commit 5e2487cecb9aeffa84f5ef47a299cefc0ae940db Author: root Date: Sat May 21 11:47:21 2016 +0000 first commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a91cc90 --- /dev/null +++ b/.gitignore @@ -0,0 +1,17 @@ +# Do _NOT_ add any certificates +certs/ +*.crt +*.cert +*.csr +*.pem +*.crt-bkp +*.key +# dont add symbolic links from sites-enabled +sites-enabled/ +# symbolic link to nginx moduldir /usr/lib/nginx/modules +modules +# emacy backup files +*~ +# dpkg foo +*.dpkg-old +*.old diff --git a/Readme.md b/Readme.md new file mode 100644 index 0000000..babfb0d --- /dev/null +++ b/Readme.md @@ -0,0 +1,9 @@ + +### our nginx version ### +# nginx -V +nginx version: nginx/1.10.0 +built by gcc 4.9.2 (Debian 4.9.2-10) +built with OpenSSL 1.0.1k 8 Jan 2015 +TLS SNI support enabled +configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --add-dynamic-module=debian/extra/njs-1c50334fbea6/nginx --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,--as-needed' + diff --git a/conf.d/gzip.conf b/conf.d/gzip.conf new file mode 100644 index 0000000..1af43b1 --- /dev/null +++ b/conf.d/gzip.conf @@ -0,0 +1,7 @@ + gzip on; + gzip_min_length 1100; + gzip_comp_level 6; + gzip_http_version 1.0; + gzip_proxied expired no-cache no-store private auth; + gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss application/xhtml+xml text/javascript image/svg+xml application/x-graphviz text/x-graphviz; + diff --git a/fastcgi_params b/fastcgi_params new file mode 100644 index 0000000..8c6e8bb --- /dev/null +++ b/fastcgi_params @@ -0,0 +1,29 @@ + +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; + +# ----- Add by Martin89 ----- +fastcgi_param SCRIPT_FILENAME $request_filename; + diff --git a/koi-utf b/koi-utf new file mode 100644 index 0000000..e7974ff --- /dev/null +++ b/koi-utf @@ -0,0 +1,109 @@ + +# This map is not a full koi8-r <> utf8 map: it does not contain +# box-drawing and some other characters. Besides this map contains +# several koi8-u and Byelorussian letters which are not in koi8-r. +# If you need a full and standard map, use contrib/unicode2nginx/koi-utf +# map instead. + +charset_map koi8-r utf-8 { + + 80 E282AC ; # euro + + 95 E280A2 ; # bullet + + 9A C2A0 ; #   + + 9E C2B7 ; # · + + A3 D191 ; # small yo + A4 D194 ; # small Ukrainian ye + + A6 D196 ; # small Ukrainian i + A7 D197 ; # small Ukrainian yi + + AD D291 ; # small Ukrainian soft g + AE D19E ; # small Byelorussian short u + + B0 C2B0 ; # ° + + B3 D081 ; # capital YO + B4 D084 ; # capital Ukrainian YE + + B6 D086 ; # capital Ukrainian I + B7 D087 ; # capital Ukrainian YI + + B9 E28496 ; # numero sign + + BD D290 ; # capital Ukrainian soft G + BE D18E ; # capital Byelorussian short U + + BF C2A9 ; # (C) + + C0 D18E ; # small yu + C1 D0B0 ; # small a + C2 D0B1 ; # small b + C3 D186 ; # small ts + C4 D0B4 ; # small d + C5 D0B5 ; # small ye + C6 D184 ; # small f + C7 D0B3 ; # small g + C8 D185 ; # small kh + C9 D0B8 ; # small i + CA D0B9 ; # small j + CB D0BA ; # small k + CC D0BB ; # small l + CD D0BC ; # small m + CE D0BD ; # small n + CF D0BE ; # small o + + D0 D0BF ; # small p + D1 D18F ; # small ya + D2 D180 ; # small r + D3 D181 ; # small s + D4 D182 ; # small t + D5 D183 ; # small u + D6 D0B6 ; # small zh + D7 D0B2 ; # small v + D8 