;
}
location = / {
return 301 https://$host/index;
}
location /.well-known {
root /srv/welcome;
allow all;
}
}

89
triton.fet.at/onetufree.conf Normal file
View File

@@ -0,0 +1,89 @@
# -*-nginx-*-
server {
listen 80;
server_name onetufree.at;
location /.well-known {
root /srv/pxy/onetufree;
allow all;
}
location / {
return 302 https://www.onetufree.at$request_uri;
}
}
server {
listen 443 ssl http2;
server_name onetufree.at;
ssl_certificate /etc/letsencrypt/live/www.onetufree.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.onetufree.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.onetufree.at/chain.pem;
include snippets/ssl.conf;
location / {
return 302 https://www.onetufree.at$request_uri;
}
}
server {
listen 80;
server_name www.onetufree.at;
location /.well-known {
root /srv/pxy/onetufree;
allow all;
}
location / {
return 301 https://$host$request_uri;
}
}
upstream triamp {
server triton-amp.local:8001;
}
server {
listen 443 ssl http2;
server_name www.onetufree.at;
ssl_certificate /etc/letsencrypt/live/www.onetufree.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.onetufree.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.onetufree.at/chain.pem;
include snippets/ssl.conf;
# include snippets/ldap.conf;
# auth_basic "Under construction";
# auth_basic_user_file /srv/.passwd;
satisfy any;
location / {
# rewrite ^/wp/(.*)$ /$1 break;
# return 301 http://$host$request_uri;
proxy_pass http://triamp;
proxy_set_header Accept-Encoding "";
proxy_set_header Host www.onetufree.at;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X_FORWARDED_SSL on;
proxy_set_header HTTP_X_FORWARDED_SSL on;
proxy_redirect default;
# more_set_headers 'Link: <https://wp.triton.fet.at/index.php/wp-json/>; rel="https://api.w.org/", <https://wp.triton.fet.at/>; rel=shortlink'
# more_set_headers 'Hello: World'
# sub_filter http https;
# sub_filter WordPress WP;
# force https Links
sub_filter http://wp.triton.fet.at https://www.onetufree.at;
sub_filter https://wp.triton.fet.at https://www.onetufree.at;
sub_filter http://www.onetufree.at https://www.onetufree.at;
sub_filter http: https:;
# sub_filter_types text/html;
# sub_filter_types application/javascript, text/javascript, text/html;# application/html text/* application/x-javascript text/xml;
sub_filter_once off;
}
}

24
triton.fet.at/sql.triton.fet.at.conf
View File

@@ -5,32 +5,28 @@ upstream triampsql {
server {
listen 80;
server_name sql.triton.fet.at www.sql.triton.fet.at;
root /srv/pxy/wptriton;
server_name sql.triton.fet.at www.sql.triton.fet.at;
location /.well-known {
allow all;
root /srv/pxy/wptriton;
allow all;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name sql.triton.fet.at www.sql.triton.fet.at;
#ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem;
auth_ldap "FET Login";
auth_ldap_servers fet;
include snippets/ssl.conf;
include snippets/ldap.conf;
location /.well-known {
allow all;
}
location / {
proxy_pass http://triampsql;
proxy_set_header Accept-Encoding "";
@@ -43,7 +39,5 @@ server {
# sub_filter http://wp.triton.fet.at https://wp.triton.fet.at;
# sub_filter http: https:;
# sub_filter_once off;
}
}

35
triton.fet.at/testrby.conf
View File

@@ -3,15 +3,18 @@ server {
server_name testrby.triton.fet.at;
listen 80;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
ssl_certificate /etc/letsencrypt/live/testrby.triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/testrby.triton.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/testrby.triton.fet.at/chain.pem;
include snippets/ssl.conf;
location /.well-known {
root /srv/welcome;
allow all;
root /srv/pxy/testrby;
allow all;
}
location / {
return 302 https://www.testrby.trition.fet.at$request_uri;
return 302 https://www.testrby.triton.fet.at$request_uri;
}
}
@@ -19,8 +22,8 @@ server {
server_name www.testrby.triton.fet.at;
listen 80;
location /.well-known {
allow all;
root /srv/welcome;
root /srv/pxy/testrby;
allow all;
}
location / {
return 301 https://$host$request_uri;
@@ -30,17 +33,16 @@ server {
server {
server_name www.testrby.triton.fet.at;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
auth_ldap "FET Login";
auth_ldap_servers fet;
location /.well-known {
root /srv/welcome;
allow all;
}
ssl_certificate /etc/letsencrypt/live/testrby.triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/testrby.triton.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/testrby.triton.fet.at/chain.pem;
include snippets/ssl.conf;
include snippets/ldap.conf;
location / {
proxy_pass http://mogok.local:3000;
proxy_pass http://mogok.local:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
@@ -56,6 +58,5 @@ server {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}

