diff options
| author | Silvino Silva <silvino@bk.ru> | 2017-08-02 01:01:58 +0100 |
|---|---|---|
| committer | Silvino Silva <silvino@bk.ru> | 2017-08-02 01:01:58 +0100 |
| commit | 65167272a3ba52dc4d032a1c60a9ff030408047d (patch) | |
| tree | 0f40548a2b5c8eaf9bd99423e21b8baf63b83d65 /tools/conf/etc/nginx | |
| parent | 079066bc153f3a6fe84b5da0b8fa8e584641b46d (diff) | |
| download | doc-65167272a3ba52dc4d032a1c60a9ff030408047d.tar.gz | |
first hardened test
Diffstat (limited to 'tools/conf/etc/nginx')
| -rw-r--r-- | tools/conf/etc/nginx/sites-enabled/default.conf | 86 |
1 files changed, 70 insertions, 16 deletions
diff --git a/tools/conf/etc/nginx/sites-enabled/default.conf b/tools/conf/etc/nginx/sites-enabled/default.conf index 4e01b88..f7c3484 100644 --- a/tools/conf/etc/nginx/sites-enabled/default.conf +++ b/tools/conf/etc/nginx/sites-enabled/default.conf @@ -1,49 +1,103 @@ - server { + +#listen 443 ssl http2; listen 443 ssl; - # listen [::]:443 ssl; +# listen 80; server_name c9.core; - root /srv/www/default; +# listen [::]:443 ssl http2; + ssl_certificate /etc/letsencrypt/live/c9.core/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/c9.core/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/c9.core/chain.pem; + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:50m; + ssl_session_tickets off; + ssl_protocols TLSv1.2; + ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; + ssl_prefer_server_ciphers on; + add_header Strict-Transport-Security max-age=15768000; + ssl_stapling on; + ssl_stapling_verify on; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + + root /srv/www; + + location /ports/distfiles { + alias /usr/ports/distfiles; + } + + location /ports/packages { + alias /usr/ports/distfiles; + } + + location /doc { + alias /srv/www/c9-doc; + index index.html; + } - location /distfiles { - alias /usr/ports/distfiles; + location /git/static { +# static files (png/css) served from /usr/share/gitweb/static + alias /srv/www/gitweb/static; + expires 30d; } + location /git { + alias /srv/www/gitweb; + index gitweb.cgi; + fastcgi_split_path_info ^/git()(/?.+)$; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_param DOCUMENT_ROOT /srv/www/gitweb; + fastcgi_param SCRIPT_NAME /gitweb.cgi$fastcgi_path_info; - location /bug { + include fastcgi_params; + fastcgi_pass unix:/var/run/fcgiwrap.sock; + } + + location /task { index index.php; - alias /srv/www/default/flyspray; + alias /srv/www/c9-flyspray; try_files $uri $uri/ index.php$is_args$args; } - location ~ ^/bug(.+\.php)$ { ### This location block was the solution - alias /srv/www/default/flyspray; - - fastcgi_split_path_info ^(.+\.php)(/.+)$; + location ~ ^/task(.+\.php)$ { ### This location block was the solution + alias /srv/www/c9-flyspray; + fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index index.php; try_files $uri /index.php =404; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$1; - # fastcgi_pass unix:/var/run/php5-fpm.sock; +# fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_pass 127.0.0.1:9000; } location / { - alias /srv/www/default/pmwiki/; - index pmwiki.php + alias /srv/www/c9-pmwiki/; + index pmwiki.php; try_files $uri $uri/ /pmwiki.php$is_args$args; } +# ACME challenge + location ^~ /.well-known { + allow all; + alias /srv/www/c9-pmwiki/pub/cert/.well-known/; + default_type "text/plain"; + try_files $uri =404; + } + + location ~ \.php$ { - alias /srv/www/default/pmwiki; + alias /srv/www/c9-pmwiki; + index pmwiki.php; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index pmwiki.php; try_files $uri /pmwiki.php =404; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - # fastcgi_pass unix:/var/run/php5-fpm.sock; +# fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_pass 127.0.0.1:9000; } } |