D18C ; # small soft sign + D9 D18B ; # small y + DA D0B7 ; # small z + DB D188 ; # small sh + DC D18D ; # small e + DD D189 ; # small shch + DE D187 ; # small ch + DF D18A ; # small hard sign + + E0 D0AE ; # capital YU + E1 D090 ; # capital A + E2 D091 ; # capital B + E3 D0A6 ; # capital TS + E4 D094 ; # capital D + E5 D095 ; # capital YE + E6 D0A4 ; # capital F + E7 D093 ; # capital G + E8 D0A5 ; # capital KH + E9 D098 ; # capital I + EA D099 ; # capital J + EB D09A ; # capital K + EC D09B ; # capital L + ED D09C ; # capital M + EE D09D ; # capital N + EF D09E ; # capital O + + F0 D09F ; # capital P + F1 D0AF ; # capital YA + F2 D0A0 ; # capital R + F3 D0A1 ; # capital S + F4 D0A2 ; # capital T + F5 D0A3 ; # capital U + F6 D096 ; # capital ZH + F7 D092 ; # capital V + F8 D0AC ; # capital soft sign + F9 D0AB ; # capital Y + FA D097 ; # capital Z + FB D0A8 ; # capital SH + FC D0AD ; # capital E + FD D0A9 ; # capital SHCH + FE D0A7 ; # capital CH + FF D0AA ; # capital hard sign +} diff --git a/koi-win b/koi-win new file mode 100644 index 0000000..72afabe --- /dev/null +++ b/koi-win @@ -0,0 +1,103 @@ + +charset_map koi8-r windows-1251 { + + 80 88 ; # euro + + 95 95 ; # bullet + + 9A A0 ; #   + + 9E B7 ; # · + + A3 B8 ; # small yo + A4 BA ; # small Ukrainian ye + + A6 B3 ; # small Ukrainian i + A7 BF ; # small Ukrainian yi + + AD B4 ; # small Ukrainian soft g + AE A2 ; # small Byelorussian short u + + B0 B0 ; # ° + + B3 A8 ; # capital YO + B4 AA ; # capital Ukrainian YE + + B6 B2 ; # capital Ukrainian I + B7 AF ; # capital Ukrainian YI + + B9 B9 ; # numero sign + + BD A5 ; # capital Ukrainian soft G + BE A1 ; # capital Byelorussian short U + + BF A9 ; # (C) + + C0 FE ; # small yu + C1 E0 ; # small a + C2 E1 ; # small b + C3 F6 ; # small ts + C4 E4 ; # small d + C5 E5 ; # small ye + C6 F4 ; # small f + C7 E3 ; # small g + C8 F5 ; # small kh + C9 E8 ; # small i + CA E9 ; # small j + CB EA ; # small k + CC EB ; # small l + CD EC ; # small m + CE ED ; # small n + CF EE ; # small o + + D0 EF ; # small p + D1 FF ; # small ya + D2 F0 ; # small r + D3 F1 ; # small s + D4 F2 ; # small t + D5 F3 ; # small u + D6 E6 ; # small zh + D7 E2 ; # small v + D8 FC ; # small soft sign + D9 FB ; # small y + DA E7 ; # small z + DB F8 ; # small sh + DC FD ; # small e + DD F9 ; # small shch + DE F7 ; # small ch + DF FA ; # small hard sign + + E0 DE ; # capital YU + E1 C0 ; # capital A + E2 C1 ; # capital B + E3 D6 ; # capital TS + E4 C4 ; # capital D + E5 C5 ; # capital YE + E6 D4 ; # capital F + E7 C3 ; # capital G + E8 D5 ; # capital KH + E9 C8 ; # capital I + EA C9 ; # capital J + EB CA ; # capital K + EC CB ; # capital L + ED CC ; # capital M + EE CD ; # capital N + EF CE ; # capital O + + F0 CF ; # capital P + F1 DF ; # capital YA + F2 D0 ; # capital R + F3 D1 ; # capital S + F4 D2 ; # capital T + F5 D3 ; # capital U + F6 C6 ; # capital ZH + F7 C2 ; # capital V + F8 DC ; # capital soft sign + F9 DB ; # capital Y + FA C7 ; # capital Z + FB D8 ; # capital SH + FC DD ; # capital E + FD D9 ; # capital SHCH + FE D7 ; # capital CH + FF DA ; # capital hard sign +} diff --git a/mime.types b/mime.types new file mode 100644 index 0000000..89be9a4 --- /dev/null +++ b/mime.types @@ -0,0 +1,89 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + