commit 83354160ea6cdab232393bc19f6888baaff9c134 Author: root Date: Sun Jul 23 09:58:08 2017 +0200 initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a5abce0 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*~ +*# \ No newline at end of file diff --git a/default.conf b/default.conf new file mode 100644 index 0000000..e34e6d0 --- /dev/null +++ b/default.conf @@ -0,0 +1,45 @@ + server { + listen 192.168.95.10:80; + server_name localhost default; + + #charset koi8-r; + + #access_log logs/host.access.log main; + + location / { + root html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + } diff --git a/fachschaften.at/crawler.conf b/fachschaften.at/crawler.conf new file mode 100644 index 0000000..a3a140b --- /dev/null +++ b/fachschaften.at/crawler.conf @@ -0,0 +1,60 @@ +# -*-nginx-*- +server{ + listen 80; + server_name www.crawler.fachschaften.at crawler.fachschaften.at; + root /srv/pxy/fachschaften; + + # Location .well known is required for certificate renewal + location /.well-known { + allow all; + } + # Force SSL + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + server_name www.crawler.fachschaften.at crawler.fachschaften.at; + + ssl_certificate /etc/letsencrypt/live/www.fachschaften.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.fachschaften.at/privkey.pem; + root /srv/pxy/fachschaften; + + location /.well-known { + allow all; + } + + location /sections { + auth_basic " under construction "; + auth_basic_user_file /srv/fachschaften_htpasswd; + + try_files $uri @crawler; + } + + location /articles { + satisfy any; + auth_basic " under construction "; + auth_basic_user_file /srv/fachschaften_htpasswd; + deny all; + allow 192.168.95.0/24; + try_files $uri @crawler; + } + location /downloads { + try_files $uri @crawler; + } + + location @crawler { + proxy_pass http://fachschaften:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } +} + + + + # error_page 503 404 410 /404.html; +# access_log /var/log/crawler/nginxaccess.log; + # error_log /var/log/crawler/nginxerror.log; + diff --git a/fachschaften.at/default.conf b/fachschaften.at/default.conf new file mode 100644 index 0000000..bd75d2c --- /dev/null +++ b/fachschaften.at/default.conf @@ -0,0 +1,42 @@ +# -*-nginx-*- +server { + listen 80; + server_name www.fachschaften.at fachschaften.at; + root /srv/pxy/fachschaften; + # Location .well known is required for certificate renewal + location /.well-known { + allow all; + } + # Force SSL + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + server_name www.fachschaften.at fachschaften.at; + +# include letsencrypt.conf; + ssl_certificate /etc/letsencrypt/live/www.fachschaften.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.fachschaften.at/privkey.pem; + root /srv/pxy/fachschaften; + + location /.well-known { + allow all; + } + + location / { + try_files $uri @pxy; + } + + location = / { + return 301 https://$host/articles; + } + + location @pxy { + proxy_pass http://fachschaften.local:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } +} diff --git a/fet.at/alt.conf b/fet.at/alt.conf new file mode 100644 index 0000000..366d514 --- /dev/null +++ b/fet.at/alt.conf @@ -0,0 +1,73 @@ +# -*-nginx-*- +server { + listen 80; + server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at www.alt.fet.at 128.131.95.212; + location /.well-known { + allow all; + root /srv/pxy/alt/; + } + location / { + return 301 https://www.alt.fet.at$request_uri; + } + +} + +server { + listen 443 ssl http2; + server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at; +ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.alt.fet.at/privkey.pem; + location /.well-known { + allow all; + root /srv/pxy/alt/; + } + + location / { + return 302 https://www.alt.fet.at$request_uri; + } +} + +server { + listen 443 ssl http2; +# server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at; + server_name www.alt.fet.at; + ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.alt.fet.at/privkey.pem; + + location /.well-known { + allow all; + root /srv/pxy/alt/; + } + + location = / { + return 301 https://$host/twiki/bin/view/Homepage; + } + location = /twiki/ { + return 301 https://$host/twiki/bin/view/Homepage; + } + location = /alt/ { + return 301 https://$host/twiki/bin/view/Homepage; + } + location = /twiki/bin/ { + return 301 https://$host/twiki/bin/view/Homepage; + } + location = /alt/bin/ { + return 301 https://$host/twiki/bin/view/Homepage; + } + + location /alt { + rewrite ^/alt(.