release 0.7.2 HEAD master

16 files changed, 816 insertions, 0 deletions

diff --git a/linux/conf/nginx/conf.d/10-default.conf b/linux/conf/nginx/conf.d/10-default.conf
new file mode 100644
index 0000000..97ee31b
--- /dev/null
+++ b/linux/conf/nginx/conf.d/10-default.conf
@@ -0,0 +1,8 @@
+##
+# Virtual Host Redirection 80 to 443
+##
+server {
+    listen         80 default_server;
+    server_name _;
+    return         301 https://$host$request_uri;
+}
diff --git a/linux/conf/nginx/nginx.conf b/linux/conf/nginx/nginx.conf
new file mode 100644
index 0000000..e757df6
--- /dev/null
+++ b/linux/conf/nginx/nginx.conf
@@ -0,0 +1,49 @@
+#
+# /etc/nginx/nginx.conf - nginx server configuration
+#
+
+user www;
+worker_processes auto;
+
+error_log syslog:server=unix:/dev/log,facility=daemon debug;
+
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    # Allow attach iso to wiki
+    #client_max_body_size 8M;
+    client_max_body_size 30M;
+    #keepalive_timeout  65;
+    keepalive_timeout  120;
+    #client_body_timeout 12;
+    client_body_timeout 24;
+    #client_header_timeout 12;
+    client_header_timeout 24;
+
+    send_timeout 65;
+
+    gzip  on;
+    gzip_vary on;
+    #gzip_proxied any;
+    gzip_comp_level 9;
+    # gzip_buffers 16 8k;
+    # gzip_http_version 1.1;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+    include /etc/nginx/sites-enabled/*.conf;
+}
+# End of file
diff --git a/linux/conf/nginx/sites-enabled/default.conf b/linux/conf/nginx/sites-enabled/default.conf
new file mode 100644
index 0000000..f7a6928
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/default.conf
@@ -0,0 +1,96 @@
+server {
+#if ($http_user_agent ~* (AhrefsBot|SemrushBot|MJ12Bot|DotBot)) {
+#     return 410;
+#}
+
+##listen 443 ssl http2;
+    server_name tribu.semdestino.org;
+
+    listen 80 default_server;
+   listen 443 ssl default_server;
+#   listen [::]:443 ssl http2;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost_err,nohostname debug;
+
+    root /etc/nginx/html/;
+
+    ssl_certificate /etc/letsencrypt/live/tribu.semdestino.org/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/tribu.semdestino.org/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/tribu.semdestino.org/chain.pem;
+
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+    ssl_protocols TLSv1.2;
+    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+    ssl_prefer_server_ciphers on;
+    add_header Strict-Transport-Security max-age=15768000;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+
+#proxy_redirect off;
+#proxy_set_header Host $http_host;
+proxy_set_header X-Forwarded-Host $http_host;
+#proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+
+   location /doc {
+       alias /srv/www/doc;
+       index index.html;
+        autoindex on;
+    }
+
+   location /mirror {
+       proxy_pass http://ports.ank;
+   }
+
+   location /pub {
+       proxy_pass http://wiki.server.ank:8080;
+   }
+   location ^~ /.well-known {
+       # ACME challenge
+       proxy_pass http://wiki.server.ank;
+   }
+   location /wiki {
+        proxy_pass http://wiki.server.ank:8080;
+   }
+
+   location /git {
+       proxy_pass http://git.server.ank:8080;
+   }
+
+   location /forum/ {
+        proxy_pass http://forum.server.ank:8080/;
+   }
+
+   location /task {
+       proxy_pass http://task.server.ank:8080;
+   }
+
+   location /shop {
+        proxy_pass http://shop.server.ank:8080;
+   }
+
+   location /vexim/ {
+       proxy_pass http://vexim.server.ank:8080/;
+   }
+
+   location /email {
+       proxy_pass http://email.server.ank:8080;
+   }
+
+   location /awstats {
+       proxy_pass http://awstats.server.ank:8080;
+   }
+
+   location /stats {
+       proxy_pass http://stats.server.ank:8080;
+   }
+
+   location / {
+        proxy_pass http://frontpage.server.ank:8080/;
+    }
+}
diff --git a/linux/conf/nginx/sites-enabled/email.conf b/linux/conf/nginx/sites-enabled/email.conf
new file mode 100644
index 0000000..5b34d7c
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/email.conf
@@ -0,0 +1,63 @@
+server {
+    listen 8080;
+    server_name email.server.ank;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_email,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_email_err,nohostname debug;
+
+    location /email {
