about summary refs log tree commit diff stats
path: root/tools/conf/etc/nginx/sites-enabled
diff options
context:
space:
mode:
Diffstat (limited to 'tools/conf/etc/nginx/sites-enabled')
-rw-r--r--tools/conf/etc/nginx/sites-enabled/default.conf157
-rw-r--r--tools/conf/etc/nginx/sites-enabled/email.conf63
-rw-r--r--tools/conf/etc/nginx/sites-enabled/forum.conf39
-rw-r--r--tools/conf/etc/nginx/sites-enabled/frontpage.conf40
-rw-r--r--tools/conf/etc/nginx/sites-enabled/git.conf24
-rw-r--r--tools/conf/etc/nginx/sites-enabled/git.localhost.conf25
-rw-r--r--tools/conf/etc/nginx/sites-enabled/ports.conf55
-rw-r--r--tools/conf/etc/nginx/sites-enabled/shop.conf86
-rw-r--r--tools/conf/etc/nginx/sites-enabled/task.conf21
-rw-r--r--tools/conf/etc/nginx/sites-enabled/vexim.conf39
-rw-r--r--tools/conf/etc/nginx/sites-enabled/wiki.conf39
11 files changed, 481 insertions, 107 deletions
diff --git a/tools/conf/etc/nginx/sites-enabled/default.conf b/tools/conf/etc/nginx/sites-enabled/default.conf
index c35b0cd..f7a6928 100644
--- a/tools/conf/etc/nginx/sites-enabled/default.conf
+++ b/tools/conf/etc/nginx/sites-enabled/default.conf
@@ -1,15 +1,24 @@
 server {
+#if ($http_user_agent ~* (AhrefsBot|SemrushBot|MJ12Bot|DotBot)) {
+#     return 410;
+#}
 
-#listen 443 ssl http2;
-    listen 443 ssl;
+##listen 443 ssl http2;
+    server_name tribu.semdestino.org;
 
-#    listen 80;
-    server_name machine.example;
+    listen 80 default_server;
+   listen 443 ssl default_server;
+#   listen [::]:443 ssl http2;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost_err,nohostname debug;
+
+    root /etc/nginx/html/;
+
+    ssl_certificate /etc/letsencrypt/live/tribu.semdestino.org/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/tribu.semdestino.org/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/tribu.semdestino.org/chain.pem;
 
-#  listen [::]:443 ssl http2;
-    ssl_certificate /etc/letsencrypt/live/machine.example/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/machine.example/privkey.pem;
-    ssl_trusted_certificate /etc/letsencrypt/live/machine.example/chain.pem;
     ssl_session_timeout 1d;
     ssl_session_cache shared:SSL:50m;
     ssl_session_tickets off;
@@ -20,84 +29,68 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
-    access_log /var/log/nginx/access.log;
-    error_log  /var/log/nginx/error.log;
 
+#proxy_redirect off;
+#proxy_set_header Host $http_host;
+proxy_set_header X-Forwarded-Host $http_host;
+#proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
-    root /srv/www;
 
-    location /ports/distfiles {
-        alias /usr/ports/distfiles;
+   location /doc {
+       alias /srv/www/doc;
+       index index.html;
+        autoindex on;
     }
 
-    location /ports/packages {
-        alias /usr/ports/distfiles;
-    }
-
-    location /doc {
-        alias /srv/www/doc;
-        index index.html;
-    }
-
-    location /git/static {
-# static files (png/css) served from /usr/share/gitweb/static
-        alias /srv/www/gitweb/static;
-        expires 30d;
-    }
-
-    location /git {
-        alias /srv/www/gitweb;
-        index gitweb.cgi;
-        fastcgi_split_path_info      ^/git()(/?.+)$;
-        fastcgi_param GITWEB_CONFIG  /etc/gitweb.conf;
-        fastcgi_param DOCUMENT_ROOT  /srv/www/gitweb;
-        fastcgi_param SCRIPT_NAME    /gitweb.cgi$fastcgi_path_info;
-
-        include fastcgi_params;
-        fastcgi_pass unix:/var/run/fcgiwrap.sock;
-    }
-
-    location /task {
-        index index.php;
-        alias /srv/www/flyspray;
-        try_files $uri $uri/ index.php$is_args$args;
-    }
-
-    location ~  ^/task(.+\.php)$ { ### This location block was the solution
-        alias /srv/www/flyspray;
-        fastcgi_split_path_info ^(.+\.php)(/.+)$;
-        fastcgi_index index.php;
-        try_files $uri /index.php =404;	
-        include /etc/nginx/fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$1;
-# fastcgi_pass unix:/var/run/php5-fpm.sock;