image/svg+xml svg svgz; + image/webp webp; + + application/font-woff woff; + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.wap.wmlc wmlc; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..e80e34f --- /dev/null +++ b/nginx.conf @@ -0,0 +1,76 @@ + +user www-data; +worker_processes 2; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # definiere mehrere Formate für logfiles + # Format main bindet gegen über dem Default http_x_forwarded_for, gzip_ratio, zeiten und pipe usw. + log_format main '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $bytes_sent ' + '"$http_referer" "$http_user_agent" "$http_x_forwarded_for" ' + '"$gzip_ratio" "$request_time" "$upstream_response_time" "$pipe"'; + + # das selbe Format nochmal nur mit ausgtauschter Fake IP + log_format ano '0.0.0.0 - $remote_user [$time_local] ' + '"$request" $status $bytes_sent ' + '"$http_referer" "$http_user_agent" "$http_x_forwarded_for" ' + '"$gzip_ratio" "$request_time" "$upstream_response_time" "$pipe"'; + + # dieses Format ist für revers-proxy gedacht um mehr informationen über den Cache Zustand bei der Anfrage zu erhalten + log_format cache '$time_local $upstream_cache_status ' + 'Cache-Control: $upstream_http_cache_control ' + 'Expires: $upstream_http_expires ' + '"$request" ($status) "$gzip_ratio" ' + '"$request_time" "$upstream_response_time" "$pipe"'; + + + access_log /var/log/nginx/access.log main; + + upstream ro01 { + server [2001:470:6c:655::2] weight=10; + server local.krautspace.de weight=1; + } + proxy_cache_path /var/lib/nginx/cache keys_zone=statusATro01:10m; + + + ssl_prefer_server_ciphers on; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive + ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES2\ +56:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-\ +SHA:CAMELLIA128-SHA:AES128-SHA'; + ssl_dhparam /etc/ssl/private/dhparams.pem; + + add_header Strict-Transport-Security max-age=15768000; # six months + ## Use a SSL/TLS cache for SSL session resume. + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + # setzt die Variable php_https abhängig davon ob es sich um eine https Verbindung handelt, ist für die Weitergabe an php + map $scheme $php_https { default off; https on; } + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + server_tokens off; + + # etag ist Ausgeschalten wegen erweiterter möglicher Tracking von Usern + etag off; + + # Hier lohnt sich auch ein Blick hinnein + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} diff --git a/scgi_params b/scgi_params new file mode 100644 index 0000000..6d4ce4f --- /dev/null +++ b/scgi_params @@ -0,0 +1,17 @@ + +scgi_param REQUEST_METHOD $request_method; +scgi_param REQUEST_URI $request_uri; +scgi_param QUERY_STRING $query_string; +scgi_param CONTENT_TYPE $content_type; + +scgi_param DOCUMENT_URI $document_uri; +scgi_param DOCUMENT_ROOT $document_root; +scgi_param SCGI 1; +scgi_param SERVER_PROTOCOL $server_protocol; +scgi_param REQUEST_SCHEME $scheme; +scgi_param HTTPS $https if_not_empty; + +scgi_param REMOTE_ADDR $remote_addr; +scgi_param REMOTE_PORT $remote_port; +scgi_param SERVER_PORT $server_port; +scgi_param SERVER_NAME $server_name; diff --git a/sites-available/default b/sites-available/default new file mode 100644 