+        alias /srv/www/email;
+        index index.php;
+        autoindex off;
+    }
+
+    # Favicon
+    location ~ ^/email/favicon.ico$ {
+        root /srv/www/email/skins/classic/images;
+        log_not_found off;
+        access_log off;
+        expires max;
+    }
+
+    # Robots file
+    location ~ ^/email/robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    # Deny Protected directories
+    location ~ ^/email/(config|temp|logs)/ {
+        deny all;
+    }
+
+    location ~ ^/email/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
+        deny all;
+    }
+
+    location ~ ^/email/(bin|SQL)/ {
+        deny all;
+    }
+
+    # Hide .md files
+    location ~ ^/email/(.+\.md)$ {
+        deny all;
+    }
+
+    # Hide all dot files
+    location ~ ^/email/\. {
+        deny all;
+        access_log off;
+        log_not_found off;
+    }
+
+    location ~  /email/.*\.php {
+        alias /srv/www/email;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_index index.php;
+        try_files $uri /index.php =404;
+        include /etc/nginx/fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_pass 127.0.0.1:9000;
+    }
+}
diff --git a/linux/conf/nginx/sites-enabled/forum.conf b/linux/conf/nginx/sites-enabled/forum.conf
new file mode 100644
index 0000000..14350e3
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/forum.conf
@@ -0,0 +1,39 @@
+server {
+    listen 8080;
+    server_name forum.server.ank;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_forum,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_forum_err,nohostname debug;
+
+    root /srv/www/forum;
+
+    location / {
+        index index.php;
+        try_files $uri $uri/ index.php$is_args$args;
+    }
+
+    location ~ [^/]\.php(/|$) {
+
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        if (!-f $document_root$fastcgi_script_name) {
+            return 404;
+        }
+
+        # Mitigate https://httpoxy.org/ vulnerabilities
+        fastcgi_param HTTP_PROXY "";
+
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+
+        # include the fastcgi_param setting
+        include fastcgi_params;
+
+        # SCRIPT_FILENAME parameter is used for PHP FPM determining
+        #  the script name. If it is not set in fastcgi_params file,
+        # i.e. /etc/nginx/fastcgi_params or in the parent contexts,
+        # please comment off following line
+        fastcgi_param REQUEST_METHOD $request_method;
+        fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
+    }
+
+}
diff --git a/linux/conf/nginx/sites-enabled/frontpage.conf b/linux/conf/nginx/sites-enabled/frontpage.conf
new file mode 100644
index 0000000..7f7e66a
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/frontpage.conf
@@ -0,0 +1,40 @@
+server {
+    listen 8080;
+    server_name frontpage.server.ank;
+
+    #access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_frontpage,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_frontpage_err,nohostname debug;
+
+    root /srv/www/frontpage;
+
+    index index.html index.php;
+
+    location / {
+        index index.html;
+        try_files $uri $uri/ index.html index.php$is_args$args;
+    }
+
+    location ~ [^/]\.php(/|$) {
+
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        if (!-f $document_root$fastcgi_script_name) {
+            return 404;
+        }
+
+        # Mitigate https://httpoxy.org/ vulnerabilities
+        fastcgi_param HTTP_PROXY "";
+
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+
+        # include the fastcgi_param setting
+        include fastcgi_params;
+
+        # SCRIPT_FILENAME parameter is used for PHP FPM determining
+        #  the script name. If it is not set in fastcgi_params file,
+        # i.e. /etc/nginx/fastcgi_params or in the parent contexts,
+        # please comment off following line
+        fastcgi_param REQUEST_METHOD $request_method;
+        fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
+    }
+}
diff --git a/linux/conf/nginx/sites-enabled/git.conf b/linux/conf/nginx/sites-enabled/git.conf
new file mode 100644
index 0000000..f9d2d97
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/git.conf
@@ -0,0 +1,24 @@
+server {
+    listen 8080;
