Browse Source

snapshot of current setup

pull/1/head
Ralph Rönnquist 2 years ago
parent
commit
e6e9633cc0
  1. 55
      etc/nginx/sites-available/001-pkginfo.devuan.org
  2. 49
      etc/nginx/sites-available/002-www.devuan.org
  3. 42
      etc/nginx/sites-available/003-beta.devuan.org
  4. 21
      etc/nginx/sites-available/default
  5. 22
      etc/nginx/sites-available/devuan-web.conf
  6. 15
      etc/nginx/snippets/devuan-web.conf
  7. 13
      etc/nginx/snippets/fastcgi-php.conf
  8. 5
      etc/nginx/snippets/snakeoil.conf

55
etc/nginx/sites-available/001-pkginfo.devuan.org

@ -0,0 +1,55 @@
server {
listen 80;
# listen [::]:80;
server_name pkginfo.devuan.org;
location ~ ^/.well-known/acme-challenge {
root /home/pkginfo.devuan.org/letsencrypt;
}
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
# listen [::]:443;
server_name pkginfo.devuan.org;
root /home/pkginfo.devuan.org/public;
location / {
autoindex off;
}
location /cgi-bin/ {
gzip off;
autoindex off;
#root /home/info.devuan.org/cgi-bin;
# Fastcgi socket
fastcgi_pass unix:/var/run/fcgiwrap.socket;
# Fastcgi parameters, include the standard ones
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
ssl on;
ssl_certificate /etc/letsencrypt/live/pkginfo.devuan.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pkginfo.devuan.org/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
resolver 213.186.33.99 valid=300s;
resolver_timeout 3s;
}

49
etc/nginx/sites-available/002-www.devuan.org

@ -0,0 +1,49 @@
server {
listen 80;
# listen [::]:80;
server_name www.devuan.org dev-1.org dev-one.org devuan.org;
location ~ ^/.well-known/acme-challenge {
root /var/www/devuan-www/letsencrypt;
}
# try_files $uri $uri/index.html $uri.htm $uri.html;
##root /var/www/devuan-www/public;
location / {
return 301 https://www.devuan.org$request_uri;
}
}
server {
listen 80;
server_name devuanzuwu3xoqwp.onion;
root /var/www/devuan-www/public.current;
include /etc/nginx/snippets/devuan-web.conf;
}
server {
listen 443 ssl;
# listen [::]:443;
server_name www.devuan.org dev-1.org dev-one.org devuan.org;
root /var/www/devuan-www/public.current;
include /etc/nginx/snippets/devuan-web.conf;
ssl on;
ssl_certificate /etc/letsencrypt/live/dev-1.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dev-1.org/privkey.pem; # managed by Certbot
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
resolver 213.186.33.99 valid=300s;
resolver_timeout 3s;
}

42
etc/nginx/sites-available/003-beta.devuan.org

@ -0,0 +1,42 @@
server {
listen 80;
# listen [::]:80;
server_name beta.devuan.org;
location ~ ^/.well-known/acme-challenge {
root /var/www/devuan-www/letsencrypt;
}
# try_files $uri $uri/index.html $uri.htm $uri.html;
##root /var/www/devuan-www/public;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
# listen [::]:443;
server_name beta.devuan.org;
root /var/www/devuan-www.beta/public.current;
include /etc/nginx/snippets/devuan-web.conf;
ssl on;
ssl_certificate /etc/letsencrypt/live/dev-1.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dev-1.org/privkey.pem; # managed by Certbot
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
resolver 213.186.33.99 valid=300s;
resolver_timeout 3s;
}

21
etc/nginx/sites-available/default

@ -0,0 +1,21 @@
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
location / {
return 301 https://www.devuan.org$request_uri;
}
}
server {
listen 443 ssl;
# listen [::]:443;
location / {
return 301 https://www.devuan.org$request_uri;
}
}

22
etc/nginx/sites-available/devuan-web.conf

@ -1,22 +0,0 @@
#
# Basic nginx config.
# TLS support, redirects, are missing here.
#
server {
listen 80;
server_name devuanzuwu3xoqwp.onion;
root /var/www/devuan-www/public.current;
include /etc/nginx/snippets/devuan-web.conf;
}
server {
listen 80;
server_name devuan.org www.devuan.org;
root /var/www/devuan-www;
include /etc/nginx/snippets/devuan-web.conf;
}

15
etc/nginx/snippets/devuan-web.conf

@ -10,6 +10,8 @@
# rewrite ^/releases.*$ https://files.devuan.org permanent;
rewrite ^/os/releases/.*$ /os/releases permanent;
rewrite ^/os/mirror.*$ /#download permanent;
rewrite ^/os/download$ /get-devuan permanent;
rewrite ^/os/download/$ /get-devuan permanent;
# https://files.devuan.org permanent;
# rewrite ^/os/releases/jessie.*$ https://files.devuan.org permanent;
rewrite ^/donate.*$ /os/donate permanent;
@ -38,14 +40,15 @@ location ~ ^/d1conf(|/)$ {
location ~ ^/os/packages/(.+)$ {
return 301 https://pkginfo.devuan.org/cgi-bin/d1pkgweb-query?search=$1;
}
location ~ ^/os/packages(|/)$ {
return 301 https://pkginfo.devuan.org;
}
## LeePen: disabled 20200306 for website restructure.
#location ~ ^/os/packages(|/)$ {
# return 301 https://pkginfo.devuan.org;
#}
# Mirror: change 'en' with your language
# Localize error pages, English default
error_page 403 /error/403.html;
error_page 404 /error/404.html;
error_page 403 /error/403.html;
error_page 404 /error/404.html;
error_page 500 501 502 503 /error/50x.html;
location /error {
internal;
@ -58,5 +61,5 @@ rewrite ^/en/(.*)$ /$1 last; # Mirror: comment out if you mirror a translatio
location / {
autoindex off;
try_files $uri $uri/index.html $uri.htm $uri.html =404;
try_files $uri $uri.html $uri/index.html $uri.htm =404;
}

13
etc/nginx/snippets/fastcgi-php.conf

@ -0,0 +1,13 @@
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi.conf;

5
etc/nginx/snippets/snakeoil.conf

@ -0,0 +1,5 @@
# Self signed certificates generated by the ssl-cert package
# Don't use them in a production server!
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
Loading…
Cancel
Save