*) /twiki$1 last; + } + + location / { +# + proxy_set_header Host glonass.htu.tuwien.ac.at; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://twikialt.local; + sub_filter /alt/bin /twiki/bin; + sub_filter glonass.htu.tuwien.ac.at www.alt.fet.at; + sub_filter http https; + sub_filter_once off; + + } +} diff --git a/fet.at/cloud.conf b/fet.at/cloud.conf new file mode 100644 index 0000000..582c425 --- /dev/null +++ b/fet.at/cloud.conf @@ -0,0 +1,47 @@ +# -*-nginx-*- +server { + listen 80; + server_name www.cloud.fet.at cloud.fet.at; + + root /srv/pxy/cloud2; + location /.well-known { + allow all; + } + location / { + return 301 https://$host$request_uri; + } +} +server { + + listen 443 ssl; + server_name www.cloud.fet.at cloud.fet.at; + client_max_body_size 4000M; + sendfile on; + send_timeout 600s; + client_body_in_file_only clean; + +# include letsencrypt.conf; + ssl_certificate /etc/letsencrypt/live/www.cloud.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.cloud.fet.at/privkey.pem; + + + # auth_basic " under construction "; + # auth_basic_user_file /srv/fachschaften_htpasswd; + root /srv/pxy/cloud2; + index index.php; + location /.well-known { + allow all; + } + location / { + try_files $uri @pxy; + } + location @pxy { + proxy_pass http://192.168.95.22; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_buffering off; + proxy_request_buffering off; + client_body_buffer_size 32K; + } + +} diff --git a/fet.at/default.conf b/fet.at/default.conf new file mode 100644 index 0000000..9e95638 --- /dev/null +++ b/fet.at/default.conf @@ -0,0 +1,67 @@ +# -*-nginx-*- +server { + listen 80; + listen 443 ssl; + server_name fet.at 128.131.95.208; + ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem; + root /srv/pxy/fet.at; + location /.well-known { + allow all; + } + location / { + return 302 https://www.fet.at$request_uri; + } +} + +server { + listen 80; + server_name www.fet.at; + root /srv/pxy/fet.at; + location /.well-known { + allow all; + } + + location /etherpad { + proxy_pass http://192.168.95.11:3333; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + server_name www.fet.at; + ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem; + +# ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem; +# ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem; + + # auth_ldap "FET Login"; + # auth_ldap_servers fet; + root /srv/pxy/fet.at; + +# root /srv/welcome; + location / { + proxy_pass http://192.168.95.11:3333; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + +# index index.html; + } + location /.well-known { + allow all; + } + + location /alt { + return 302 https://www.alt.fet.at$request_uri; + } + location /twiki { + return 302 https://www.alt.fet.at$request_uri; + } + +} diff --git a/fet.at/etherpad.conf b/fet.at/etherpad.conf new file mode 100644 index 0000000..4d14494 --- /dev/null +++ b/fet.at/etherpad.conf @@ -0,0 +1,46 @@ +# -*-nginx-*- + +server { + listen 80; + server_name etherpad.fet.at www.etherpad.fet.at; + root /srv/pxy/fet.at; + location /.well-known { + allow all; + } + + location / { + proxy_pass http://192.168.95.11:9001; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } +# location / { +# return 301 https://$host$request_uri; +# } +} + +server { + listen 443 ssl; + server_name etherpad.fet.at www.etherpad.fet.at; + ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem; + +# ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem; +# ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem; + + # auth_ldap "FET Login"; + # auth_ldap_servers fet; + root /srv/pxy/fet.at; + +# root /srv/welcome; + location / { + proxy_pass http://192.168.95.11:9001; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + +# index index.html; + } + location /.well-known { + allow all; + } + +} diff --git a/fet.at/mail.conf b/fet.at/mail.conf new file mode 100644 index 0000000..450394a --- /dev/null +++ b/fet.at/mail.conf @@ -0,0 +1,56 @@ +# -*-nginx-*- + +server { + listen 80; + server_name www.mail.fet.at mail.fet.at fet.htu.tuwien.ac.at; + root /srv/pxy/mail.fet.at; + location /.well-known { + allow all; + } + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + server_name www.mail.fet.at mail.fet.at fet.htu.tuwien.ac.at; +# server_name fet.at www.fet.at 128.131.95.208; + ssl_certificate /etc/letsencrypt/live/www.mail.