+    server_name git.server.ank;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_git,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_git_err,nohostname debug;
+
+    root /srv/www/gitweb;
+
+    location /git/static {
+        # static files (png/css) served from /usr/share/gitweb/static
+        alias /srv/www/gitweb/static;
+    }
+
+    location / {
+        index gitweb.cgi;
+        fastcgi_split_path_info      ^/git()(/?.+)$;
+        fastcgi_param GITWEB_CONFIG  /etc/gitweb.conf;
+        fastcgi_param DOCUMENT_ROOT  /srv/www/gitweb;
+        fastcgi_param SCRIPT_NAME    /gitweb.cgi$fastcgi_path_info;
+        include fastcgi_params;
+        fastcgi_pass unix:/var/run/fcgiwrap.sock;
+    }
+}
diff --git a/linux/conf/nginx/sites-enabled/ports.conf b/linux/conf/nginx/sites-enabled/ports.conf
new file mode 100644
index 0000000..829d710
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/ports.conf
@@ -0,0 +1,55 @@
+server {
+    listen       80;
+    server_name  localhost ports.ank default_host;
+
+    access_log /var/log/nginx/ports_access.log;
+    error_log /var/log/nginx/ports_error.log;
+
+    location /mirror/archive {
+    	autoindex on;
+    	alias /usr/ports/archive;
+    }
+
+    location /mirror/packages {
+    	autoindex on;
+    	alias /usr/ports/packages;
+    }
+
+    location /mirror/distfiles {
+    	autoindex on;
+    	alias /usr/ports/distfiles;
+    }
+    		
+    location /mirror/bugs {
+    	autoindex on;
+    	alias /usr/ports/pkgbuild;
+    	types {
+    		text/plain log;
+    	}
+    }
+
+    location /mirror/installed {
+    	autoindex on;
+    	alias /usr/ports/installed;
+    	default_type text/plain;
+    }
+    	
+    location /mirror/releases {
+    	autoindex on;
+    	alias /usr/ports/releases;
+    }
+
+	location /mirror/ {
+         return 301 https://tribu.semdestino.org/wiki/Main/Mirror;
+    }
+
+    error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   html;
+    }
+}
+
diff --git a/linux/conf/nginx/sites-enabled/shop.conf b/linux/conf/nginx/sites-enabled/shop.conf
new file mode 100644
index 0000000..de34e40
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/shop.conf
@@ -0,0 +1,86 @@
+server {
+    listen 8080;
+    server_name shop.server.ank;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_shop,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_shop_err,nohostname debug;
+
+    location ~ ^/shop/admin {
+        alias /srv/www/shop/upload/admin;
+        index index.php;
+
+        location ~ ^/shop/admin/config.php {
+            deny all;
+        }
+
+        location ~ \.php$ {
+            include /etc/nginx/fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $request_filename$1;
+            fastcgi_pass 127.0.0.1:9000;
+        }
+    }
+
+    location ^~ /shop {
+        alias /srv/www/shop/upload;
+        index index.php;
+        #try_files $uri $uri/ index.php$is_args$args;
+        #try_files index.php @opencart;
+
+        location ~ ^/shop/upload/image/data {
+            autoindex on;
+        }
+
+        location ~ ^/shop/config.php {
+            deny all;
+        }
+
+
+        location ~ ^/shop/admin/config.php {
+            deny all;
+        }
+
+# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+#
+        location ~ ^/shop/\. {
+            deny all;
+            access_log off;
+            log_not_found off;
+        }
+        location ~ ^/shop/\.(jpg|jpeg|png|gif|css|js|ico)$ {
+            expires max;
+            log_not_found off;
+        }
+
+        location ~  \.php$ {
+            include /etc/nginx/fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $request_filename$1;
+            fastcgi_pass 127.0.0.1:9000;
+            #fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            #fastcgi_split_path_info ^(.+\.php)(.*)$;
+            #fastcgi_index index.php;
+            #try_files $uri /index.php =404;
+    # fastcgi_pass unix:/var/run/php5-fpm.sock;
+        }
+
+    }
+   
+
+    location @tribushop {
+        rewrite ^/shop/(.+)$ /shop/index.php?_route_=$1 last;
+    }
+
+    location /shop/engine {
+        deny all;
+    }
+
+    location ~ ^/shop/library {
+        deny all;
+    }
+
+    # Make sure files with the following extensions do not
+    # get loaded by nginx because nginx would display the
+    # source code, and these files can contain PASSWORDS!