index 0000000..7a923e1 --- /dev/null +++ b/sites-available/default @@ -0,0 +1,11 @@ +server { + listen 0.0.0.0:80 default; + listen [2a01:4f8:151:51a3:176:9:184:3]:80 default; + + access_log /var/log/nginx/access.log ano; + error_log /var/log/nginx/error.log warn; + + location / { + return 404; + } +} diff --git a/sites-available/hackspace-jena.de b/sites-available/hackspace-jena.de new file mode 100644 index 0000000..214e089 --- /dev/null +++ b/sites-available/hackspace-jena.de @@ -0,0 +1,15 @@ +server { + listen 0.0.0.0:80; + listen [2a01:4f8:151:51a3:176:9:184:3]:80; + listen 0.0.0.0:443 ssl; + listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl; + ssl_certificate /etc/nginx/certs/www.krautspace.de.crt; + ssl_certificate_key /etc/nginx/certs/www.krautspace.de.key; + server_name www.hackspace-jena.de hackspace-jena.de; + + access_log /var/log/nginx/hackspace-jena.de_access.log ano; + error_log /var/log/nginx/hackspace-jena.de_error.log; + + # weiterleiten + rewrite ^ https://www.krautspace.de$request_uri permanent; +} diff --git a/sites-available/kraut.space.conf b/sites-available/kraut.space.conf new file mode 100644 index 0000000..4c07bd1 --- /dev/null +++ b/sites-available/kraut.space.conf @@ -0,0 +1,122 @@ +server { + listen 0.0.0.0:80 default; + listen [2a01:4f8:151:51a3:176:9:184:3]:80 default; + server_name www.kraut.space; + + access_log /var/log/nginx/www.krautspace.de_access.log ano; + error_log /var/log/nginx/www.krautspace.de_error.log; + + # weiterleiten + rewrite ^ https://$host$request_uri? permanent; +} + +server { + listen 0.0.0.0:443 ssl default; + listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl default; + ssl_certificate /etc/ssl/private/star.kraut.space.combined.crt; + ssl_certificate_key /etc/ssl/private/star.kraut.space.key; + server_name kraut.space www.kraut.space; + + access_log /var/log/nginx/kraut.space_access.log ano; + error_log /var/log/nginx/kraut.space_error.log; + + add_header Public-Key-Pins 'pin-sha256="h1eF+0TRBTfD0ksblNkZnC3XQ8/w1tKDotkBiZcyThc="; pin-sha256="2r/gJIym/afOi0tM9pcbibG1b0uixXHzwInOT+KVKPE="; pin-sha256="LUZ6gnGnIWtu/uXeQMfEEBlP8J6azBxFhPct2qpGYYk="; max-age=1209600; includeSubDomains'; + + add_header Strict-Transport-Security max-age=15768000; # six months + + if ($host = www.kraut.space) { + return 301 https://kraut.space$request_uri; + } + + root /var/www/wiki.hackspace-jena.de; + + # falls es mal (global) an sein sollte + autoindex off; + index doku.php; + client_max_body_size 15M; + client_body_buffer_size 128k; + + location ^~ /.well-known/ { allow all; } + location = /robots.txt { log_not_found off; } + location = /favicon.ico { log_not_found off; } + location ~ /\. { deny all; } + location ~ ~$ { deny all; } + + # versuche Datei zu finden, leite sonst an @dw weiter + location / { + try_files $uri $uri/ @dw; + } + + # setze Header + location ~ ^/lib/.*\.