61
triton.fet.at/testrbyandi.conf Normal file
View File

@@ -0,0 +1,61 @@
# -*-nginx-*-
server {
server_name testrbyandi.triton.fet.at;
listen 80;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/testrby.triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/testrby.triton.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/testrby.triton.fet.at/chain.pem;
include snippets/ssl.conf;
location /.well-known {
root /srv/pxy/testrby;
allow all;
}
location / {
return 302 https://www.testrbyandi.trition.fet.at$request_uri;
}
}
server {
server_name www.testrbyandi.triton.fet.at;
listen 80;
location /.well-known {
root /srv/pxy/testrby;
allow all;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name www.testrbyandi.triton.fet.at;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/testrby.triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/testrby.triton.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/testrby.triton.fet.at/chain.pem;
include snippets/ssl.conf;
include snippets/ldap.conf;
location / {
proxy_pass http://mogok.local:3002;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
location /tc {
rewrite ^/tc/(.*)$ /$1 break;
proxy_pass http://triton-amp.local:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
location /conf {
rewrite ^/conf/(.*)$ /$1 break;
proxy_pass http://mogok.local:8001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}

29
triton.fet.at/welcome.conf
View File

@@ -1,12 +1,13 @@
# -*-nginx-*-
# Beschreibung: Dies ist ein fallback falls kein sonstiger Server gewaehlt wurde. Im geschuetzten Bereich befinden sich Infos zur Konfiguration!
server {
listen 80;
server_name triton.fet.at www.triton.fet.at triton.local;
root /srv/welcome;
server {
listen 80;
server_name triton.fet.at www.triton.fet.at triton.local;
location /.well-known {
allow all;
root /srv/welcome;
allow all;
}
location / {
return 301 https://$host$request_uri;
@@ -14,18 +15,17 @@ server {
}
server {
listen 443 ssl;
server_name triton.fet.at www.triton.fet.at triton.local;
listen 443 ssl http2;
server_name triton.fet.at www.triton.fet.at triton.local;
ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem;
auth_ldap "FET Login - TT";
auth_ldap_servers fet;
include snippets/ssl.conf;
include snippets/ldap.conf;
root /srv/welcome;
location /.well-known {
allow all;
}
root /srv/welcome/build;
location / {
ssi on;
index index.html;
@@ -34,7 +34,6 @@ server {
rewrite ^/conf/(.*)$ /$1 break;
proxy_pass http://localhost:8080;
}
location /doc {
return 301 https://intern.triton.fet.at$request_uri;
# include uwsgi_params;
@@ -43,6 +42,4 @@ server {
# rewrite ^/doc/(.*)$ /$1 break;
# proxy_pass http://localhost:8081;
}
}