+    location ~ ^/shop/\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|.*ini|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
+            deny all;
+    }
+}
diff --git a/linux/conf/nginx/sites-enabled/task.conf b/linux/conf/nginx/sites-enabled/task.conf
new file mode 100644
index 0000000..8b15ee5
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/task.conf
@@ -0,0 +1,21 @@
+server {
+    listen 8080;
+    server_name task.server.ank;
+
+    location /task {
+        index index.php;
+        alias /srv/www/task;
+        try_files $uri $uri/ index.php$is_args$args;
+    }
+
+    location ~  ^/task(.+\.php)$ { ### This location block was the solution
+        alias /srv/www/task;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_index index.php;
+        try_files $uri /index.php =404;
+        include /etc/nginx/fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$1;
+# fastcgi_pass unix:/var/run/php5-fpm.sock;
+        fastcgi_pass 127.0.0.1:9000;
+    }
+}
diff --git a/linux/conf/nginx/sites-enabled/vexim.conf b/linux/conf/nginx/sites-enabled/vexim.conf
new file mode 100644
index 0000000..d113cdc
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/vexim.conf
@@ -0,0 +1,39 @@
+server {
+    listen 8080;
+    server_name vexim.server.ank;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vexim,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vexim_err,nohostname debug;
+
+    root /srv/www/vexim;
+
+    location / {
+        index index.php;
+        autoindex off;
+    }
+
+    location ~ [^/]\.php(/|$) {
+
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        if (!-f $document_root$fastcgi_script_name) {
+            return 404;
+        }
+
+        # Mitigate https://httpoxy.org/ vulnerabilities
+        fastcgi_param HTTP_PROXY "";
+
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+
+        # include the fastcgi_param setting
+        include fastcgi_params;
+
+        # SCRIPT_FILENAME parameter is used for PHP FPM determining
+        #  the script name. If it is not set in fastcgi_params file,
+        # i.e. /etc/nginx/fastcgi_params or in the parent contexts,
+        # please comment off following line
+        fastcgi_param REQUEST_METHOD $request_method;
+        fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
+    }
+
+}
diff --git a/linux/conf/nginx/sites-enabled/wiki.conf b/linux/conf/nginx/sites-enabled/wiki.conf
new file mode 100644
index 0000000..1e3b4d1
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/wiki.conf
@@ -0,0 +1,39 @@
+server {
+    listen 8080;
+    server_name wiki.server.ank;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=vh_tribu,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=vh_tribu_err,nohostname debug;
+
+    root /srv/www/;
+
+    location /pub {
+        alias /srv/www/wiki/pub;
+    }
+    # ACME challenge
+    location ^~ /.well-known {
+        allow all;
+        alias /srv/www/wiki/pub/cert/.well-known/;
+        default_type "text/plain";
+        try_files $uri =404;
+    }
+
+    location @pmwiki {
+        rewrite ^/wiki/(.*) /wiki/pmwiki.php?n=$1;
+    }
+
+    location /wiki {
+        index pmwiki.php;
+        try_files $uri $uri/ @pmwiki;
+    }
+
+    location ~  ^\/wiki(.+\.php)$ {
+        index pmwiki.php;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_index pmwiki.php;
+        try_files $uri /pmwiki.php =404;
+        include /etc/nginx/fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_pass 127.0.0.1:9000;
+    }
+}
diff --git a/linux/conf/nginx/sites/default.conf b/linux/conf/nginx/sites/default.conf
new file mode 100644
index 0000000..dcb076f
--- /dev/null
