about summary refs log tree commit diff stats
path: root/linux/conf/nginx/sites-enabled
diff options
context:
space:
mode:
Diffstat (limited to 'linux/conf/nginx/sites-enabled')
-rw-r--r--linux/conf/nginx/sites-enabled/default.conf96
-rw-r--r--linux/conf/nginx/sites-enabled/email.conf63
-rw-r--r--linux/conf/nginx/sites-enabled/forum.conf39
-rw-r--r--linux/conf/nginx/sites-enabled/frontpage.conf40
-rw-r--r--linux/conf/nginx/sites-enabled/git.conf24
-rw-r--r--linux/conf/nginx/sites-enabled/ports.conf55
-rw-r--r--linux/conf/nginx/sites-enabled/shop.conf86
-rw-r--r--linux/conf/nginx/sites-enabled/task.conf21
-rw-r--r--linux/conf/nginx/sites-enabled/vexim.conf39
-rw-r--r--linux/conf/nginx/sites-enabled/wiki.conf39
10 files changed, 502 insertions, 0 deletions
diff --git a/linux/conf/nginx/sites-enabled/default.conf b/linux/conf/nginx/sites-enabled/default.conf
new file mode 100644
index 0000000..f7a6928
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/default.conf
@@ -0,0 +1,96 @@
+server {
+#if ($http_user_agent ~* (AhrefsBot|SemrushBot|MJ12Bot|DotBot)) {
+#     return 410;
+#}
+
+##listen 443 ssl http2;
+    server_name tribu.semdestino.org;
+
+    listen 80 default_server;
+   listen 443 ssl default_server;
+#   listen [::]:443 ssl http2;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost_err,nohostname debug;
+
+    root /etc/nginx/html/;
+
+    ssl_certificate /etc/letsencrypt/live/tribu.semdestino.org/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/tribu.semdestino.org/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/tribu.semdestino.org/chain.pem;
+
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+    ssl_protocols TLSv1.2;
+    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+    ssl_prefer_server_ciphers on;
+    add_header Strict-Transport-Security max-age=15768000;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+
+#proxy_redirect off;
+#proxy_set_header Host $http_host;
+proxy_set_header X-Forwarded-Host $http_host;
+#proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+
+   location /doc {
+       alias /srv/www/doc;
+       index index.html;
+        autoindex on;
+    }
+
+   location /mirror {
+       proxy_pass http://ports.ank;
+   }
+
+   location /pub {
+       proxy_pass http://wiki.server.ank:8080;
+   }
+   location ^~ /.well-known {
+       # ACME challenge
+       proxy_pass http://wiki.server.ank;
+   }
+   location /wiki {
+        proxy_pass http://wiki.server.ank:8080;
+   }
+
+   location /git {
+       proxy_pass http://git.server.ank:8080;
+   }
+
+   location /forum/ {
+        proxy_pass http://forum.server.ank:8080/;
+   }
+
+   location /task {
+       proxy_pass http://task.server.ank:8080;
+   }
+
+   location /shop {
+        proxy_pass http://shop.server.ank:8080;
+   }
+
+   location /vexim/ {
+       proxy_pass http://vexim.server.ank:8080/;
+   }
+
+   location /email {
+       proxy_pass http://email.server.ank:8080;
+   }
+
+   location /awstats {
+       proxy_pass http://awstats.server.ank:8080;
+   }
+
+   location /stats {
+       proxy_pass http://stats.server.ank:8080;
+   }
+
+   location / {
+        proxy_pass http://frontpage.server.ank:8080/;
+    }
+}
diff --git a/linux/conf/nginx/sites-enabled/email.conf b/linux/conf/nginx/sites-enabled/email.conf
new file mode 100644
index 0000000..5b34d7c
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/email.conf
@@ -0,0 +1,63 @@
+server {
+    listen 8080;
+    server_name email.server.ank;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_email,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_email_err,nohostname debug;
+
+    location /email {
+        alias /srv/www/email;
+        index index.php;
+        autoindex off;
+    }
+
+    # Favicon
+    location ~ ^/email/favicon.ico$ {
+        root /srv/www/email/skins/classic/images;
+        log_not_found off;
+        access_log off;
+        expires max;
+    }
+
+    # Robots file
+    location ~ ^/email/robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    # Deny Protected directories
