diff --git a/fachschaften.at/crawler.conf b/fachschaften.at/crawler.conf index 365b906..52a6753 100644 --- a/fachschaften.at/crawler.conf +++ b/fachschaften.at/crawler.conf @@ -3,13 +3,7 @@ server { listen 80; server_name www.crawler.fachschaften.at crawler.fachschaften.at; - location /.well-known { - root /srv/pxy/fachschaften; - allow all; - } - location / { - return 301 https://$host$request_uri; - } + include snippets/letsencrypt.conf; } server { @@ -19,7 +13,6 @@ server { ssl_certificate /etc/letsencrypt/live/www.fachschaften.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.fachschaften.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/www.fachschaften.at/chain.pem; - include snippets/ssl.conf; location /sections { @@ -46,7 +39,7 @@ server { } } -# error_page 503 404 410 /404.html; -# access_log /var/log/crawler/nginxaccess.log; -# error_log /var/log/crawler/nginxerror.log; +#error_page 503 404 410 /404.html; +#access_log /var/log/crawler/nginxaccess.log; +#error_log /var/log/crawler/nginxerror.log; diff --git a/fachschaften.at/default.conf b/fachschaften.at/default.conf index da785d9..7bdfeac 100644 --- a/fachschaften.at/default.conf +++ b/fachschaften.at/default.conf @@ -3,12 +3,11 @@ server { listen 80; server_name www.fachschaften.at fachschaften.at; - location /.well-known { - root /srv/pxy/fachschaften; - allow all; - } - location / { - return 301 https://$host$request_uri; + include snippets/letsencrypt.conf; + + location = /google07a86d8e121467dc.html { + rewrite ^/(.*) $1; + return 200 "google-site-verification: $uri"; } } @@ -19,16 +18,12 @@ server { ssl_certificate /etc/letsencrypt/live/www.fachschaften.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.fachschaften.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/www.fachschaften.at/chain.pem; - include snippets/ssl.conf; - location / { - try_files $uri @pxy; - } location = / { return 301 https://$host/articles; } - location @pxy { + location / { proxy_pass http://fachschaften.local:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; diff --git a/fet.at/alt.conf b/fet.at/alt.conf index d1a5f46..3e76a04 100644 --- a/fet.at/alt.conf +++ b/fet.at/alt.conf @@ -1,25 +1,27 @@ # -*-nginx-*- server { listen 80; - server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at www.alt.fet.at 128.131.95.212; + server_name glonass.htu.tuwien.ac.at 128.131.95.212; - location /.well-known { - root /srv/pxy/alt/; - allow all; - } location / { return 301 https://www.alt.fet.at$request_uri; } } +server { + listen 80; + server_name alt.triton.fet.at www.alt.triton.fet.at alt.fet.at www.alt.fet.at; + + include snippets/letsencrypt.conf; +} + server { listen 443 ssl http2; - server_name alt.triton.fet.at www.alt.triton.fet.at glonass.htu.tuwien.ac.at alt.fet.at; + server_name alt.triton.fet.at www.alt.triton.fet.at alt.fet.at; ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.alt.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/www.alt.fet.at/chain.pem; - include snippets/ssl.conf; location / { @@ -34,7 +36,6 @@ server { ssl_certificate /etc/letsencrypt/live/www.alt.fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.alt.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/www.alt.fet.at/chain.pem; - include snippets/ssl.conf; location = / { diff --git a/fet.at/cloud.conf b/fet.at/cloud.conf index f728487..cd0c773 100644 --- a/fet.at/cloud.conf +++ b/fet.at/cloud.conf @@ -3,13 +3,7 @@ server { listen 80; server_name www.cloud.fet.at cloud.fet.at; - location /.well-known { - root /srv/pxy/cloud2; - allow all; - } - location / { - return 301 https://$host$request_uri; - } + include snippets/letsencrypt.conf; } server { @@ -19,8 +13,8 @@ server { ssl_certificate /etc/letsencrypt/live/www.cloud.fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.cloud.