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.mail.fet.at/privkey.pem; + +# ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem; +# ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem; + + # auth_ldap "FET Login"; + # auth_ldap_servers fet; + root /srv/pxy/mail.fet.at; + +# root /srv/welcome; + location / { + proxy_bind $host:443; + proxy_pass http://192.168.95.11:80; +# proxy_redirect https://$host:8000/ https://$host:443/; +# proxy_redirect https://mail.fet.at:8000/ https://mail.fet.at:443/; +# proxy_redirect https://$host:8000/ https://$host:443/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X_FORWARDED_SSL on; + proxy_set_header HTTP_X_FORWARDED_SSL on; + proxy_set_header X-Forwarded-For $remote_addr; +# index index.html; + } + location /http { + index index.html; + rewrite_log on; + #rewrite ^/http(.*) $1 break; + alias /srv/www/mail/static; + } + location = / { + return 302 https://mail.fet.at/mail/; + } + location /.well-known { + allow all; + } + +} diff --git a/management.conf b/management.conf new file mode 100644 index 0000000..72a353d --- /dev/null +++ b/management.conf @@ -0,0 +1,9 @@ +# -*-nginx-*- +server { + listen 8080; + server_name default; + location / { + include uwsgi_params; + uwsgi_pass unix:/srv/run/management.sock; + } +} diff --git a/meinetu.at.conf b/meinetu.at.conf new file mode 100644 index 0000000..6dcbbf4 --- /dev/null +++ b/meinetu.at.conf @@ -0,0 +1,35 @@ +# -*-nginx-*- + +server { + listen 80; + server_name meinetu.at www.meinetu.at; + root /srv/welcome; + location /.well-known { + allow all; + } + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + server_name meinetu.at www.meinetu.at; + + ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; + + # auth_ldap "FET Login"; + # auth_ldap_servers fet; + root /srv/meinetu; + +# root /srv/welcome; + location / { + return 503; + index index.html; + } + location /.well-known { + allow all; + } + +} diff --git a/triton.fet.at/git.conf b/triton.fet.at/git.conf new file mode 100644 index 0000000..57129fb --- /dev/null +++ b/triton.fet.at/git.conf @@ -0,0 +1,78 @@ +# -*-nginx-*- +server { + listen 80; + server_name www.git.triton.fet.at git.triton.fet.at; + location /{ + return 301 https://$host$request_uri; + } + location /.well-known { + root /srv/welcome; + allow all; + } + +} +server { + listen 443 ssl; + # listen 80; + server_name www.git.triton.fet.at git.triton.fet.at; + ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; + +# satisfy any; +# allow 192.168.95.0/24; +# allow 127.0.0.1; +# deny all; +# +# auth_ldap "FET Login"; +# auth_ldap_servers fet; + + location /.well-known { + root /srv/welcome; + allow all; + } + location = / { + return 302 https://$host/http/; + } + + location /http { + auth_ldap "FET Login"; + auth_ldap_servers fet; + root /srv/git/; + index index.html; + } + location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ { + satisfy any; + allow 192.168.95.0/24; + allow 127.0.0.1; + deny all; + + auth_ldap "FET Login"; + auth_ldap_servers fet; + root /srv/git/git/; + } + location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ { +# satisfy any; +# allow 192.168.95.0/24; +# allow 127.0.0.1; +# deny all; + auth_ldap "FET Login"; + auth_ldap_servers fet; + + root /srv/git/git/; + # if ($remote_user = '') { + # set $my_remote_user "nobody"; + # } + # if ($remote_user ~* '') + # { set $my_remote_user $remote_user; + # } + client_max_body_size 0; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + fastcgi_param GIT_HTTP_EXPORT_ALL ""; + fastcgi_param GIT_PROJECT_ROOT /srv/git; + fastcgi_param PATH_INFO $uri; + fastcgi_param REMOTE_USER $remote_user; + include fastcgi_params; + + } +} diff --git a/triton.fet.at/gitlab.conf b/triton.fet.at/gitlab.conf new file mode 100644 index 0000000..e69de29 diff --git