-        fastcgi_pass 127.0.0.1:9000;
-    }
-
-    location / {
-        alias /srv/www/pmwiki/;
-        index pmwiki.php;
-        try_files $uri $uri/ /pmwiki.php$is_args$args;
-    }
-
-# ACME challenge
-    location ^~ /.well-known {
-        allow all;
-        alias /srv/www/pmwiki/pub/cert/.well-known/;
-        default_type "text/plain";
-        try_files $uri =404;
-    }
-
-
-    location ~ \.php$ {
-        alias /srv/www/pmwiki;
-        index pmwiki.php;
-        fastcgi_split_path_info ^(.+\.php)(/.+)$;
-        fastcgi_index pmwiki.php;
-        try_files $uri /pmwiki.php =404;
-        include /etc/nginx/fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-# fastcgi_pass unix:/var/run/php5-fpm.sock;
-        fastcgi_pass 127.0.0.1:9000;
+   location /mirror {
+       proxy_pass http://ports.ank;
+   }
+
+   location /pub {
+       proxy_pass http://wiki.server.ank:8080;
+   }
+   location ^~ /.well-known {
+       # ACME challenge
+       proxy_pass http://wiki.server.ank;
+   }
+   location /wiki {
+        proxy_pass http://wiki.server.ank:8080;
+   }
+
+   location /git {
+       proxy_pass http://git.server.ank:8080;
+   }
+
+   location /forum/ {
+        proxy_pass http://forum.server.ank:8080/;
+   }
+
+   location /task {
+       proxy_pass http://task.server.ank:8080;
+   }
+
+   location /shop {
+        proxy_pass http://shop.server.ank:8080;
+   }
+
+   location /vexim/ {
+       proxy_pass http://vexim.server.ank:8080/;
+   }
+
+   location /email {
+       proxy_pass http://email.server.ank:8080;
+   }
+
+   location /awstats {
+       proxy_pass http://awstats.server.ank:8080;
+   }
+
+   location /stats {
+       proxy_pass http://stats.server.ank:8080;
+   }
+
+   location / {
+        proxy_pass http://frontpage.server.ank:8080/;
     }
 }
diff --git a/tools/conf/etc/nginx/sites-enabled/email.conf b/tools/conf/etc/nginx/sites-enabled/email.conf
new file mode 100644
index 0000000..5b34d7c
--- /dev/null
+++ b/tools/conf/etc/nginx/sites-enabled/email.conf
@@ -0,0 +1,63 @@
+server {
+    listen 8080;
+    server_name email.server.ank;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_email,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_email_err,nohostname debug;
+
+    location /email {
+        alias /srv/www/email;
+        index index.php;
+        autoindex off;
+    }
+
+    # Favicon
+    location ~ ^/email/favicon.ico$ {
+        root /srv/www/email/skins/classic/images;
+        log_not_found off;
+        access_log off;
+        expires max;
+    }
+
+    # Robots file
+    location ~ ^/email/robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    # Deny Protected directories
+    location ~ ^/email/(config|temp|logs)/ {
+        deny all;
+    }
+
+    location ~ ^/email/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
+        deny all;
+    }
+
+    location ~ ^/email/(bin|SQL)/ {
+        deny all;
+    }
+
+    # Hide .md files
+    location ~ ^/email/(.+\.md)$ {
+        deny all;
+    }
+
+    # Hide all dot files
+    location ~ ^/email/\. {
+        deny all;
+        access_log off;
+        log_not_found off;
+    }
+
+    location ~  /email/.*\.php {
+        alias /srv/www/email;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_index index.php;
+        try_files $uri /index.php =404;
+        include /etc/nginx/fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_pass 127.0.0.1:9000;
+    }
+}
diff --git a/tools/conf/etc/nginx/sites-enabled/forum.conf b/tools/conf/etc/nginx/sites-enabled/forum.conf
new file mode 100644
index 0000000..14350e3
--- /dev/null
+++ b/tools/conf/etc/nginx/sites-enabled/forum.conf
@@ -0,0 +1,39 @@
+server {
+    listen 8080;
+    server_name forum.server.ank;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_forum,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_forum_err,nohostname debug;
+
+    root /srv/www/forum;
+
+    location / {
+        index index.php;
