initial commit

nginx.conf

@@ -0,0 +1,203 @@
+worker_processes  2;
+
+events {
+  worker_connections  1024;
+}
+
+http {
+  # Some SSL stuff
+  # when move to nginx 1.13, add TLSv1.3 below
+  ssl_protocols TLSv1.2;
+  ssl_prefer_server_ciphers on;
+  # specifically, not RC4.
+  ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
+
+  # Some global configurations
+  client_max_body_size 10M;
+  include mime.types;
+  default_type application/octet-stream;
+  sendfile on;
+  keepalive_timeout  65;
+  gzip  on;
+
+  # http://ja13.org and https://ja13.org
+  server {
+    server_name ja13.org;
+    listen 80;
+    listen 443 http2 ssl;
+    root /srv/http/http;
+
+    ssl_certificate /etc/letsencrypt/live/ja13.org-0001/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/ja13.org-0001/privkey.pem;
+
+    location / {
+      index index.html;
+      autoindex on;
+    }
+
+    location /robots.txt {
+      root /srv/http/common;
+      index robots.txt;
+    }
+
+    location /favicon.ico {
+      root /srv/http/common;
+      index favicon.ico;
+    }
+
+    location /resume.pdf {
+      root /srv/http/resume;
+      index resume.pdf;
+    }
+  }
+
+  # http://john.ja13.org and https://john.ja13.org
+  server {
+    server_name john.ja13.org;
+    listen 80;
+    listen 443 http2 ssl;
+    root /srv/http/john;
+
+    ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
+
+    location / {
+      proxy_pass http://10.0.0.4;
+    }
+  }
+
+  # http://ns1.ja13.org and https://ns1.ja13.org
+  server {
+    server_name ns1.ja13.org;
+    listen 80;
+    listen 443 http2 ssl;
+    root /srv/http/ns1;
+
+    ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
+
+    location / {
+      index index.html;
+      autoindex on;
+    }
+
+    location /robots.txt {
+      root /srv/http/common;
+      index robots.txt;
+    }
+
+    location /favicon.ico {
+      root /srv/http/common;
+      index favicon.ico;
+    }
+  }
+
+  # http://wifi.ja13.org and https://wifi.ja13.org
+  server {
+    server_name wifi.ja13.org;
+    listen 80;
+    listen 443 http2 ssl;
+    root /srv/http;
+
+    allow 10.0.0.0/24;
+    deny all;
+    
+    ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
+
+    location / {
+      proxy_set_header Referer "";
+      proxy_ssl_verify off;
+      proxy_pass https://127.0.0.1:8443;
+    } 
+  }
+
+  # http://source.ja13.org and https://source.ja13.org
+  server {
+    server_name source.ja13.org;
+    listen 80;
+    listen 443 http2 ssl;
+
+    ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
+
+    location / {
+      # this will probably be changed later
+      proxy_pass http://10.0.0.10:80;
+    }
+
+    location /robots.txt {
+      root /srv/http/common;
+      index robots.txt;
+    }
+
+    location /favicon.ico {
+      root /srv/http/common;
+      index favicon.ico;
+    }
+  }
+
+  server {
+    server_name nx.ja13.org;
+    listen 80;
+    location / {
+      return 301 https://docs.plm.automation.siemens.com/tdoc/nx/12.0.1/nx_help/;
+    }
+  }
+
+  # http://resume.ja13.org and https://resume.ja13.org
+  server {
+    server_name resume.ja13.org;
+    listen 80;
+    listen 443 http2 ssl;
+    root /srv/http/resume;
+
+    ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
+
+    location / {
+      index index.html;
+      autoindex on;
+    }
+
+    location /robots.txt {
+      root /srv/http/common;
+      index robots.txt;
+    }
+
+    location /favicon.ico {
+      root /srv/http/common;
+      index favicon.ico;
+    }
+  }
+
+  # http://*.ja13.org and https://*.ja13.org (a catch all domain)
+  server {
+    server_name _;
+    listen 80 default_server;
+    listen 443 http2 default_server ssl;
+    root /srv/http/lost;
+    ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
+
+    location / {
+      index index.html;
+      autoindex on;
+    }
+
+    location /robots.txt {
+      root /srv/http/common;
+      index robots.txt;
+    }
+
+    location /favicon.ico {
+      root /srv/http/common;
+      index favicon.ico;
+    }
+
+    location /resume.pdf {
+      root /srv/http/resume;
+      index resume.pdf;
+    }
+  }
+}