No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

nginx.conf 4.3KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190
  1. worker_processes 2;
  2. events {
  3. worker_connections 1024;
  4. }
  5. http {
  6. # Some SSL stuff
  7. ssl_protocols TLSv1.2 TLSv1.3;
  8. ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
  9. ssl_prefer_server_ciphers on;
  10. # Some global configurations
  11. client_max_body_size 10M;
  12. include mime.types;
  13. default_type application/octet-stream;
  14. sendfile on;
  15. keepalive_timeout 65;
  16. gzip on;
  17. # header crap
  18. add_header X-Frame-Options "SAMEORIGIN" always;
  19. add_header X-XSS-Protection "1; mode=block" always;
  20. add_header X-Content-Type-Options "nosniff" always;
  21. add_header Referrer-Policy "no-referrer" always;
  22. add_header Content-Security-Policy "self" always;
  23. # http://ja13.org and https://ja13.org
  24. server {
  25. server_name ja13.org;
  26. listen 80;
  27. listen [::]:80;
  28. listen 443 ssl http2;
  29. listen [::]:443 ssl http2;
  30. root /srv/http/http;
  31. ssl_certificate /etc/letsencrypt/live/ja13.org-0001/fullchain.pem;
  32. ssl_certificate_key /etc/letsencrypt/live/ja13.org-0001/privkey.pem;
  33. location / {
  34. index index.html;
  35. autoindex on;
  36. }
  37. location /robots.txt {
  38. root /srv/http/common;
  39. index robots.txt;
  40. }
  41. location /favicon.ico {
  42. root /srv/http/common;
  43. index favicon.ico;
  44. }
  45. location /resume.pdf {
  46. root /srv/http/resume;
  47. index resume.pdf;
  48. }
  49. }
  50. # http://john.ja13.org and https://john.ja13.org
  51. server {
  52. server_name john.ja13.org;
  53. listen 80;
  54. listen [::]:80;
  55. listen 443 ssl http2;
  56. listen [::]:443 ssl http2;
  57. root /srv/http/john;
  58. allow 10.0.0.0/24;
  59. deny all;
  60. ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
  61. ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
  62. location / {
  63. proxy_pass http://10.0.0.4;
  64. }
  65. }
  66. # http://ns1.ja13.org and https://ns1.ja13.org
  67. server {
  68. server_name ns1.ja13.org;
  69. listen 80;
  70. listen [::]:80;
  71. listen 443 ssl http2;
  72. listen [::]:443 ssl http2;
  73. root /srv/http/ns1;
  74. ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
  75. ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
  76. location / {
  77. index index.html;
  78. autoindex on;
  79. }
  80. location /robots.txt {
  81. root /srv/http/common;
  82. index robots.txt;
  83. }
  84. location /favicon.ico {
  85. root /srv/http/common;
  86. index favicon.ico;
  87. }
  88. }
  89. # http://wifi.ja13.org and https://wifi.ja13.org
  90. server {
  91. server_name wifi.ja13.org;
  92. listen 80;
  93. listen [::]:80;
  94. listen 443 ssl http2;
  95. listen [::]:443 ssl http2;
  96. root /srv/http;
  97. allow 10.0.0.0/24;
  98. deny all;
  99. ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
  100. ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
  101. location / {
  102. proxy_set_header Referer "";
  103. proxy_ssl_verify off;
  104. proxy_pass https://127.0.0.1:8443;
  105. }
  106. }
  107. # http://resume.ja13.org and https://resume.ja13.org
  108. server {
  109. server_name resume.ja13.org;
  110. listen 80;
  111. listen [::]:80;
  112. listen 443 ssl http2;
  113. listen [::]:443 ssl http2;
  114. root /srv/http/resume;
  115. ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
  116. ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
  117. location / {
  118. index index.html;
  119. autoindex on;
  120. }
  121. location /robots.txt {
  122. root /srv/http/common;
  123. index robots.txt;
  124. }
  125. location /favicon.ico {
  126. root /srv/http/common;
  127. index favicon.ico;
  128. }
  129. }
  130. # http://*.ja13.org and https://*.ja13.org (a catch all domain)
  131. server {
  132. server_name _;
  133. listen 80 default_server;
  134. listen [::]:80 default_server;
  135. listen 443 ssl http2 default_server;
  136. listen [::]:443 ssl http2 default_server;
  137. root /srv/http/lost;
  138. ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
  139. ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
  140. location / {
  141. index index.html;
  142. autoindex on;
  143. }
  144. location /robots.txt {
  145. root /srv/http/common;
  146. index robots.txt;
  147. }
  148. location /favicon.ico {
  149. root /srv/http/common;
  150. index favicon.ico;
  151. }
  152. location /resume.pdf {
  153. root /srv/http/resume;
  154. index resume.pdf;
  155. }
  156. }
  157. }