+        try_files $uri $uri/ index.php$is_args$args;
+    }
+
+    location ~ [^/]\.php(/|$) {
+
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        if (!-f $document_root$fastcgi_script_name) {
+            return 404;
+        }
+
+        # Mitigate https://httpoxy.org/ vulnerabilities
+        fastcgi_param HTTP_PROXY "";
+
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+
+        # include the fastcgi_param setting
+        include fastcgi_params;
+
+        # SCRIPT_FILENAME parameter is used for PHP FPM determining
+        #  the script name. If it is not set in fastcgi_params file,
+        # i.e. /etc/nginx/fastcgi_params or in the parent contexts,
+        # please comment off following line
+        fastcgi_param REQUEST_METHOD $request_method;
+        fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
+    }
+
+}
diff --git a/tools/conf/etc/nginx/sites-enabled/frontpage.conf b/tools/conf/etc/nginx/sites-enabled/frontpage.conf
new file mode 100644
index 0000000..7f7e66a
--- /dev/null
+++ b/tools/conf/etc/nginx/sites-enabled/frontpage.conf
@@ -0,0 +1,40 @@
+server {
+    listen 8080;
+    server_name frontpage.server.ank;
+
+    #access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_frontpage,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_frontpage_err,nohostname debug;
+
+    root /srv/www/frontpage;
+
+    index index.html index.php;
+
+    location / {
+        index index.html;
+        try_files $uri $uri/ index.html index.php$is_args$args;
+    }
+
+    location ~ [^/]\.php(/|$) {
+
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        if (!-f $document_root$fastcgi_script_name) {
+            return 404;
+        }
+
+        # Mitigate https://httpoxy.org/ vulnerabilities
+        fastcgi_param HTTP_PROXY "";
+
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+
+        # include the fastcgi_param setting
+        include fastcgi_params;
+
+        # SCRIPT_FILENAME parameter is used for PHP FPM determining
+        #  the script name. If it is not set in fastcgi_params file,
+        # i.e. /etc/nginx/fastcgi_params or in the parent contexts,
+        # please comment off following line
+        fastcgi_param REQUEST_METHOD $request_method;
+        fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
+    }
+}
diff --git a/tools/conf/etc/nginx/sites-enabled/git.conf b/tools/conf/etc/nginx/sites-enabled/git.conf
new file mode 100644
index 0000000..f9d2d97
--- /dev/null
+++ b/tools/conf/etc/nginx/sites-enabled/git.conf
@@ -0,0 +1,24 @@
+server {
+    listen 8080;
+    server_name git.server.ank;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_git,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_git_err,nohostname debug;
+
+    root /srv/www/gitweb;
+
+    location /git/static {
+        # static files (png/css) served from /usr/share/gitweb/static
+        alias /srv/www/gitweb/static;
+    }
+
+    location / {
+        index gitweb.cgi;
+        fastcgi_split_path_info      ^/git()(/?.+)$;
+        fastcgi_param GITWEB_CONFIG  /etc/gitweb.conf;
+        fastcgi_param DOCUMENT_ROOT  /srv/www/gitweb;
+        fastcgi_param SCRIPT_NAME    /gitweb.cgi$fastcgi_path_info;
+        include fastcgi_params;
+        fastcgi_pass unix:/var/run/fcgiwrap.sock;
+    }
+}
diff --git a/tools/conf/etc/nginx/sites-enabled/git.localhost.conf b/tools/conf/etc/nginx/sites-enabled/git.localhost.conf
deleted file mode 100644
index 910df66..0000000
--- a/tools/conf/etc/nginx/sites-enabled/git.localhost.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-server {
-    listen 443 ssl;
-
-    server_name git.localhost git.machine.example git.machine.example.org;
-
-    root /srv/www/gitweb;
-
-    location /static/ {
-        # static files (png/css) served from /usr/share/gitweb/static
-        root /usr/share/gitweb ;
-        expires 30d;
-    }
-
-    location / {
-        index gitweb.cgi
-        fastcgi_param GITWEB_CONFIG  /etc/gitweb.conf;