(gif|png|ico|jpg|svg|ttf)$ { + expires 30d; + } + + # versuche was passendes für die anfrage zu finden + location @dw { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + # führe PHP-Script aus + location ~ \.php$ { + include fastcgi_params; + fastcgi_buffers 16 16k; + fastcgi_buffer_size 32k; + fastcgi_param HTTPS $php_https; # DW checks $_SERVER['HTTPS'] + fastcgi_intercept_errors on; + fastcgi_pass unix:/var/run/php5-fpm.sock; + # entferne Header "X-Powered-By: PHP/5.4.40-1~dotdeb+wheezy.1" + fastcgi_hide_header "X-Powered-By"; + } + + # das ist mit absicht hier hinten! + # soll erst nach dokuwiki verarbeitung überprüft werden, nicht das einige Artikel nicht zu öffnen sind + location ~ /(data|conf|bin|inc)/ { deny all; } + + ### XMPP + # forward http-bind requests to the prosody instance + location /http-bind { + proxy_pass http://localhost:5280/http-bind; + proxy_buffering off; + tcp_nodelay on; + # add_header Access-Control-Allow-Origin *; + proxy_set_header Host anon.krautspace.de; + } + + # forward xmpp registrations to prosody + location /xmpp/ { + index index.php; +# Idee für schönere umsetzung +# expires 7d; +# try_file $uri $uri/ /xmpp/index.php; + if (-f $request_filename) { + expires 7d; + break; + } + rewrite ^/xmpp/(.*) /xmpp/index.php last; + } + + ### CHAT + # setze Header + location ~* ^/chat/*.\.(js|css|json|map|gif|png|swf|mp3)$ { + expires 7d; + } + # sonstige anfragen an /chat/, versuche datei zu finden + location /chat/ { + # forward /chat/ to /chat/index.html as per request of qbi + index index.html; + try_files $uri $uri/ =404; + } + + location ~* ^/chat2/*.\.(js|css|json|map|gif|png|swf|mp3)$ { + expires 7d; + } + + location /chat2/ { + index index.html; + try_files $uri $uri/ =404; + } +} diff --git a/sites-available/krautspace.de b/sites-available/krautspace.de new file mode 100644 index 0000000..cebb3e9 --- /dev/null +++ b/sites-available/krautspace.de @@ -0,0 +1,15 @@ +server { + listen 0.0.0.0:80; + listen [2a01:4f8:151:51a3:176:9:184:3]:80; + listen 0.0.0.0:443 ssl; + listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl; + ssl_certificate /etc/ssl/private/star.krautspace.de.combined.crt; + ssl_certificate_key /etc/ssl/private/star.krautspace.de.key; + server_name krautspace.de; + + access_log /var/log/nginx/krautspace.de_access.log ano; + error_log /var/log/nginx/krautspace.de_error.log; + + # weiterleiten + rewrite ^ https://www.krautspace.de$request_uri permanent; +} diff --git a/sites-available/lpd.kraut.space.conf b/sites-available/lpd.kraut.space.conf new file mode 100644 index 0000000..c26ba98 --- /dev/null +++ b/sites-available/lpd.kraut.space.conf @@ -0,0 +1,17 @@ +server { + listen 0.0.0.0:80; + listen [2a01:4f8:151:51a3:176:9:184:3]:80; + listen 0.0.0.0:443 ssl; + listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl; + ssl_certificate /etc/ssl/private/star.kraut.space.combined.crt; + ssl_certificate_key /etc/ssl/private/star.kraut.space.key; + server_name lpd.kraut.space; + + access_log /var/log/nginx/kraut.space_access.log ano; + error_log /var/log/nginx/kraut.space_error.log; + + add_header Public-Key-Pins 'pin-sha256="h1eF+0TRBTfD0ksblNkZnC3XQ8/w1tKDotkBiZcyThc="; pin-sha256="LUZ6gnGnIWtu/uXeQMfEEBlP8J6azBxFhPct2qpGYYk="; max-age=1209600; includeSubDomains'; + + # weiterleiten + rewrite ^ https://kraut.space/hswiki:termine:regelmaessige:linux-presentation-day:start permanent; +} diff --git a/sites-available/media.hackspace-jena.de b/sites-available/media.hackspace-jena.de new file mode 100644 index 0000000..f140b03 --- /dev/null +++ b/sites-available/media.hackspace-jena.de @@ -0,0 +1,14 @@ +server { + listen 