+    location ~ ^/email/(config|temp|logs)/ {
+        deny all;
+    }
+
+    location ~ ^/email/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
+        deny all;
+    }
+
+    location ~ ^/email/(bin|SQL)/ {
+        deny all;
+    }
+
+    # Hide .md files
+    location ~ ^/email/(.+\.md)$ {
+        deny all;
+    }
+
+    # Hide all dot files
+    location ~ ^/email/\. {
+        deny all;
+        access_log off;
+        log_not_found off;
+    }
+
+    location ~  /email/.*\.php {
+        alias /srv/www/email;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_index index.php;
+        try_files $uri /index.php =404;
+        include /etc/nginx/fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_pass 127.0.0.1:9000;
+    }
+}
diff --git a/linux/conf/nginx/sites-enabled/forum.conf b/linux/conf/nginx/sites-enabled/forum.conf
new file mode 100644
index 0000000..14350e3
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/forum.conf
@@ -0,0 +1,39 @@
+server {
+    listen 8080;
+    server_name forum.server.ank;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_forum,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_forum_err,nohostname debug;
+
+    root /srv/www/forum;
+
+    location / {
+        index index.php;
+        try_files $uri $uri/ index.php$is_args$args;
+    }
+
+    location ~ [^/]\.php(/|$) {
+
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        if (!-f $document_root$fastcgi_script_name) {
+            return 404;
+        }
+
+        # Mitigate https://httpoxy.org/ vulnerabilities
+        fastcgi_param HTTP_PROXY "";
+
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+
+        # include the fastcgi_param setting
+        include fastcgi_params;
+
+        # SCRIPT_FILENAME parameter is used for PHP FPM determining
+        #  the script name. If it is not set in fastcgi_params file,
+        # i.e. /etc/nginx/fastcgi_params or in the parent contexts,
+        # please comment off following line
+        fastcgi_param REQUEST_METHOD $request_method;
+        fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
+    }
+
+}
diff --git a/linux/conf/nginx/sites-enabled/frontpage.conf b/linux/conf/nginx/sites-enabled/frontpage.conf
new file mode 100644
index 0000000..7f7e66a
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/frontpage.conf
@@ -0,0 +1,40 @@
+server {
+    listen 8080;
+    server_name frontpage.server.ank;
+
+    #access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_frontpage,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_frontpage_err,nohostname debug;
+
+    root /srv/www/frontpage;
+
+    index index.html index.php;
+
+    location / {
+        index index.html;
+        try_files $uri $uri/ index.html index.php$is_args$args;
+    }
+
+    location ~ [^/]\.php(/|$) {
+
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        if (!-f $document_root$fastcgi_script_name) {
+            return 404;
+        }
+
+        # Mitigate https://httpoxy.org/ vulnerabilities
+        fastcgi_param HTTP_PROXY "";
+
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+
+        # include the fastcgi_param setting
+        include fastcgi_params;
+
+        # SCRIPT_FILENAME parameter is used for PHP FPM determining
+        #  the script name. If it is not set in fastcgi_params file,
+        # i.e. /etc/nginx/fastcgi_params or in the parent contexts,
+        # please comment off following line
+        fastcgi_param REQUEST_METHOD $request_method;
+        fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
+    }
+}
diff --git a/linux/conf/nginx/sites-enabled/git.conf b/linux/conf/nginx/sites-enabled/git.conf
new file mode 100644
index 0000000..f9d2d97
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/git.conf
@@ -0,0 +1,24 @@
+server {
+    listen 8080;
+    server_name git.server.ank;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_git,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_git_err,nohostname debug;
+
+    root /srv/www/gitweb;
