diff options
Diffstat (limited to 'tools/nginx.html')
| -rw-r--r-- | tools/nginx.html | 162 |
1 files changed, 115 insertions, 47 deletions
diff --git a/tools/nginx.html b/tools/nginx.html index 7094ac7..d64356d 100644 --- a/tools/nginx.html +++ b/tools/nginx.html @@ -60,11 +60,11 @@ <p>First run dryrun to test if everything is ok;</p> <pre> - # certbot certonly --dry-run --email user@mail.org --webroot -w /srv/www/c9-pmwiki/pub/cert/-d hive.gnu.systems + # certbot certonly --dry-run --email user@mail.org --webroot -w /srv/www/c9-pmwiki/pub/cert/-d example.sub.domain </pre> <pre> - # certbot certonly --email user@mail.org --webroot -w /srv/www/c9-pmwiki/pub/cert/-d hive.gnu.systems + # certbot certonly --email user@mail.org --webroot -w /srv/www/c9-pmwiki/pub/cert/-d example.sub.domain </pre> <h3 id="mancert">2.2. Self certificate</h2> @@ -175,7 +175,7 @@ 1024 </pre> - <p>Example of http block with ssl configured;</p> + <p>Edit ngnix configutarion;</p> <pre> # @@ -183,7 +183,7 @@ # - user nginx; + user www; worker_processes auto; error_log /var/log/nginx/error.log; @@ -195,34 +195,31 @@ worker_connections 1024; } - http { include mime.types; default_type application/octet-stream; - ## - # SSL Settings - ## - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE - ssl_prefer_server_ciphers on; - - # ssl on; - ssl_certificate /etc/ssl/certs/nginx.crt; - ssl_certificate_key /etc/ssl/keys/nginx.key; - #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; - sendfile on; #tcp_nopush on; - keepalive_timeout 65; - client_body_timeout 12; - client_header_timeout 12; + # Allow attach iso to wiki + #client_max_body_size 8M; + client_max_body_size 30M; + #keepalive_timeout 65; + keepalive_timeout 120; + #client_body_timeout 12; + client_body_timeout 24; + #client_header_timeout 12; + client_header_timeout 24; + + #client_max_body_size 10000M; + #keepalive_timeout 10000; + #client_body_timeout 10000; + #client_header_timeout 10000; send_timeout 65; @@ -235,15 +232,6 @@ gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; - ## - # Virtual Host Configs - ## - server { - listen 80 default_server; - server_name _; - return 301 https://$host$request_uri; - } - include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*.conf; @@ -294,48 +282,113 @@ <p> This server is configured in a way that root serves pmwiki and /tasks serves flyspray. In order to - flyspray to link correctly change index is needed;</p> + flyspray to link correctly change index is needed. Create /etc/nginx/sites-enabled/example.sub.domain.conf;</p> <pre> server { + listen 443 ssl; - # listen [::]:443 ssl; + listen 80; + server_name example.sub.domain; + + # listen [::]:443 ssl http2; + ssl_certificate /etc/letsencrypt/live/example.sub.domain/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/example.sub.domain/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/example.sub.domain/chain.pem; + + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:50m; + ssl_session_tickets off; + ssl_protocols TLSv1.2; + ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; + ssl_prefer_server_ciphers on; + add_header Strict-Transport-Security max-age=15768000; + ssl_stapling on; + ssl_stapling_verify on; - server_name c9.core; + access_log /var/log/nginx/example_access.log; + error_log /var/log/nginx/example_error.log; - root /srv/www/default; + root /srv/www/; - location /distfiles { - alias /usr/ports/distfiles; + location /mirror { + #alias /usr/ports/releases; + proxy_pass http://10.0.0.3:80/; } + location /builder { + rewrite ^/blog(.*) /$1 break; + proxy_pass http://10.0.0.3:80; + } - location /tasks { + location /doc { + alias /srv/www/doc; + index index.html; + } + + location /git/static { + # static files (png/css) served from /usr/share/gitweb/static + alias /srv/www/gitweb/static; + } + + location /git { + alias /srv/www/gitweb; + index gitweb.cgi; + fastcgi_split_path_info ^/git()(/?.+)$; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_param DOCUMENT_ROOT /srv/www/gitweb; + fastcgi_param SCRIPT_NAME /gitweb.cgi$fastcgi_path_info; + + include fastcgi_params; + fastcgi_pass unix:/var/run/fcgiwrap.sock; + } + + location /chat { index index.php; - alias /srv/www/default/flyspray; + alias /srv/www/chat; try_files $uri $uri/ index.php$is_args$args; } - location ~ ^/tasks(.+\.php)$ { - alias /srv/www/default/flyspray; + location ~ ^/chat(.+\.php)$ { ### This location block was the solution + alias /srv/www/chat; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$1; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } + + + location /task { + index index.php; + alias /srv/www/flyspray; + try_files $uri $uri/ index.php$is_args$args; + } + location ~ ^/task(.+\.php)$ { ### This location block was the solution + alias /srv/www/flyspray; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index index.php; - try_files $uri /index.php =404; + try_files $uri /index.php =404; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$1; # fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_pass 127.0.0.1:9000; } - location / { - alias /srv/www/default/pmwiki/; - index pmwiki.php + location /pub { + alias /srv/www/pmwiki/pub; + } + location /wiki { + alias /srv/www/pmwiki/; + index pmwiki.php; try_files $uri $uri/ /pmwiki.php$is_args$args; } - - location ~ \.php$ { - alias /srv/www/default/pmwiki; + location ~ ^/wiki(.+\.php)$ { + alias /srv/www/pmwiki; + index pmwiki.php; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index pmwiki.php; try_files $uri /pmwiki.php =404; @@ -344,6 +397,21 @@ # fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_pass 127.0.0.1:9000; } + + # ACME challenge + location ^~ /.well-known { + allow all; + alias /srv/www/pmwiki/pub/cert/.well-known/; + default_type "text/plain"; + try_files $uri =404; + } + + location / { + alias /srv/www/frontpage/; + index index.html; + try_files $uri $uri/ /index.html$is_args$args; + } + } </pre> |