0.0.0.0:80; + listen [2a01:4f8:151:51a3:176:9:184:3]:80; + listen 0.0.0.0:443 ssl; + listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl; + ssl_certificate /etc/nginx/certs/www.krautspace.de.crt; + ssl_certificate_key /etc/nginx/certs/www.krautspace.de.key; + server_name media.hackspace-jena.de; + + access_log /var/log/nginx/media.hackspace-jena.de_access.log ano; + error_log /var/log/nginx/media.hackspace-jena.de_error.log; + + rewrite ^ https://media.krautspace.de$request_uri permanent; +} diff --git a/sites-available/media.krautspace.de b/sites-available/media.krautspace.de new file mode 100644 index 0000000..728bbd1 --- /dev/null +++ b/sites-available/media.krautspace.de @@ -0,0 +1,29 @@ +server { + listen 0.0.0.0:80; + listen [2a01:4f8:151:51a3:176:9:184:3]:80; + server_name media.krautspace.de; + access_log /var/log/nginx/media.krautspace.de_access.log ano; + error_log /var/log/nginx/media.krautspace.de_error.log; + rewrite ^ https://$host$request_uri permanent; +} + +server { + listen 0.0.0.0:443 ssl; + listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl; + ssl_certificate /etc/ssl/private/star.krautspace.de.combined.crt; + ssl_certificate_key /etc/ssl/private/star.krautspace.de.key; + server_name media.krautspace.de; + + access_log /var/log/nginx/media.krautspace.de_access.log ano; + error_log /var/log/nginx/media.krautspace.de_error.log; + + root /var/www/media.hackspace-jena.de; + charset utf-8; + + location = /favicon.ico { log_not_found off; } + location = /robots.txt { log_not_found off; } + + location / { + autoindex on; + } +} diff --git a/sites-available/status.hackspace-jena.de b/sites-available/status.hackspace-jena.de new file mode 100644 index 0000000..575dd93 --- /dev/null +++ b/sites-available/status.hackspace-jena.de @@ -0,0 +1,14 @@ +server { + listen 0.0.0.0:80; + listen 0.0.0.0:443 ssl; + listen [2a01:4f8:151:51a3:176:9:184:3]:80; + listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl; + ssl_certificate /etc/nginx/certs/www.krautspace.de.crt; + ssl_certificate_key /etc/nginx/certs/www.krautspace.de.key; + server_name status.hackspace-jena.de; + + access_log /var/log/nginx/status.hackspace-jena.de_access.log ano; + error_log /var/log/nginx/status.hackspace-jena.de_error.log; + + rewrite ^ https://status.krautspace.de$request_uri permanent; +} diff --git a/sites-available/status.krautspace.de b/sites-available/status.krautspace.de new file mode 100644 index 0000000..c323ddb --- /dev/null +++ b/sites-available/status.krautspace.de @@ -0,0 +1,47 @@ +server { + listen 0.0.0.0:80; + listen 0.0.0.0:443 ssl; + listen [2a01:4f8:151:51a3:176:9:184:3]:80; + listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl; + ssl_certificate /etc/ssl/private/star.krautspace.de.combined.crt; + ssl_certificate_key /etc/ssl/private/star.krautspace.de.key; + server_name status.krautspace.de status.kraut.space; + + access_log /var/log/nginx/status.krautspace.de_access.log ano; + error_log /var/log/nginx/status.krautspace.de_error.log; + + root /var/www/status.hackspace-jena.de; + autoindex on; + + # für alles das mit "/api" begint /api ausliefern und paar Heder setzen + location ^~ /api { + gzip_min_length 500; # hier mal senken damit kompremiert wird + default_type