Main repository for Devuan's www.devuan.org.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

116 lines
4.1 KiB

  1. #
  2. # beta.devuan.org
  3. #
  4. # Production version
  5. #
  6. server {
  7. listen *:80;
  8. server_name beta.devuan.org;
  9. location ~ ^/.well-known/acme-challenge {
  10. root /srv/letsencrypt;
  11. }
  12. rewrite ^ https://$server_name$uri permanent;
  13. }
  14. server {
  15. listen *:443 ssl;
  16. server_name beta.devuan.org;
  17. # Mirror example:
  18. # server_name beta.devuan.org fr.devuan.org devuan.fr;
  19. root /srv/beta.devuan.org/public;
  20. # Old URLs
  21. rewrite ^/communicate.*$ /os/debian-fork permanent;
  22. rewrite ^/donate.*$ /os/donate permanent;
  23. rewrite ^/files/devuan.mp3
  24. /os/download/media/devuan.mp3 permanent;
  25. rewrite ^/files/devuan.wav
  26. /os/download/media/devuan.wav permanent;
  27. rewrite ^/(Devuan_budget|devuan_financial_report_2014).pdf
  28. /os/download/report/devuan_budget_2014.pdf permanent;
  29. rewrite ^/devuan_financial_report_2015.pdf
  30. /os/download/report/devuan_financial_report_2015.pdf permanent;
  31. rewrite ^/newsletter_22dec.html
  32. /os/debian-fork/newsletter-12014-12-22 permanent;
  33. rewrite ^/pub.key /os/keyring/repository@devuan.org.asc;
  34. # Old dismissed locations
  35. # Mirror: comment out if that interferes with your site.
  36. location ^/(css|img|js) { return 404; }
  37. # Moved sitemap up because of conflicting layout
  38. rewrite ^/os/sitemap.xml /sitemap.xml permanent;
  39. # Is this still needed?
  40. location = /google1b5b85f34f8aa7f8.html {
  41. echo "google-site-verification: google1b5b85f34f8aa7f8.html";
  42. }
  43. # Virtual /my Devuan
  44. location /my {
  45. set $gdo https://git.devuan.org;
  46. set $tdo https://talk.devuan.org;
  47. rewrite ^/my/dashboard $gdo/dashboard redirect;
  48. rewrite ^/my/milestones $gdo/dashboard/milestones redirect;
  49. rewrite ^/my/todo.* $gdo/dashboard/todos?state=pending redirect;
  50. rewrite ^/my/activity $tdo/my/activity redirect;
  51. rewrite ^/my/bookmarks $tdo/my/activity/bookmarks redirect;
  52. rewrite ^/my/messages $tdo/my/messages redirect;
  53. rewrite ^/my/preferences $tdo/my/preferences redirect;
  54. rewrite ^/my/profile $tdo/my/profile redirect;
  55. return 403;
  56. }
  57. # Localize error pages, English default
  58. error_page 403 /en/error/403.html;
  59. error_page 404 /en/error/404.html;
  60. error_page 500 502 503 /en/error/50x.html;
  61. location /en/error {
  62. internal;
  63. }
  64. location ~ ^/(de|en|es|fr|it) {
  65. try_files $uri $uri.html $uri/ =404;
  66. error_page 403 /$1/error/403.html;
  67. error_page 404 /$1/error/404.html;
  68. error_page 501 502 503 /$1/error/50x.html;
  69. }
  70. # Links are made like this: /:locale/path
  71. # But English is the default language so we skip /en
  72. # MIRROR: you may want to switch to your language instead!
  73. rewrite ^/en/(.*)$ /$1 last;
  74. # rewrite ^/fr/(.*)$ /$1 last; # French mirror example
  75. # Add TLS configuration
  76. ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
  77. ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  78. ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
  79. ssl_prefer_server_ciphers on;
  80. ssl_session_cache builtin:1000 shared:SSL:10m;
  81. # ssl_session_tickets off; # Requires nginx >= 1.5.9
  82. # ssl_stapling on; # Requires nginx >= 1.3.7
  83. # ssl_stapling_verify on; # Requires nginx => 1.3.7
  84. # Add your DNS resolvers and adjust timeout (default is 5s)
  85. resolver 8.8.8.8 valid=300s;
  86. resolver_timeout 3s;
  87. ssl_certificate /srv/beta.devuan.org/etc/ssl/beta.crt.pem;
  88. ssl_certificate_key /srv/beta.devuan.org/etc/ssl/beta.key.pem;
  89. add_header X-Frame-Options "ALLOW-FROM https://talk.devuan.org";
  90. add_header Access-Control-Allow-Origin https://beta.devuan.org,https://talk.devuan.org,https://git.devuan.org,https://devuan.org;
  91. add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
  92. add_header X-Content-Security-Policy "default-src 'self'; script-src 'self'; img-src 'self'";
  93. add_header X-Content-Type-Options nosniff;
  94. location / {
  95. try_files $uri $uri.html $uri/ =404;
  96. }
  97. access_log /var/log/nginx/beta.devuan.org_access.log;
  98. error_log /var/log/nginx/beta.devuan.org_error.log;
  99. }