87
triton.fet.at/wp.conf
View File

@@ -1,89 +1,28 @@
# -*-nginx-*-
server {
listen 80;
server_name www.onetufree.at;
# root /srv/pxy/wptriton;
server_name wp.triton.fet.at;
location /.well-known {
root /srv/pxy/onetufree;
allow all;
root /srv/welcome;
allow all;
}
location / {
return 301 https://$host$request_uri;
return 302 https://www.onetufree.at$request_uri;
}
}
server {
listen 80;
listen 443 ssl;
server_name onetufree.at wp.triton.fet.at www.wp.triton.fet.at;
# root /srv/pxy/wptriton;
listen 443 ssl http2;
server_name wp.triton.fet.at;
ssl_certificate /etc/letsencrypt/live/wp.triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wp.triton.fet.at/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/wp.triton.fet.at/chain.pem;
include snippets/ssl.conf;
location /.well-known {
root /srv/pxy/onetufree;
allow all;
}
location / {
return 301 https://www.onetufree.at$request_uri;
return 302 https://www.onetufree.at$request_uri;
}
}
upstream triamp {
server triton-amp.local:8001;
}
server {
listen 443 ssl;
server_name www.onetufree.at;# onetufree.at wp.triton.fet.at www.wp.triton.fet.at;
ssl_certificate /etc/letsencrypt/live/www.onetufree.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.onetufree.at/privkey.pem;
satisfy any;
auth_ldap "Under construction";
auth_ldap_servers fet;
auth_basic "Under construction";
auth_basic_user_file /srv/.passwd;
location /.well-known {
root /srv/pxy/onetufree;
allow all;
}
location / {
# rewrite ^/wp/(.*)$ /$1 break;
# return 301 http://$host$request_uri;
proxy_pass http://triamp;
proxy_set_header Accept-Encoding "";
proxy_set_header Host www.onetufree.at;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X_FORWARDED_SSL on;
proxy_set_header HTTP_X_FORWARDED_SSL on;
proxy_redirect default;
# more_set_headers 'Link: <https://wp.triton.fet.at/index.php/wp-json/>; rel="https://api.w.org/", <https://wp.triton.fet.at/>; rel=shortlink'
# more_set_headers 'Hello: World'
# sub_filter http https;
# sub_filter WordPress WP;
# force https Links
sub_filter http://wp.triton.fet.at https://www.onetufree.at;
sub_filter https://wp.triton.fet.at https://www.onetufree.at;
sub_filter http://www.onetufree.at https://www.onetufree.at;
sub_filter http: https:;
# sub_filter_types text/html;
# sub_filter_types application/javascript, text/javascript, text/html;# application/html text/* application/x-javascript text/xml;
sub_filter_once off;
}
}

39
triton.fet.at/wp2.conf
View File

@@ -1,11 +1,11 @@
# -*-nginx-*-
server {
listen 80;
server_name wp2.triton.fet.at www.wp2.triton.fet.at;
server_name wp2.triton.fet.at www.wp2.triton.fet.at;
location /.well-known {
root /srv/welcome;
allow all;
root /srv/welcome;
allow all;
}
location / {
return 301 https://$host$request_uri;
@@ -16,27 +16,24 @@ upstream triamp2 {
server triton-amp.local:8003;
}
server {
listen 443 ssl;
listen 443 ssl http2;
server_name wp2.triton.fet.at www.wp2.triton.fet.at;
ssl_certificate /etc/letsencrypt/live/wp.triton.fet.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wp.triton.fet.at/privkey.pem;
satisfy any;
auth_ldap "Under construction";
auth_ldap_servers fet;
ssl_trusted_certificate /etc/letsencrypt/live/wp.triton.fet.at/chain.pem;
auth_basic "Under construction";
auth_basic_user_file /srv/.passwd;
location /.well-known {
root /srv/welcome;
allow all;
}
include snippets/ssl.conf;
satisfy any;
location / {
# rewrite ^/wp/(.*)$ /$1 break;
include snippets/ldap.conf;
auth_basic "Under construction";
auth_basic_user_file /srv/.passwd;
# rewrite ^/wp/(.*)$ /$1 break;
# return 301 http://$host$request_uri;
proxy_pass http://triamp2;
proxy_set_header Accept-Encoding "";
@@ -47,7 +44,7 @@ server {
proxy_set_header HTTP_X_FORWARDED_SSL on;
proxy_redirect default;
# more_set_headers 'Link: <https://wp.triton.fet.at/index.php/wp-json/>; rel="https://api.w.org/", <https://wp.triton.fet.at/>; rel=shortlink'
# more_set_headers 'Link: <https://wp.triton.fet.at/index.php/wp-json/>; rel="https://api.w.org/", <https://wp.triton.fet.at/>; rel=shortlink'
# more_set_headers 'Hello: World'
# sub_filter http https;
# sub_filter WordPress WP;
@@ -56,12 +53,8 @@ server {
sub_filter http://wp2.triton.fet.at https://wp2.triton.fet.at;
# sub_filter http: https:;
# sub_filter_types text/html;
# sub_filter_types text/html;
# sub_filter_types application/javascript, text/javascript, text/html;# application/html text/* application/x-javascript text/xml;
sub_filter_once off;
}
}