+
+    location /git/static {
+        # static files (png/css) served from /usr/share/gitweb/static
+        alias /srv/www/gitweb/static;
+    }
+
+    location / {
+        index gitweb.cgi;
+        fastcgi_split_path_info      ^/git()(/?.+)$;
+        fastcgi_param GITWEB_CONFIG  /etc/gitweb.conf;
+        fastcgi_param DOCUMENT_ROOT  /srv/www/gitweb;
+        fastcgi_param SCRIPT_NAME    /gitweb.cgi$fastcgi_path_info;
+        include fastcgi_params;
+        fastcgi_pass unix:/var/run/fcgiwrap.sock;
+    }
+}
diff --git a/linux/conf/nginx/sites-enabled/ports.conf b/linux/conf/nginx/sites-enabled/ports.conf
new file mode 100644
index 0000000..829d710
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/ports.conf
@@ -0,0 +1,55 @@
+server {
+    listen       80;
+    server_name  localhost ports.ank default_host;
+
+    access_log /var/log/nginx/ports_access.log;
+    error_log /var/log/nginx/ports_error.log;
+
+    location /mirror/archive {
+    	autoindex on;
+    	alias /usr/ports/archive;
+    }
+
+    location /mirror/packages {
+    	autoindex on;
+    	alias /usr/ports/packages;
+    }
+
+    location /mirror/distfiles {
+    	autoindex on;
+    	alias /usr/ports/distfiles;
+    }
+    		
+    location /mirror/bugs {
+    	autoindex on;
+    	alias /usr/ports/pkgbuild;
+    	types {
+    		text/plain log;
+    	}
+    }
+
+    location /mirror/installed {
+    	autoindex on;
+    	alias /usr/ports/installed;
+    	default_type text/plain;
+    }
+    	
+    location /mirror/releases {
+    	autoindex on;
+    	alias /usr/ports/releases;
+    }
+
+	location /mirror/ {
+         return 301 https://tribu.semdestino.org/wiki/Main/Mirror;
+    }
+
+    error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   html;
+    }
+}
+
diff --git a/linux/conf/nginx/sites-enabled/shop.conf b/linux/conf/nginx/sites-enabled/shop.conf
new file mode 100644
index 0000000..de34e40
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/shop.conf
@@ -0,0 +1,86 @@
+server {
+    listen 8080;
+    server_name shop.server.ank;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_shop,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_shop_err,nohostname debug;
+
+    location ~ ^/shop/admin {
+        alias /srv/www/shop/upload/admin;
+        index index.php;
+
+        location ~ ^/shop/admin/config.php {
+            deny all;
+        }
+
+        location ~ \.php$ {
+            include /etc/nginx/fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $request_filename$1;
+            fastcgi_pass 127.0.0.1:9000;
+        }
+    }
+
+    location ^~ /shop {
+        alias /srv/www/shop/upload;
+        index index.php;
+        #try_files $uri $uri/ index.php$is_args$args;
+        #try_files index.php @opencart;
+
+        location ~ ^/shop/upload/image/data {
+            autoindex on;
+        }
+
+        location ~ ^/shop/config.php {
+            deny all;
+        }
+
+
+        location ~ ^/shop/admin/config.php {
+            deny all;
+        }
+
+# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+#
+        location ~ ^/shop/\. {
+            deny all;
+            access_log off;
+            log_not_found off;
+        }
+        location ~ ^/shop/\.(jpg|jpeg|png|gif|css|js|ico)$ {
+            expires max;
+            log_not_found off;
+        }
+
+        location ~  \.php$ {
+            include /etc/nginx/fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $request_filename$1;
+            fastcgi_pass 127.0.0.1:9000;
+            #fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            #fastcgi_split_path_info ^(.+\.php)(.*)$;
+            #fastcgi_index index.php;
+            #try_files $uri /index.php =404;
+    # fastcgi_pass unix:/var/run/php5-fpm.sock;
+        }
+
+    }
+   
+
+    location @tribushop {
+        rewrite ^/shop/(.+)$ /shop/index.php?_route_=$1 last;
+    }
+
+    location /shop/engine {
+        deny all;
+    }
+
+    location ~ ^/shop/library {
+        deny all;
+    }
+
