snapshot of current setup

3 years ago · e6e9633cc0
8 changed files with 194 additions and 28 deletions
--- a/etc/nginx/sites-available/001-pkginfo.devuan.org
+++ b/etc/nginx/sites-available/001-pkginfo.devuan.org
@ -0,0 +1,55 @@
+server {
+	listen 80;
+#	listen [::]:80;
+
+  	server_name pkginfo.devuan.org;
+	
+	location ~ ^/.well-known/acme-challenge {
+	    root /home/pkginfo.devuan.org/letsencrypt;
+  	}
+
+	location / {	
+		return 301 https://$server_name$request_uri;
+	}
+
+
+}
+
+server {
+
+	listen 443 ssl;
+#	listen [::]:443;
+
+  	server_name pkginfo.devuan.org;
+	root /home/pkginfo.devuan.org/public;
+	
+
+
+	location / {
+		autoindex off;
+	}
+
+        location /cgi-bin/ {
+                gzip off;
+                autoindex off;
+                #root  /home/info.devuan.org/cgi-bin;
+                # Fastcgi socket
+                fastcgi_pass  unix:/var/run/fcgiwrap.socket;
+                # Fastcgi parameters, include the standard ones
+                include /etc/nginx/fastcgi_params;
+                fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+                fastcgi_param SCRIPT_NAME $fastcgi_script_name; 
+        }
+
+	ssl on;
+
+	ssl_certificate /etc/letsencrypt/live/pkginfo.devuan.org/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/pkginfo.devuan.org/privkey.pem;
+	ssl_protocols          TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers            "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+	ssl_ecdh_curve secp384r1; 
+	ssl_prefer_server_ciphers on;
+	ssl_session_cache   builtin:1000 shared:SSL:10m;
+	resolver 213.186.33.99 valid=300s;
+	resolver_timeout 3s;
+}
--- a/etc/nginx/sites-available/002-www.devuan.org
+++ b/etc/nginx/sites-available/002-www.devuan.org
@ -0,0 +1,49 @@
+server {
+	listen 80;
+#	listen [::]:80;
+
+  	server_name www.devuan.org dev-1.org dev-one.org devuan.org;
+		
+	location ~ ^/.well-known/acme-challenge {
+	    root /var/www/devuan-www/letsencrypt;
+  	}
+#	try_files $uri $uri/index.html $uri.htm $uri.html;
+	
+	##root /var/www/devuan-www/public;
+
+	location / {	
+		return 301 https://www.devuan.org$request_uri;
+	}
+
+
+}
+
+server {
+	listen 80;
+  	server_name devuanzuwu3xoqwp.onion;
+	root /var/www/devuan-www/public.current;
+	
+        include /etc/nginx/snippets/devuan-web.conf;
+}
+
+server {
+
+	listen 443 ssl;
+#	listen [::]:443;
+
+  	server_name www.devuan.org dev-1.org dev-one.org devuan.org;
+	root /var/www/devuan-www/public.current;
+	
+        include /etc/nginx/snippets/devuan-web.conf;
+
+	ssl on;
+    ssl_certificate /etc/letsencrypt/live/dev-1.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/dev-1.org/privkey.pem; # managed by Certbot
+	ssl_protocols          TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers            "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+	ssl_ecdh_curve secp384r1; 
+	ssl_prefer_server_ciphers on;
+	ssl_session_cache   builtin:1000 shared:SSL:10m;
+	resolver 213.186.33.99 valid=300s;
+	resolver_timeout 3s;
+}
--- a/etc/nginx/sites-available/003-beta.devuan.org
+++ b/etc/nginx/sites-available/003-beta.devuan.org
@ -0,0 +1,42 @@
+server {
+	listen 80;
+#	listen [::]:80;
+
+  	server_name beta.devuan.org;
+		
+	location ~ ^/.well-known/acme-challenge {
+	    root /var/www/devuan-www/letsencrypt;
+  	}
+#	try_files $uri $uri/index.html $uri.htm $uri.html;
+	
+	##root /var/www/devuan-www/public;
+
+	location / {	
+		return 301 https://$server_name$request_uri;
+	}
+
+
+}
+
+server {
+
+	listen 443 ssl;
+#	listen [::]:443;
+
+  	server_name beta.devuan.org;
+	root /var/www/devuan-www.beta/public.current;
+	
+        include /etc/nginx/snippets/devuan-web.conf;
+
+	ssl on;
+    ssl_certificate /etc/letsencrypt/live/dev-1.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/dev-1.org/privkey.pem; # managed by Certbot
+	ssl_protocols          TLSv1.2 TLSv1.1 TLSv1;
+	ssl_ciphers            "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+	ssl_ecdh_curve secp384r1; 
+	ssl_prefer_server_ciphers on;
+	ssl_session_cache   builtin:1000 shared:SSL:10m;
+	resolver 213.186.33.99 valid=300s;
+	resolver_timeout 3s;
+
+}
--- a/etc/nginx/sites-available/default
+++ b/etc/nginx/sites-available/default
@ -0,0 +1,21 @@
+# Default server configuration
+#
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+
+	location / {	
+		return 301 https://www.devuan.org$request_uri;
+	}
+
+}
+
+server {
+
+	listen 443 ssl;
+#	listen [::]:443;
+
+	location / {	
+		return 301 https://www.devuan.org$request_uri;
+	}
+}
--- a/etc/nginx/sites-available/devuan-web.conf
+++ b/etc/nginx/sites-available/devuan-web.conf
@ -1,22 +0,0 @@
-#
-# Basic nginx config.
-# TLS support, redirects, are missing here.
-#
-
-server {
-	listen 80;
-  	server_name devuanzuwu3xoqwp.onion;
-	root /var/www/devuan-www/public.current;
-	
-        include /etc/nginx/snippets/devuan-web.conf;
-}
-
-server {
-	listen 80;
-
-  	server_name devuan.org www.devuan.org;
-
-	root /var/www/devuan-www;
-	
-        include /etc/nginx/snippets/devuan-web.conf;
-}
--- a/etc/nginx/snippets/devuan-web.conf
+++ b/etc/nginx/snippets/devuan-web.conf
@ -10,6 +10,8 @@
 #       rewrite ^/releases.*$           https://files.devuan.org permanent;
  rewrite ^/os/releases/.*$       /os/releases permanent;
  rewrite ^/os/mirror.*$ /#download permanent;
+  rewrite ^/os/download$ /get-devuan permanent;
+  rewrite ^/os/download/$ /get-devuan permanent;
 #  https://files.devuan.org permanent;
 #       rewrite ^/os/releases/jessie.*$ https://files.devuan.org permanent;
        rewrite ^/donate.*$ /os/donate permanent;
@ -38,14 +40,15 @@ location ~ ^/d1conf(|/)$ {
 location ~ ^/os/packages/(.+)$ {
 	return 301 https://pkginfo.devuan.org/cgi-bin/d1pkgweb-query?search=$1;
 }
-location ~ ^/os/packages(|/)$ {
-	return 301 https://pkginfo.devuan.org;
-}
+## LeePen: disabled 20200306 for website restructure.
+#location ~ ^/os/packages(|/)$ {
+#        return 301 https://pkginfo.devuan.org;
+#}

