diff options
Diffstat (limited to 'linux/conf/nginx/sites-enabled/default.conf')
-rw-r--r-- | linux/conf/nginx/sites-enabled/default.conf | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/linux/conf/nginx/sites-enabled/default.conf b/linux/conf/nginx/sites-enabled/default.conf new file mode 100644 index 0000000..f7a6928 --- /dev/null +++ b/linux/conf/nginx/sites-enabled/default.conf @@ -0,0 +1,96 @@ +server { +#if ($http_user_agent ~* (AhrefsBot|SemrushBot|MJ12Bot|DotBot)) { +# return 410; +#} + +##listen 443 ssl http2; + server_name tribu.semdestino.org; + + listen 80 default_server; + listen 443 ssl default_server; +# listen [::]:443 ssl http2; + + access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost,nohostname main; + error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost_err,nohostname debug; + + root /etc/nginx/html/; + + ssl_certificate /etc/letsencrypt/live/tribu.semdestino.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/tribu.semdestino.org/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/tribu.semdestino.org/chain.pem; + + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:50m; + ssl_session_tickets off; + ssl_protocols TLSv1.2; + ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; + ssl_prefer_server_ciphers on; + add_header Strict-Transport-Security max-age=15768000; + ssl_stapling on; + ssl_stapling_verify on; + + +#proxy_redirect off; +#proxy_set_header Host $http_host; +proxy_set_header X-Forwarded-Host $http_host; +#proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + + location /doc { + alias /srv/www/doc; + index index.html; + autoindex on; + } + + location /mirror { + proxy_pass http://ports.ank; + } + + location /pub { + proxy_pass http://wiki.server.ank:8080; + } + location ^~ /.well-known { + # ACME challenge + proxy_pass http://wiki.server.ank; + } + location /wiki { + proxy_pass http://wiki.server.ank:8080; + } + + location /git { + proxy_pass http://git.server.ank:8080; + } + + location /forum/ { + proxy_pass http://forum.server.ank:8080/; + } + + location /task { + proxy_pass http://task.server.ank:8080; + } + + location /shop { + proxy_pass http://shop.server.ank:8080; + } + + location /vexim/ { + proxy_pass http://vexim.server.ank:8080/; + } + + location /email { + proxy_pass http://email.server.ank:8080; + } + + location /awstats { + proxy_pass http://awstats.server.ank:8080; + } + + location /stats { + proxy_pass http://stats.server.ank:8080; + } + + location / { + proxy_pass http://frontpage.server.ank:8080/; + } +} |