+    # Make sure files with the following extensions do not
+    # get loaded by nginx because nginx would display the
+    # source code, and these files can contain PASSWORDS!
+    location ~ ^/shop/\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|.*ini|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
+            deny all;
+    }
+}
diff --git a/linux/conf/nginx/sites-enabled/task.conf b/linux/conf/nginx/sites-enabled/task.conf
new file mode 100644
index 0000000..8b15ee5
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/task.conf
@@ -0,0 +1,21 @@
+server {
+    listen 8080;
+    server_name task.server.ank;
+
+    location /task {
+        index index.php;
+        alias /srv/www/task;
+        try_files $uri $uri/ index.php$is_args$args;
+    }
+
+    location ~  ^/task(.+\.php)$ { ### This location block was the solution
+        alias /srv/www/task;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_index index.php;
+        try_files $uri /index.php =404;
+        include /etc/nginx/fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$1;
+# fastcgi_pass unix:/var/run/php5-fpm.sock;
+        fastcgi_pass 127.0.0.1:9000;
+    }
+}
diff --git a/linux/conf/nginx/sites-enabled/vexim.conf b/linux/conf/nginx/sites-enabled/vexim.conf
new file mode 100644
index 0000000..d113cdc
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/vexim.conf
@@ -0,0 +1,39 @@
+server {
+    listen 8080;
+    server_name vexim.server.ank;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vexim,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vexim_err,nohostname debug;
+
+    root /srv/www/vexim;
+
+    location / {
+        index index.php;
+        autoindex off;
+    }
+
+    location ~ [^/]\.php(/|$) {
+
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        if (!-f $document_root$fastcgi_script_name) {
+            return 404;
+        }
+
+        # Mitigate https://httpoxy.org/ vulnerabilities
+        fastcgi_param HTTP_PROXY "";
+
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+
+        # include the fastcgi_param setting
+        include fastcgi_params;
+
+        # SCRIPT_FILENAME parameter is used for PHP FPM determining
+        #  the script name. If it is not set in fastcgi_params file,
+        # i.e. /etc/nginx/fastcgi_params or in the parent contexts,
+        # please comment off following line
+        fastcgi_param REQUEST_METHOD $request_method;
+        fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
+    }
+
+}
diff --git a/linux/conf/nginx/sites-enabled/wiki.conf b/linux/conf/nginx/sites-enabled/wiki.conf
new file mode 100644
index 0000000..1e3b4d1
--- /dev/null
+++ b/linux/conf/nginx/sites-enabled/wiki.conf
@@ -0,0 +1,39 @@
+server {
+    listen 8080;
+    server_name wiki.server.ank;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=vh_tribu,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=vh_tribu_err,nohostname debug;
+
+    root /srv/www/;
+
+    location /pub {
+        alias /srv/www/wiki/pub;
+    }
+    # ACME challenge
+    location ^~ /.well-known {
+        allow all;
+        alias /srv/www/wiki/pub/cert/.well-known/;
+        default_type "text/plain";
+        try_files $uri =404;
+    }
+
+    location @pmwiki {
+        rewrite ^/wiki/(.*) /wiki/pmwiki.php?n=$1;
+    }
+
+    location /wiki {
+        index pmwiki.php;
+        try_files $uri $uri/ @pmwiki;
+    }
+
+    location ~  ^\/wiki(.+\.php)$ {
+        index pmwiki.php;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_index pmwiki.php;
+        try_files $uri /pmwiki.php =404;
+        include /etc/nginx/fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_pass 127.0.0.1:9000;
+    }
+}
08'>^
805d58c6 ^

e4ac3c9e ^
805d58c6 ^



5fe060d5 ^
805d58c6 ^
204dae92 ^
4a48bedc ^
805d58c6 ^


5fe060d5 ^
805d58c6 ^

e4ac3c9e ^
805d58c6 ^




204dae92 ^




201458e3 ^
5fe060d5 ^
204dae92 ^
805d58c6 ^
e4ac3c9e ^
805d58c6 ^
204dae92 ^

805d58c6 ^
204dae92 ^
805d58c6 ^
204dae92 ^

76755b28 ^


a654e4ec ^
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221