+++ b/linux/conf/nginx/sites/default.conf
@@ -0,0 +1,60 @@
+
+server {
+    listen 443 ssl;
+    # listen [::]:443 ssl;
+
+    server_name machine.example;
+
+    root /srv/www/default;
+
+    location /ports {
+        alias /var/ports/ports;
+        autoindex on;
+    }
+
+    location /distfiles {
+        alias /var/ports/distfiles;
+        autoindex on;
+    }
+
+    location /packages {
+        root /var/ports/packages;
+        autoindex off;
+    }
+
+
+    location /bug {
+        index index.php;
+    	alias /srv/www/default/flyspray;
+        try_files $uri $uri/ index.php$is_args$args;
+    }
+
+    location ~  ^/bug(.+\.php)$ { ### This location block was the solution
+    	alias /srv/www/default/flyspray;
+
+	fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_index index.php;
+        try_files $uri /index.php =404;	
+        include /etc/nginx/fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$1;
+        # fastcgi_pass unix:/var/run/php5-fpm.sock;
+        fastcgi_pass 127.0.0.1:9000;
+    }
+
+    location / {
+    	alias /srv/www/default/pmwiki/;
+	index pmwiki.php
+        try_files $uri $uri/ /pmwiki.php$is_args$args;
+    }
+
+    location ~ \.php$ {
+    	alias /srv/www/default/pmwiki;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_index pmwiki.php;
+        try_files $uri /pmwiki.php =404;
+        include /etc/nginx/fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        # fastcgi_pass unix:/var/run/php5-fpm.sock;
+        fastcgi_pass 127.0.0.1:9000;
+    }
+}
diff --git a/linux/conf/nginx/sites/drupal.conf b/linux/conf/nginx/sites/drupal.conf
new file mode 100644
index 0000000..f79ed14
--- /dev/null
+++ b/linux/conf/nginx/sites/drupal.conf
@@ -0,0 +1,129 @@
+server {
+
+        listen 192.168.1.254:443 ssl;
+        listen 10.0.0.254:443 ssl;
+
+        server_name machine.example
+
+        root /srv/www/default/drupal; ## <-- Your only path reference.
+
+        # Enable compression, this will help if you have for instance advagg¿? module
+        # by serving Gzip versions of the files.
+        gzip_static on;
+
+        location ~ ^/stats/(.*)$ {
+            alias /srv/www/stats/$1;
+            autoindex on;
+        }
+
+        location /doc {
+            alias /srv/www/doc;
+            autoindex on;
+        }
+
+        location /ports {
+            alias /var/ports/ports;
+            autoindex on;
+        }
+
+        location /distfiles {
+            alias /var/ports/distfiles;
+            autoindex on;
+        }
+
+
+        location /packages {
+            root /var/ports/packages;
+            autoindex off;
+        }
+
+
+        location = /favicon.ico {
+            log_not_found off;
+            access_log off;
+        }
+
+        location = /robots.txt {
+                allow all;
+                log_not_found off;
+        }
+
+        # This matters if you use drush prior to 5.x
+        # After 5.x backups are stored outside the Drupal install.
+        #location = /backup {
+        #        deny all;
+        #}
+
+        # Very rarely should these ever be accessed outside of your lan
+        location ~* \.(txt|log)$ {
+                allow 192.168.0.0/16;
+                deny all;
+        }
+
+        location ~ \..*/.*\.php$ {
+                return 403;
+        }
+
+        # No no for private
+        location ~ ^/sites/.*/private/ {
+                return 403;
+        }
+
+        # Block access to "hidden" files and directories whose names begin with a
+        # period. This includes directories used by version control systems such
+        # as Subversion or Git to store control files.