-        fastcgi_param DOCUMENT_ROOT  /srv/www/gitweb/;
-        fastcgi_param SCRIPT_NAME    /gitweb.cgi$fastcgi_path_info;
-        fastcgi_split_path_info      ^()(/?.+)$;
-
-        include fastcgi_params;
-        fastcgi_pass unix:/var/run/fcgiwrap.sock;
-     }
-
-}
diff --git a/tools/conf/etc/nginx/sites-enabled/ports.conf b/tools/conf/etc/nginx/sites-enabled/ports.conf
new file mode 100644
index 0000000..829d710
--- /dev/null
+++ b/tools/conf/etc/nginx/sites-enabled/ports.conf
@@ -0,0 +1,55 @@
+server {
+    listen       80;
+    server_name  localhost ports.ank default_host;
+
+    access_log /var/log/nginx/ports_access.log;
+    error_log /var/log/nginx/ports_error.log;
+
+    location /mirror/archive {
+    	autoindex on;
+    	alias /usr/ports/archive;
+    }
+
+    location /mirror/packages {
+    	autoindex on;
+    	alias /usr/ports/packages;
+    }
+
+    location /mirror/distfiles {
+    	autoindex on;
+    	alias /usr/ports/distfiles;
+    }
+    		
+    location /mirror/bugs {
+    	autoindex on;
+    	alias /usr/ports/pkgbuild;
+    	types {
+    		text/plain log;
+    	}
+    }
+
+    location /mirror/installed {
+    	autoindex on;
+    	alias /usr/ports/installed;
+    	default_type text/plain;
+    }
+    	
+    location /mirror/releases {
+    	autoindex on;
+    	alias /usr/ports/releases;
+    }
+
+	location /mirror/ {
+         return 301 https://tribu.semdestino.org/wiki/Main/Mirror;
+    }
+
+    error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   html;
+    }
+}
+
diff --git a/tools/conf/etc/nginx/sites-enabled/shop.conf b/tools/conf/etc/nginx/sites-enabled/shop.conf
new file mode 100644
index 0000000..de34e40
--- /dev/null
+++ b/tools/conf/etc/nginx/sites-enabled/shop.conf
@@ -0,0 +1,86 @@
+server {
+    listen 8080;
+    server_name shop.server.ank;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_shop,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_shop_err,nohostname debug;
+
+    location ~ ^/shop/admin {
+        alias /srv/www/shop/upload/admin;
+        index index.php;
+
+        location ~ ^/shop/admin/config.php {
+            deny all;
+        }
+
+        location ~ \.php$ {
+            include /etc/nginx/fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $request_filename$1;
+            fastcgi_pass 127.0.0.1:9000;
+        }
+    }
+
+    location ^~ /shop {
+        alias /srv/www/shop/upload;
+        index index.php;
+        #try_files $uri $uri/ index.php$is_args$args;
+        #try_files index.php @opencart;
+
+        location ~ ^/shop/upload/image/data {
+            autoindex on;
+        }
+
+        location ~ ^/shop/config.php {
+            deny all;
+        }
+
+
+        location ~ ^/shop/admin/config.php {
+            deny all;
+        }
+
+# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+#
+        location ~ ^/shop/\. {
+            deny all;
+            access_log off;
+            log_not_found off;
+        }
+        location ~ ^/shop/\.(jpg|jpeg|png|gif|css|js|ico)$ {
+            expires max;
+            log_not_found off;
+        }
+
+        location ~  \.php$ {
+            include /etc/nginx/fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $request_filename$1;
+            fastcgi_pass 127.0.0.1:9000;
+            #fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            #fastcgi_split_path_info ^(.+\.php)(.*)$;
+            #fastcgi_index index.php;
+            #try_files $uri /index.php =404;
+    # fastcgi_pass unix:/var/run/php5-fpm.sock;
+        }
+
+    }
+   
+
+    location @tribushop {
+        rewrite ^/shop/(.+)$ /shop/index.php?_route_=$1 last;
+    }
+
+    location /shop/engine {
+        deny all;
+    }
+
+    location ~ ^/shop/library {
+        deny all;
+    }
+
+    # Make sure files with the following extensions do not
+    # get loaded by nginx because nginx would display the
+    # source code, and these files can contain PASSWORDS!
