Browse Source

snapshot of current setup

pull/1/head
Ralph Rönnquist 4 months ago
parent
commit
e6e9633cc0
8 changed files with 194 additions and 28 deletions
  1. +55
    -0
      etc/nginx/sites-available/001-pkginfo.devuan.org
  2. +49
    -0
      etc/nginx/sites-available/002-www.devuan.org
  3. +42
    -0
      etc/nginx/sites-available/003-beta.devuan.org
  4. +21
    -0
      etc/nginx/sites-available/default
  5. +0
    -22
      etc/nginx/sites-available/devuan-web.conf
  6. +9
    -6
      etc/nginx/snippets/devuan-web.conf
  7. +13
    -0
      etc/nginx/snippets/fastcgi-php.conf
  8. +5
    -0
      etc/nginx/snippets/snakeoil.conf

+ 55
- 0
etc/nginx/sites-available/001-pkginfo.devuan.org View File

@@ -0,0 +1,55 @@
server {
listen 80;
# listen [::]:80;

server_name pkginfo.devuan.org;
location ~ ^/.well-known/acme-challenge {
root /home/pkginfo.devuan.org/letsencrypt;
}

location / {
return 301 https://$server_name$request_uri;
}


}

server {

listen 443 ssl;
# listen [::]:443;

server_name pkginfo.devuan.org;
root /home/pkginfo.devuan.org/public;


location / {
autoindex off;
}

location /cgi-bin/ {
gzip off;
autoindex off;
#root /home/info.devuan.org/cgi-bin;
# Fastcgi socket
fastcgi_pass unix:/var/run/fcgiwrap.socket;
# Fastcgi parameters, include the standard ones
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}

ssl on;

ssl_certificate /etc/letsencrypt/live/pkginfo.devuan.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pkginfo.devuan.org/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
resolver 213.186.33.99 valid=300s;
resolver_timeout 3s;
}

+ 49
- 0
etc/nginx/sites-available/002-www.devuan.org View File

@@ -0,0 +1,49 @@
server {
listen 80;
# listen [::]:80;

server_name www.devuan.org dev-1.org dev-one.org devuan.org;
location ~ ^/.well-known/acme-challenge {
root /var/www/devuan-www/letsencrypt;
}
# try_files $uri $uri/index.html $uri.htm $uri.html;
##root /var/www/devuan-www/public;

location / {
return 301 https://www.devuan.org$request_uri;
}


}

server {
listen 80;
server_name devuanzuwu3xoqwp.onion;
root /var/www/devuan-www/public.current;
include /etc/nginx/snippets/devuan-web.conf;
}

server {

listen 443 ssl;
# listen [::]:443;

server_name www.devuan.org dev-1.org dev-one.org devuan.org;
root /var/www/devuan-www/public.current;
include /etc/nginx/snippets/devuan-web.conf;

ssl on;
ssl_certificate /etc/letsencrypt/live/dev-1.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dev-1.org/privkey.pem; # managed by Certbot
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
resolver 213.186.33.99 valid=300s;
resolver_timeout 3s;
}

+ 42
- 0
etc/nginx/sites-available/003-beta.devuan.org View File

@@ -0,0 +1,42 @@
server {
listen 80;
# listen [::]:80;

server_name beta.devuan.org;
location ~ ^/.well-known/acme-challenge {
root /var/www/devuan-www/letsencrypt;
}
# try_files $uri $uri/index.html $uri.htm $uri.html;
##root /var/www/devuan-www/public;

location / {
return 301 https://$server_name$request_uri;
}


}

server {

listen 443 ssl;
# listen [::]:443;

server_name beta.devuan.org;
root /var/www/devuan-www.beta/public.current;
include /etc/nginx/snippets/devuan-web.conf;

ssl on;
ssl_certificate /etc/letsencrypt/live/dev-1.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dev-1.org/privkey.pem; # managed by Certbot
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
resolver 213.186.33.99 valid=300s;
resolver_timeout 3s;

}

+ 21
- 0
etc/nginx/sites-available/default View File

@@ -0,0 +1,21 @@
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;

location / {
return 301 https://www.devuan.org$request_uri;
}

}

server {

listen 443 ssl;
# listen [::]:443;

location / {
return 301 https://www.devuan.org$request_uri;
}
}

+ 0
- 22
etc/nginx/sites-available/devuan-web.conf View File

@@ -1,22 +0,0 @@
#
# Basic nginx config.
# TLS support, redirects, are missing here.
#

server {
listen 80;
server_name devuanzuwu3xoqwp.onion;
root /var/www/devuan-www/public.current;
include /etc/nginx/snippets/devuan-web.conf;
}

server {
listen 80;

server_name devuan.org www.devuan.org;

root /var/www/devuan-www;
include /etc/nginx/snippets/devuan-web.conf;
}

+ 9
- 6
etc/nginx/snippets/devuan-web.conf View File

@@ -10,6 +10,8 @@
# rewrite ^/releases.*$ https://files.devuan.org permanent;
rewrite ^/os/releases/.*$ /os/releases permanent;
rewrite ^/os/mirror.*$ /#download permanent;
rewrite ^/os/download$ /get-devuan permanent;
rewrite ^/os/download/$ /get-devuan permanent;
# https://files.devuan.org permanent;
# rewrite ^/os/releases/jessie.*$ https://files.devuan.org permanent;
rewrite ^/donate.*$ /os/donate permanent;
@@ -38,14 +40,15 @@ location ~ ^/d1conf(|/)$ {
location ~ ^/os/packages/(.+)$ {
return 301 https://pkginfo.devuan.org/cgi-bin/d1pkgweb-query?search=$1;
}
location ~ ^/os/packages(|/)$ {
return 301 https://pkginfo.devuan.org;
}
## LeePen: disabled 20200306 for website restructure.
#location ~ ^/os/packages(|/)$ {
# return 301 https://pkginfo.devuan.org;
#}

# Mirror: change 'en' with your language
# Localize error pages, English default
error_page 403 /error/403.html;
error_page 404 /error/404.html;
error_page 403 /error/403.html;
error_page 404 /error/404.html;
error_page 500 501 502 503 /error/50x.html;
location /error {
internal;
@@ -58,5 +61,5 @@ rewrite ^/en/(.*)$ /$1 last; # Mirror: comment out if you mirror a translatio

location / {
autoindex off;
try_files $uri $uri/index.html $uri.htm $uri.html =404;
try_files $uri $uri.html $uri/index.html $uri.htm =404;
}

+ 13
- 0
etc/nginx/snippets/fastcgi-php.conf View File

@@ -0,0 +1,13 @@
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;

# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;

# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;

fastcgi_index index.php;
include fastcgi.conf;

+ 5
- 0
etc/nginx/snippets/snakeoil.conf View File

@@ -0,0 +1,5 @@
# Self signed certificates generated by the ssl-cert package
# Don't use them in a production server!

ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

Loading…
Cancel
Save