+        location ~ (^|/)\. {
+                return 403;
+        }
+
+        location / {
+                # This is cool because no php is touched for static content
+                try_files $uri @rewrite;
+        }
+
+        location ~* /update.php*/.*$ {
+                # You have 2 options here
+                # For D7 and above:
+                # Clean URLs are handled in drupal_environment_initialize().
+                rewrite ^ /update.php;
+                # For Drupal 6 and bwlow:
+                # Some modules enforce no slash (/) at the end of the URL
+                # Else this rewrite block wouldn't be needed (GlobalRedirect)
+                #rewrite ^/(.*)$ /index.php?q=$1;
+        }
+
+        location @rewrite {
+                # You have 2 options here
+                # For D7 and above:
+                # Clean URLs are handled in drupal_environment_initialize().
+                rewrite ^ /index.php;
+                # For Drupal 6 and bwlow:
+                # Some modules enforce no slash (/) at the end of the URL
+                # Else this rewrite block wouldn't be needed (GlobalRedirect)
+                #rewrite ^/(.*)$ /index.php?q=$1;
+        }
+
+        location ~ \.php$ {
+                fastcgi_split_path_info ^(.+\.php)(/.+)$;
+                #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+                include fastcgi_params;
+                fastcgi_param SCRIPT_FILENAME $request_filename;
+                fastcgi_intercept_errors on;
+                #fastcgi_pass unix:/tmp/phpfpm.sock;
+                fastcgi_pass 127.0.0.1:9000;
+        }
+
+        # Fighting with Styles? This little gem is amazing.
+        # This is for D6
+        #location ~ ^/sites/.*/files/imagecache/ {
+        # This is for D7 and D8
+        location ~ ^/sites/.*/files/styles/ {
+                try_files $uri @rewrite;
+        }
+
+        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
+                expires max;
+                #log_not_found off;
+        }
+
+}
diff --git a/linux/conf/nginx/sites/flyspray.conf b/linux/conf/nginx/sites/flyspray.conf
new file mode 100644
index 0000000..ba174f1
--- /dev/null
+++ b/linux/conf/nginx/sites/flyspray.conf
@@ -0,0 +1,40 @@
+
+server {
+    listen 443 ssl;
+    # listen [::]:443 ssl;
+
+    server_name machine.example;
+
+    root /srv/www/default/flyspray;
+    index index.php;
+
+    location /ports {
+        alias /var/ports/ports;
+        autoindex on;
+    }
+
+    location /distfiles {
+        alias /var/ports/distfiles;
+        autoindex on;
+    }
+
+    location /packages {
+        root /var/ports/packages;
+        autoindex off;
+    }
+
+
+    location / {
+        try_files $uri $uri/ index.php$is_args$args;
+    }
+
+    location ~ \.php$ {
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_index index.php;
+        try_files $uri /index.php =404;
+        include /etc/nginx/fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        # fastcgi_pass unix:/var/run/php5-fpm.sock;
+        fastcgi_pass 127.0.0.1:9000;
+    }
+}
diff --git a/linux/conf/nginx/sites/laravel.conf b/linux/conf/nginx/sites/laravel.conf
new file mode 100644
index 0000000..addfd18
--- /dev/null
+++ b/linux/conf/nginx/sites/laravel.conf
@@ -0,0 +1,28 @@
+server {
+    listen 443 ssl;
+    # listen [::]:443 ssl;
+
+    root /srv/www/default/laravel/public;
+    server_name machine.example
+
+    location /doc {
+        alias /srv/www/doc;
+        index index.html;
+        autoindex on;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php$is_args$args;
+    }
+
+    location ~ \.php$ {
+        index index.php;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_index index.php;
+        # try_files $uri /index.php =404;
+        include /etc/nginx/fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        # fastcgi_pass unix:/var/run/php5-fpm.sock;
+        fastcgi_pass 127.0.0.1:9000;
+    }
+}