a/triton.fet.at/intern.conf b/triton.fet.at/intern.conf new file mode 100644 index 0000000..1cbbc72 --- /dev/null +++ b/triton.fet.at/intern.conf @@ -0,0 +1,39 @@ +# -*-nginx-*- + +server { + listen 80; + server_name intern.triton.fet.at www.intern.triton.fet.at; + + location /.well-known { + root /srv/welcome; + allow all; + } + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + #listen 8081; + server_name intern.triton.fet.at www.intern.triton.fet.at; + ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; + satisfy any; + auth_ldap "FET Login"; + auth_ldap_servers fet; + auth_basic "Alternative Login"; + auth_basic_user_file /srv/auth/.basic_user; + location / { + include uwsgi_params; + uwsgi_pass unix:/srv/run/intern.sock; + } + location = / { + return 301 https://$host/index; + } + location /.well-known { + root /srv/welcome; + allow all; + } + +} diff --git a/triton.fet.at/sql.triton.fet.at.conf b/triton.fet.at/sql.triton.fet.at.conf new file mode 100644 index 0000000..d39ac1d --- /dev/null +++ b/triton.fet.at/sql.triton.fet.at.conf @@ -0,0 +1,49 @@ +# -*-nginx-*- +upstream triampsql { + server triton-amp.local:8002; +} + +server { + listen 80; + server_name sql.triton.fet.at www.sql.triton.fet.at; + root /srv/pxy/wptriton; + location /.well-known { + allow all; + } + location / { + return 301 https://$host$request_uri; + } +} + + + +server { + listen 443 ssl; + server_name sql.triton.fet.at www.sql.triton.fet.at; + + #ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; + #ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; + + auth_ldap "FET Login"; + auth_ldap_servers fet; + + location /.well-known { + allow all; + } + + location / { + proxy_pass http://triampsql; + proxy_set_header Accept-Encoding ""; + proxy_set_header Host sql.triton.fet.at; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X_FORWARDED_SSL on; + proxy_redirect default; + + # force https Links +# sub_filter http://wp.triton.fet.at https://wp.triton.fet.at; +# sub_filter http: https:; +# sub_filter_once off; + + } + +} diff --git a/triton.fet.at/testrby.conf b/triton.fet.at/testrby.conf new file mode 100644 index 0000000..b2034a0 --- /dev/null +++ b/triton.fet.at/testrby.conf @@ -0,0 +1,61 @@ +# -*-nginx-*- +server { + server_name testrby.triton.fet.at; + listen 80; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; + + location /.well-known { + root /srv/welcome; + allow all; + } + location / { + return 302 https://www.testrby.trition.fet.at$request_uri; + } +} + +server { + server_name www.testrby.triton.fet.at; + listen 80; + location /.well-known { + allow all; + root /srv/welcome; + } + location / { + return 301 https://$host$request_uri; + } +} + +server { + server_name www.testrby.triton.fet.at; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; + auth_ldap "FET Login"; + auth_ldap_servers fet; + + location /.well-known { + root /srv/welcome; + allow all; + } + location / { + proxy_pass http://mogok.local:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } + location /tc { + rewrite ^/tc/(.*)$ /$1 break; + proxy_pass http://triton-amp.local:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } + location /conf { + rewrite ^/conf/(.*)$ /$1 break; + proxy_pass http://mogok.local:8001; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } + +} + diff --git a/triton.fet.at/welcome.conf b/triton.fet.at/welcome.conf new file mode 100644 index 0000000..de1b7db --- /dev/null +++ b/triton.fet.at/welcome.conf @@ -0,0 +1,48 @@ +# -*-nginx-*- +# Beschreibung: Dies ist ein fallback falls kein sonstiger Server gewaehlt wurde. Im geschuetzten Bereich befinden sich Infos zur Konfiguration! + +server { + listen 80; + server_name triton.fet.at www.triton.fet.at triton.local; + root /srv/welcome; + location /.well-known { + allow all; + } + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + server_name triton.fet.at www.triton.fet.at triton.local; + ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; + + auth_ldap "FET Login - TT"; + auth_ldap_servers fet; + + root /srv/welcome; + location /.well-known { + allow all; + } + location / { + ssi on; + index index.html; + } + location /conf { + rewrite ^/conf/(.