+    location ~ ^/shop/\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|.*ini|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
+            deny all;
+    }
+}
diff --git a/tools/conf/etc/nginx/sites-enabled/task.conf b/tools/conf/etc/nginx/sites-enabled/task.conf
new file mode 100644
index 0000000..8b15ee5
--- /dev/null
+++ b/tools/conf/etc/nginx/sites-enabled/task.conf
@@ -0,0 +1,21 @@
+server {
+    listen 8080;
+    server_name task.server.ank;
+
+    location /task {
+        index index.php;
+        alias /srv/www/task;
+        try_files $uri $uri/ index.php$is_args$args;
+    }
+
+    location ~  ^/task(.+\.php)$ { ### This location block was the solution
+        alias /srv/www/task;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_index index.php;
+        try_files $uri /index.php =404;
+        include /etc/nginx/fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$1;
+# fastcgi_pass unix:/var/run/php5-fpm.sock;
+        fastcgi_pass 127.0.0.1:9000;
+    }
+}
diff --git a/tools/conf/etc/nginx/sites-enabled/vexim.conf b/tools/conf/etc/nginx/sites-enabled/vexim.conf
new file mode 100644
index 0000000..d113cdc
--- /dev/null
+++ b/tools/conf/etc/nginx/sites-enabled/vexim.conf
@@ -0,0 +1,39 @@
+server {
+    listen 8080;
+    server_name vexim.server.ank;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vexim,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vexim_err,nohostname debug;
+
+    root /srv/www/vexim;
+
+    location / {
+        index index.php;
+        autoindex off;
+    }
+
+    location ~ [^/]\.php(/|$) {
+
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        if (!-f $document_root$fastcgi_script_name) {
+            return 404;
+        }
+
+        # Mitigate https://httpoxy.org/ vulnerabilities
+        fastcgi_param HTTP_PROXY "";
+
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+
+        # include the fastcgi_param setting
+        include fastcgi_params;
+
+        # SCRIPT_FILENAME parameter is used for PHP FPM determining
+        #  the script name. If it is not set in fastcgi_params file,
+        # i.e. /etc/nginx/fastcgi_params or in the parent contexts,
+        # please comment off following line
+        fastcgi_param REQUEST_METHOD $request_method;
+        fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
+    }
+
+}
diff --git a/tools/conf/etc/nginx/sites-enabled/wiki.conf b/tools/conf/etc/nginx/sites-enabled/wiki.conf
new file mode 100644
index 0000000..1e3b4d1
--- /dev/null
+++ b/tools/conf/etc/nginx/sites-enabled/wiki.conf
@@ -0,0 +1,39 @@
+server {
+    listen 8080;
+    server_name wiki.server.ank;
+
+    access_log syslog:server=unix:/dev/log,facility=daemon,tag=vh_tribu,nohostname main;
+    error_log syslog:server=unix:/dev/log,facility=daemon,tag=vh_tribu_err,nohostname debug;
+
+    root /srv/www/;
+
+    location /pub {
+        alias /srv/www/wiki/pub;
+    }
+    # ACME challenge
+    location ^~ /.well-known {
+        allow all;
+        alias /srv/www/wiki/pub/cert/.well-known/;
+        default_type "text/plain";
+        try_files $uri =404;
+    }
+
+    location @pmwiki {
+        rewrite ^/wiki/(.*) /wiki/pmwiki.php?n=$1;
+    }
+
+    location /wiki {
+        index pmwiki.php;
+        try_files $uri $uri/ @pmwiki;
+    }
+
+    location ~  ^\/wiki(.+\.php)$ {
+        index pmwiki.php;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_index pmwiki.php;
+        try_files $uri /pmwiki.php =404;
+        include /etc/nginx/fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_pass 127.0.0.1:9000;
+    }
+}