This repository has been archived on 2024-01-26. You can view files and clone it, but cannot push or open issues or pull requests.
nginx-config/sites-available/kraut.space.conf

124 lines
3.6 KiB
Text
Raw Normal View History

2016-05-21 13:47:21 +02:00
server {
listen 0.0.0.0:80 default;
listen [2a01:4f8:151:51a3:176:9:184:3]:80 default;
server_name www.kraut.space;
access_log /var/log/nginx/www.krautspace.de_access.log ano;
error_log /var/log/nginx/www.krautspace.de_error.log;
# weiterleiten
rewrite ^ https://$host$request_uri? permanent;
}
server {
listen 0.0.0.0:443 ssl default;
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl default;
ssl_certificate /etc/ssl/private/star.kraut.space.combined.crt;
ssl_certificate_key /etc/ssl/private/star.kraut.space.key;
server_name kraut.space www.kraut.space;
access_log /var/log/nginx/kraut.space_access.log ano;
error_log /var/log/nginx/kraut.space_error.log;
add_header Public-Key-Pins 'pin-sha256="h1eF+0TRBTfD0ksblNkZnC3XQ8/w1tKDotkBiZcyThc="; pin-sha256="2r/gJIym/afOi0tM9pcbibG1b0uixXHzwInOT+KVKPE="; pin-sha256="LUZ6gnGnIWtu/uXeQMfEEBlP8J6azBxFhPct2qpGYYk="; max-age=1209600; includeSubDomains';
add_header Strict-Transport-Security max-age=15768000; # six months
if ($host = www.kraut.space) {
return 301 https://kraut.space$request_uri;
}
root /var/www/wiki.hackspace-jena.de;
# falls es mal (global) an sein sollte
autoindex off;
index doku.php;
client_max_body_size 15M;
client_body_buffer_size 128k;
location ^~ /.well-known/ { allow all; }
location = /robots.txt { log_not_found off; }
location = /favicon.ico { log_not_found off; }
location ~ /\. { deny all; }
location ~ ~$ { deny all; }
# versuche Datei zu finden, leite sonst an @dw weiter
location / {
try_files $uri $uri/ @dw;
}
# setze Header
location ~ ^/lib/.*\.(gif|png|ico|jpg|svg|ttf)$ {
expires 30d;
}
# versuche was passendes für die anfrage zu finden
location @dw {
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
rewrite ^/(.*) /doku.php?id=$1 last;
}
# führe PHP-Script aus
location ~ \.php$ {
include fastcgi_params;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
2016-05-26 23:05:38 +02:00
fastcgi_param SCRIPT_FILENAME $request_filename;
2016-05-21 13:47:21 +02:00
fastcgi_param HTTPS $php_https; # DW checks $_SERVER['HTTPS']
fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/php5-fpm.sock;
# entferne Header "X-Powered-By: PHP/5.4.40-1~dotdeb+wheezy.1"
fastcgi_hide_header "X-Powered-By";
}
# das ist mit absicht hier hinten!
# soll erst nach dokuwiki verarbeitung überprüft werden, nicht das einige Artikel nicht zu öffnen sind
location ~ /(data|conf|bin|inc)/ { deny all; }
### XMPP
# forward http-bind requests to the prosody instance
location /http-bind {
proxy_pass http://localhost:5280/http-bind;
proxy_buffering off;
tcp_nodelay on;
# add_header Access-Control-Allow-Origin *;
proxy_set_header Host anon.krautspace.de;
}
# forward xmpp registrations to prosody
location /xmpp/ {
index index.php;
# Idee für schönere umsetzung
# expires 7d;
# try_file $uri $uri/ /xmpp/index.php;
if (-f $request_filename) {
expires 7d;
break;
}
rewrite ^/xmpp/(.*) /xmpp/index.php last;
}
### CHAT
# setze Header
location ~* ^/chat/*.\.(js|css|json|map|gif|png|swf|mp3)$ {
expires 7d;
}
# sonstige anfragen an /chat/, versuche datei zu finden
location /chat/ {
# forward /chat/ to /chat/index.html as per request of qbi
index index.html;
try_files $uri $uri/ =404;
}
location ~* ^/chat2/*.\.(js|css|json|map|gif|png|swf|mp3)$ {
expires 7d;
}
location /chat2/ {
index index.html;
try_files $uri $uri/ =404;
}
}