*)$ /$1 break; + proxy_pass http://localhost:8080; + } + + location /doc { + return 301 https://intern.triton.fet.at$request_uri; + # include uwsgi_params; + # uwsgi_pass unix:/srv/run/intern.sock; + # sub_filter triton.fet.at/ triton.fet.at/doc/; + # rewrite ^/doc/(.*)$ /$1 break; + # proxy_pass http://localhost:8081; + } + + +} diff --git a/triton.fet.at/wp.conf b/triton.fet.at/wp.conf new file mode 100644 index 0000000..26070cf --- /dev/null +++ b/triton.fet.at/wp.conf @@ -0,0 +1,89 @@ +# -*-nginx-*- +server { + listen 80; + server_name www.onetufree.at; +# root /srv/pxy/wptriton; + + + location /.well-known { + root /srv/pxy/onetufree; + allow all; + } + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 80; + listen 443 ssl; + server_name onetufree.at wp.triton.fet.at www.wp.triton.fet.at; +# root /srv/pxy/wptriton; + + + location /.well-known { + root /srv/pxy/onetufree; + allow all; + } + location / { + return 301 https://www.onetufree.at$request_uri; + } +} + + + + +upstream triamp { + server triton-amp.local:8001; +} + + +server { + listen 443 ssl; + server_name www.onetufree.at;# onetufree.at wp.triton.fet.at www.wp.triton.fet.at; + + ssl_certificate /etc/letsencrypt/live/www.onetufree.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.onetufree.at/privkey.pem; + satisfy any; + auth_ldap "Under construction"; + auth_ldap_servers fet; + + auth_basic "Under construction"; + auth_basic_user_file /srv/.passwd; + + location /.well-known { + root /srv/pxy/onetufree; + allow all; + } + + location / { + # rewrite ^/wp/(.*)$ /$1 break; +# return 301 http://$host$request_uri; + proxy_pass http://triamp; + proxy_set_header Accept-Encoding ""; + proxy_set_header Host www.onetufree.at; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X_FORWARDED_SSL on; + proxy_set_header HTTP_X_FORWARDED_SSL on; + proxy_redirect default; + + # more_set_headers 'Link: ; rel="https://api.w.org/", ; rel=shortlink' +# more_set_headers 'Hello: World' +# sub_filter http https; +# sub_filter WordPress WP; + + # force https Links + sub_filter http://wp.triton.fet.at https://www.onetufree.at; + sub_filter https://wp.triton.fet.at https://www.onetufree.at; + sub_filter http://www.onetufree.at https://www.onetufree.at; + sub_filter http: https:; + + + # sub_filter_types text/html; +# sub_filter_types application/javascript, text/javascript, text/html;# application/html text/* application/x-javascript text/xml; + sub_filter_once off; + + } + +} + diff --git a/triton.fet.at/wp2.conf b/triton.fet.at/wp2.conf new file mode 100644 index 0000000..6b392dc --- /dev/null +++ b/triton.fet.at/wp2.conf @@ -0,0 +1,67 @@ +# -*-nginx-*- +server { + listen 80; + server_name wp2.triton.fet.at www.wp2.triton.fet.at; + + location /.well-known { + root /srv/welcome; + allow all; + } + location / { + return 301 https://$host$request_uri; + } +} + +upstream triamp2 { + server triton-amp.local:8003; +} + + +server { + listen 443 ssl; + server_name wp2.triton.fet.at www.wp2.triton.fet.at; + + ssl_certificate /etc/letsencrypt/live/wp.triton.fet.at/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/wp.triton.fet.at/privkey.pem; + satisfy any; + auth_ldap "Under construction"; + auth_ldap_servers fet; + + auth_basic "Under construction"; + auth_basic_user_file /srv/.passwd; + + location /.well-known { + root /srv/welcome; + allow all; + } + + location / { + # rewrite ^/wp/(.*)$ /$1 break; +# return 301 http://$host$request_uri; + proxy_pass http://triamp2; + proxy_set_header Accept-Encoding ""; + proxy_set_header Host wp2.triton.fet.at; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X_FORWARDED_SSL on; + proxy_set_header REQUEST_SCHEME https; + proxy_set_header HTTP_X_FORWARDED_SSL on; + proxy_redirect default; + + # more_set_headers 'Link: ; rel="https://api.w.org/", ; rel=shortlink' +# more_set_headers 'Hello: World' +# sub_filter http https; +# sub_filter WordPress WP; + + # force https Links + sub_filter http://wp2.triton.fet.at https://wp2.triton.fet.at; +# sub_filter http: https:; + + + # sub_filter_types text/html; +# sub_filter_types application/javascript, text/javascript, text/html;# application/html text/* application/x-javascript text/xml; + sub_filter_once off; + + } + +} +