application/json; + add_header Cache-Control no-cache; + add_header Access-Control-Allow-Origin *; + try_files /api =404; + } + + # für png Bilder in src und images Header setzen + location ^~ /images/ { + expires 30d; + } + + # für /status/button/ revers-Proxy nutzen + location /status/button/ { + keepalive_timeout 0; + chunked_transfer_encoding off; + # leite Anfrage an router.krautspace.de (ro01) weiter + proxy_pass http://ro01/status/; + proxy_connect_timeout 10s; + proxy_cache_valid 200 15s; + proxy_cache_valid any 5s; + proxy_cache statusATro01; + proxy_ignore_client_abort on; # damit Cache aktualisiert wird + } + + # jede sonstige Anfrage + location / { + try_files $uri $uri/ =404; + } +} diff --git a/sites-available/wiki.hackspace-jena.de b/sites-available/wiki.hackspace-jena.de new file mode 100644 index 0000000..e50b8c3 --- /dev/null +++ b/sites-available/wiki.hackspace-jena.de @@ -0,0 +1,22 @@ +server { + listen 0.0.0.0:80; + listen [2a01:4f8:151:51a3:176:9:184:3]:80; + listen 0.0.0.0:443 ssl; + listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl; + ssl_certificate /etc/nginx/certs/www.krautspace.de.crt; + ssl_certificate_key /etc/nginx/certs/www.krautspace.de.key; + server_name wiki.hackspace-jena.de; + + access_log /var/log/nginx/wiki.hackspace-jena.de_access.log ano; + error_log /var/log/nginx/wiki.hackspace-jena.de_error.log; + index index.html; + # wenn nichts angegeben ist + location = / { + rewrite ^ https://www.krautspace.de/hswiki:start permanent; + } + + # alles andere + location / { + rewrite ^ https://www.krautspace.de$request_uri permanent; + } +} diff --git a/sites-available/www.krautspace.de b/sites-available/www.krautspace.de new file mode 100644 index 0000000..d459cf2 --- /dev/null +++ b/sites-available/www.krautspace.de @@ -0,0 +1,25 @@ +server { + listen 0.0.0.0:80; + listen [2a01:4f8:151:51a3:176:9:184:3]:80; + server_name www.krautspace.de; + + access_log /var/log/nginx/www.krautspace.de_access.log ano; + error_log /var/log/nginx/www.krautspace.de_error.log; + + # weiterleiten + rewrite ^ https://$host$request_uri? permanent; +} + +server { + listen 0.0.0.0:443 ssl; + listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl; + ssl_certificate /etc/ssl/private/star.krautspace.de.combined.crt; + ssl_certificate_key /etc/ssl/private/star.krautspace.de.key; + server_name www.krautspace.de; + + # weiterleiten + rewrite ^ https://kraut.space$request_uri permanent; + + add_header Public-Key-Pins 'pin-sha256="IwnHI5F3Ynnwa2dWAs48o8shoaHiqshUDT/CV+qankk="; max-age=1209600; includeSubDomains'; + +} diff --git a/uwsgi_params b/uwsgi_params new file mode 100644 index 0000000..09c732c --- /dev/null +++ b/uwsgi_params @@ -0,0 +1,17 @@ + +uwsgi_param QUERY_STRING $query_string; +uwsgi_param REQUEST_METHOD $request_method; +uwsgi_param CONTENT_TYPE $content_type; +uwsgi_param CONTENT_LENGTH $content_length; + +uwsgi_param REQUEST_URI $request_uri; +uwsgi_param PATH_INFO $document_uri; +uwsgi_param DOCUMENT_ROOT $document_root; +uwsgi_param SERVER_PROTOCOL $server_protocol; +uwsgi_param REQUEST_SCHEME $scheme; +uwsgi_param HTTPS $https if_not_empty; + +uwsgi_param REMOTE_ADDR $remote_addr; +uwsgi_param REMOTE_PORT $remote_port; +uwsgi_param SERVER_PORT $server_port; +uwsgi_param