 # Mirror: change 'en' with your language
 # Localize error pages, English default
-error_page 403         /error/403.html;
-error_page 404         /error/404.html;
+error_page 403             /error/403.html;
+error_page 404             /error/404.html;
 error_page 500 501 502 503 /error/50x.html;
 location /error {
        internal;
@ -58,5 +61,5 @@ rewrite ^/en/(.*)$ /$1 last;    # Mirror: comment out if you mirror a translatio

 location / {
 	autoindex off;
-	try_files $uri $uri/index.html $uri.htm $uri.html =404;
+	try_files $uri $uri.html $uri/index.html $uri.htm =404;
 }
--- a/etc/nginx/snippets/fastcgi-php.conf
+++ b/etc/nginx/snippets/fastcgi-php.conf
@ -0,0 +1,13 @@
+# regex to split $uri to $fastcgi_script_name and $fastcgi_path
+fastcgi_split_path_info ^(.+\.php)(/.+)$;
+
+# Check that the PHP script exists before passing it
+try_files $fastcgi_script_name =404;
+
+# Bypass the fact that try_files resets $fastcgi_path_info
+# see: http://trac.nginx.org/nginx/ticket/321
+set $path_info $fastcgi_path_info;
+fastcgi_param PATH_INFO $path_info;
+
+fastcgi_index index.php;
+include fastcgi.conf;
--- a/etc/nginx/snippets/snakeoil.conf
+++ b/etc/nginx/snippets/snakeoil.conf
@ -0,0 +1,5 @@
+# Self signed certificates generated by the ssl-cert package
+# Don't use them in a production server!
+
+ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
+ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;