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/www.cloud.fet.at/chain.pem; - include snippets/ssl.conf; + # include snippets/ldap.conf; client_max_body_size 4000M; @@ -30,9 +24,6 @@ server { index index.php; location / { - try_files $uri @pxy; - } - location @pxy { proxy_pass http://192.168.95.22; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; diff --git a/fet.at/default.conf b/fet.at/default.conf index 7b29703..a453e5e 100644 --- a/fet.at/default.conf +++ b/fet.at/default.conf @@ -3,13 +3,7 @@ server { listen 80; server_name fet.at 128.131.95.208; - location /.well-known { - root /srv/pxy/fet.at; - allow all; - } - location / { - return 301 https://$host$request_uri; - } + include snippets/letsencrypt.conf; } server { @@ -19,7 +13,6 @@ server { ssl_certificate /etc/letsencrypt/live/fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/fet.at/chain.pem; - include snippets/ssl.conf; location / { @@ -31,20 +24,15 @@ server { listen 80; server_name www.fet.at; + include snippets/letsencrypt.conf; + client_max_body_size 50M; - location /.well-known { - root /srv/pxy/fet.at; - allow all; - } location /etherpad { proxy_pass http://192.168.95.11:3333; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } - location / { - return 301 https://$host$request_uri; - } } server { @@ -54,8 +42,8 @@ server { ssl_certificate /etc/letsencrypt/live/www.fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/www.fet.at/chain.pem; - include snippets/ssl.conf; + # include snippets/ldap.conf; client_max_body_size 50M; diff --git a/fet.at/git.conf b/fet.at/git.conf index 61d2d43..3e97a9f 100644 --- a/fet.at/git.conf +++ b/fet.at/git.conf @@ -3,13 +3,7 @@ server { listen 80; server_name git.fet.at; - location /.well-known { - root /srv/pxy/git; - allow all; - } - location / { - return 301 https://$host$request_uri; - } + include snippets/letsencrypt.conf; } server { @@ -19,8 +13,8 @@ server { ssl_certificate /etc/letsencrypt/live/git.fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/git.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/git.fet.at/chain.pem; - include snippets/ssl.conf; + include snippets/header.conf; location / { diff --git a/fet.at/mail.conf b/fet.at/mail.conf index fd7b3c1..d982fd6 100644 --- a/fet.at/mail.conf +++ b/fet.at/mail.conf @@ -3,13 +3,7 @@ server { listen 80; server_name www.mail.fet.at mail.fet.at fet.htu.tuwien.ac.at; - location /.well-known { - root /srv/pxy/mail.fet.at; - allow all; - } - location / { - return 301 https://$host$request_uri; - } + include snippets/letsencrypt.conf; } server { @@ -19,8 +13,8 @@ server { ssl_certificate /etc/letsencrypt/live/www.mail.fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.mail.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/www.mail.fet.at/chain.pem; - include snippets/ssl.conf; + # include snippets/ldap.conf; location / { @@ -30,7 +24,6 @@ server { # proxy_redirect https://mail.fet.at:8000/ https://mail.fet.at:443/; # proxy_redirect https://$host:8000/ https://$host:443/; include snippets/proxy_header.conf; -# index index.html; } location /http { index index.html; diff --git a/management.conf b/management.conf index 72a353d..4ddaafb 100644 --- a/management.conf +++ b/management.conf @@ -2,6 +2,7 @@ server { listen 8080; server_name default; + location / { include uwsgi_params; uwsgi_pass unix:/srv/run/management.sock; diff --git a/meinetu.at.conf b/meinetu.at.conf index 626e977..00da0db 100644 --- a/meinetu.at.conf +++ b/meinetu.at.conf @@ -3,24 +3,18 @@ server { listen 80; server_name meinetu.at www.meinetu.at; - location /.well-known { - root /srv/welcome; - allow all; - } - location / { - return 301 https://$host$request_uri; - } + include snippets/letsencrypt.conf; } server { - listen 443 ssl; + listen 443 ssl http2; server_name meinetu.at www.meinetu.at; ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem; - include snippets/ssl.conf; + # include snippets/ldap.conf root /srv/meinetu; diff --git a/triton.fet.at/git.conf b/triton.fet.at/git.conf index e0829e9..a806890 100644 --- a/triton.fet.at/git.conf +++ b/triton.fet.at/git.conf @@ -3,13 +3,7 @@ server { listen 80; server_name www.git.triton.fet.at git.triton.fet.at; - location /.well-known { - root /srv/welcome; - allow all; - } - location /{ - return 301 https://$host$request_uri; - } + include snippets/letsencrypt.conf; } server { @@ -19,7 +13,6 @@ server { ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem; - include snippets/ssl.conf; # satisfy any; @@ -27,8 +20,7 @@ server { # allow 127.0.0.1; # deny all; # -# auth_ldap "FET Login"; -# auth_ldap_servers fet; +# include snippets/ldap.conf; access_log logs/git.triton.access.log; location = / { @@ -68,10 +60,11 @@ server { root /mnt/git_repo/; } location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ { -# satisfy any; -# allow 192.168.95.0/24; -# allow 127.0.0.1; -# deny all; + satisfy any; + allow 192.168.95.0/24; + allow 127.0.0.1; + deny all; + include snippets/ldap.conf; root /mnt/git_repo/git/; diff --git a/triton.fet.at/intern.conf b/triton.fet.at/intern.conf index e3cb9e4..4f5ef71 100644 --- a/triton.fet.at/intern.conf +++ b/triton.fet.at/intern.conf @@ -3,13 +3,7 @@ server { listen 80; server_name intern.triton.fet.at www.intern.triton.fet.at; - location /.well-known { - root /srv/welcome; - allow all; - } - location / { - return 301 https://$host$request_uri; - } + include snippets/letsencrypt.conf; } server { @@ -19,8 +13,8 @@ server { ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem; - include snippets/ssl.conf; + include snippets/ldap.conf; auth_basic "Alternative Login"; auth_basic_user_file /srv/auth/.basic_user; diff --git a/triton.fet.at/onetufree.conf b/triton.fet.at/onetufree.conf index 03d0c44..edd54ac 100644 --- a/triton.fet.at/onetufree.conf +++ b/triton.fet.at/onetufree.conf @@ -3,12 +3,11 @@ server { listen 80; server_name onetufree.at; - location /.well-known { - root /srv/pxy/onetufree; - allow all; - } - location / { - return 302 https://www.onetufree.at$request_uri; + include snippets/letsencrypt.conf; + + location = /google07a86d8e121467dc.html { + rewrite ^/(.*) $1; + return 200 "google-site-verification: $uri"; } } @@ -19,7 +18,6 @@ server { ssl_certificate /etc/letsencrypt/live/www.onetufree.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.onetufree.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/www.onetufree.at/chain.pem; - include snippets/ssl.conf; location / { @@ -31,13 +29,7 @@ server { listen 80; server_name www.onetufree.at; - location /.well-known { - root /srv/pxy/onetufree; - allow all; - } - location / { - return 301 https://$host$request_uri; - } + include snippets/letsencrypt.conf; } upstream triamp { @@ -51,7 +43,6 @@ server { ssl_certificate /etc/letsencrypt/live/www.onetufree.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.onetufree.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/www.onetufree.at/chain.pem; - include snippets/ssl.conf; # include snippets/ldap.conf; diff --git a/triton.fet.at/sql.triton.fet.at.conf b/triton.fet.at/sql.triton.fet.at.conf index bb367e8..1d9f807 100644 --- a/triton.fet.at/sql.triton.fet.at.conf +++ b/triton.fet.at/sql.triton.fet.at.conf @@ -7,24 +7,18 @@ server { listen 80; server_name sql.triton.fet.at www.sql.triton.fet.at; - location /.well-known { - root /srv/pxy/wptriton; - allow all; - } - location / { - return 301 https://$host$request_uri; - } + include snippets/letsencrypt.conf; } server { - listen 443 ssl; + listen 443 ssl http2; server_name sql.triton.fet.at www.sql.triton.fet.at; ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem; - include snippets/ssl.conf; + include snippets/ldap.conf; location / { diff --git a/triton.fet.at/testrby.conf b/triton.fet.at/testrby.conf index c1cd7d0..bcae3fc 100644 --- a/triton.fet.at/testrby.conf +++ b/triton.fet.at/testrby.conf @@ -1,44 +1,41 @@ # -*-nginx-*- server { - server_name testrby.triton.fet.at; listen 80; - listen 443 ssl; + server_name testrby.triton.fet.at; + + include snippets/letsencrypt.conf; +} + +server { + listen 443 ssl http2; + server_name testrby.triton.fet.at; + ssl_certificate /etc/letsencrypt/live/testrby.triton.fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/testrby.triton.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/testrby.triton.fet.at/chain.pem; - include snippets/ssl.conf; - location /.well-known { - root /srv/pxy/testrby; - allow all; - } location / { return 302 https://www.testrby.triton.fet.at$request_uri; } } server { - server_name www.testrby.triton.fet.at; listen 80; - location /.well-known { - root /srv/pxy/testrby; - allow all; - } - location / { - return 301 https://$host$request_uri; - } + server_name www.testrby.triton.fet.at; + + include snippets/letsencrypt.conf; } server { server_name www.testrby.triton.fet.at; - listen 443 ssl; + listen 443 ssl http2; ssl_certificate /etc/letsencrypt/live/testrby.triton.fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/testrby.triton.