SERVER_NAME $server_name; diff --git a/win-utf b/win-utf new file mode 100644 index 0000000..ed8bc00 --- /dev/null +++ b/win-utf @@ -0,0 +1,126 @@ + +# This map is not a full windows-1251 <> utf8 map: it does not +# contain Serbian and Macedonian letters. If you need a full map, +# use contrib/unicode2nginx/win-utf map instead. + +charset_map windows-1251 utf-8 { + + 82 E2809A ; # single low-9 quotation mark + + 84 E2809E ; # double low-9 quotation mark + 85 E280A6 ; # ellipsis + 86 E280A0 ; # dagger + 87 E280A1 ; # double dagger + 88 E282AC ; # euro + 89 E280B0 ; # per mille + + 91 E28098 ; # left single quotation mark + 92 E28099 ; # right single quotation mark + 93 E2809C ; # left double quotation mark + 94 E2809D ; # right double quotation mark + 95 E280A2 ; # bullet + 96 E28093 ; # en dash + 97 E28094 ; # em dash + + 99 E284A2 ; # trade mark sign + + A0 C2A0 ; #   + A1 D18E ; # capital Byelorussian short U + A2 D19E ; # small Byelorussian short u + + A4 C2A4 ; # currency sign + A5 D290 ; # capital Ukrainian soft G + A6 C2A6 ; # borken bar + A7 C2A7 ; # section sign + A8 D081 ; # capital YO + A9 C2A9 ; # (C) + AA D084 ; # capital Ukrainian YE + AB C2AB ; # left-pointing double angle quotation mark + AC C2AC ; # not sign + AD C2AD ; # soft hypen + AE C2AE ; # (R) + AF D087 ; # capital Ukrainian YI + + B0 C2B0 ; # ° + B1 C2B1 ; # plus-minus sign + B2 D086 ; # capital Ukrainian I + B3 D196 ; # small Ukrainian i + B4 D291 ; # small Ukrainian soft g + B5 C2B5 ; # micro sign + B6 C2B6 ; # pilcrow sign + B7 C2B7 ; # · + B8 D191 ; # small yo + B9 E28496 ; # numero sign + BA D194 ; # small Ukrainian ye + BB C2BB ; # right-pointing double angle quotation mark + + BF D197 ; # small Ukrainian yi + + C0 D090 ; # capital A + C1 D091 ; # capital B + C2 D092 ; # capital V + C3 D093 ; # capital G + C4 D094 ; # capital D + C5 D095 ; # capital YE + C6 D096 ; # capital ZH + C7 D097 ; # capital Z + C8 D098 ; # capital I + C9 D099 ; # capital J + CA D09A ; # capital K + CB D09B ; # capital L + CC D09C ; # capital M + CD D09D ; # capital N + CE D09E ; # capital O + CF D09F ; # capital P + + D0 D0A0 ; # capital R + D1 D0A1 ; # capital S + D2 D0A2 ; # capital T + D3 D0A3 ; # capital U + D4 D0A4 ; # capital F + D5 D0A5 ; # capital KH + D6 D0A6 ; # capital TS + D7 D0A7 ; # capital CH + D8 D0A8 ; # capital SH + D9 D0A9 ; # capital SHCH + DA D0AA ; # capital hard sign + DB D0AB ; # capital Y + DC D0AC ; # capital soft sign + DD D0AD ; # capital E + DE D0AE ; # capital YU + DF D0AF ; # capital YA + + E0 D0B0 ; # small a + E1 D0B1 ; # small b + E2 D0B2 ; # small v + E3 D0B3 ; # small g + E4 D0B4 ; # small d + E5 D0B5 ; # small ye + E6 D0B6 ; # small zh + E7 D0B7 ; # small z + E8 D0B8 ; # small i + E9 D0B9 ; # small j + EA D0BA ; # small k + EB D0BB ; # small l + EC D0BC ; # small m + ED D0BD ; # small n + EE D0BE ; # small o + EF D0BF ; # small p + + F0 D180 ; # small r + F1 D181 ; # small s + F2 D182 ; # small t + F3 D183 ; # small u + F4 D184 ; # small f + F5 D185 ; # small kh + F6 D186 ; # small ts + F7 D187 ; # small ch + F8 D188 ; # small sh + F9 D189 ; # small shch + FA D18A ; # small hard sign + FB D18B ; # small y + FC D18C ; # small soft sign + FD D18D ; # small e + FE D18E ; # small yu + FF D18F ; # small ya +}