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/testrby.triton.fet.at/chain.pem; - include snippets/ssl.conf; + include snippets/ldap.conf; location / { @@ -59,4 +56,3 @@ server { proxy_set_header X-Real-IP $remote_addr; } } - diff --git a/triton.fet.at/testrbyandi.conf b/triton.fet.at/testrbyandi.conf index 50ca753..6e542cb 100644 --- a/triton.fet.at/testrbyandi.conf +++ b/triton.fet.at/testrbyandi.conf @@ -1,44 +1,41 @@ # -*-nginx-*- server { - server_name testrbyandi.triton.fet.at; listen 80; - listen 443 ssl; + server_name testrbyandi.triton.fet.at; + + include snippets/letsencrypt.conf; +} + +server { + listen 443 ssl http2; + server_name testrbyandi.triton.fet.at; + ssl_certificate /etc/letsencrypt/live/testrby.triton.fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/testrby.triton.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/testrby.triton.fet.at/chain.pem; - include snippets/ssl.conf; - location /.well-known { - root /srv/pxy/testrby; - allow all; - } location / { return 302 https://www.testrbyandi.trition.fet.at$request_uri; } } server { - server_name www.testrbyandi.triton.fet.at; listen 80; + server_name www.testrbyandi.triton.fet.at; - location /.well-known { - root /srv/pxy/testrby; - allow all; - } - location / { - return 301 https://$host$request_uri; - } + include snippets/letsencrypt.conf; } server { + listen 443 ssl http2; server_name www.testrbyandi.triton.fet.at; - listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/testrby.triton.fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/testrby.triton.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/testrby.triton.fet.at/chain.pem; - include snippets/ssl.conf; + include snippets/ldap.conf; location / { diff --git a/triton.fet.at/welcome.conf b/triton.fet.at/welcome.conf index 0ada501..0d3cb2c 100644 --- a/triton.fet.at/welcome.conf +++ b/triton.fet.at/welcome.conf @@ -5,13 +5,7 @@ server { listen 80; server_name triton.fet.at www.triton.fet.at triton.local; - location /.well-known { - root /srv/welcome; - allow all; - } - location / { - return 301 https://$host$request_uri; - } + include snippets/letsencrypt.conf; } server { @@ -21,8 +15,8 @@ server { ssl_certificate /etc/letsencrypt/live/triton.fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/triton.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/triton.fet.at/chain.pem; - include snippets/ssl.conf; + include snippets/ldap.conf; root /srv/welcome/build; diff --git a/triton.fet.at/wp.conf b/triton.fet.at/wp.conf index b846e98..dbab6a0 100644 --- a/triton.fet.at/wp.conf +++ b/triton.fet.at/wp.conf @@ -3,13 +3,7 @@ server { listen 80; server_name wp.triton.fet.at; - location /.well-known { - root /srv/welcome; - allow all; - } - location / { - return 302 https://www.onetufree.at$request_uri; - } + include snippets/letsencrypt.conf; } server { @@ -19,7 +13,6 @@ server { ssl_certificate /etc/letsencrypt/live/wp.triton.fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/wp.triton.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/wp.triton.fet.at/chain.pem; - include snippets/ssl.conf; location / { diff --git a/triton.fet.at/wp2.conf b/triton.fet.at/wp2.conf index ba7f15f..3c52e22 100644 --- a/triton.fet.at/wp2.conf +++ b/triton.fet.at/wp2.conf @@ -3,13 +3,7 @@ server { listen 80; server_name wp2.triton.fet.at www.wp2.triton.fet.at; - location /.well-known { - root /srv/welcome; - allow all; - } - location / { - return 301 https://$host$request_uri; - } + include snippets/letsencrypt.conf; } upstream triamp2 { @@ -23,7 +17,6 @@ server { ssl_certificate /etc/letsencrypt/live/wp.triton.fet.at/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/wp.triton.fet.at/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/wp.triton.fet.at/chain.pem; - include snippets/ssl.conf; satisfy any;