first commit
This commit is contained in:
root
commit
5e2487cecb
22 changed files with 930 additions and 0 deletions
11
sites-available/default
Normal file
11
sites-available/default
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
server {
|
||||
listen 0.0.0.0:80 default;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:80 default;
|
||||
|
||||
access_log /var/log/nginx/access.log ano;
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
|
||||
location / {
|
||||
return 404;
|
||||
}
|
||||
}
|
||||
15
sites-available/hackspace-jena.de
Normal file
15
sites-available/hackspace-jena.de
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
server {
|
||||
listen 0.0.0.0:80;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:80;
|
||||
listen 0.0.0.0:443 ssl;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl;
|
||||
ssl_certificate /etc/nginx/certs/www.krautspace.de.crt;
|
||||
ssl_certificate_key /etc/nginx/certs/www.krautspace.de.key;
|
||||
server_name www.hackspace-jena.de hackspace-jena.de;
|
||||
|
||||
access_log /var/log/nginx/hackspace-jena.de_access.log ano;
|
||||
error_log /var/log/nginx/hackspace-jena.de_error.log;
|
||||
|
||||
# weiterleiten
|
||||
rewrite ^ https://www.krautspace.de$request_uri permanent;
|
||||
}
|
||||
122
sites-available/kraut.space.conf
Normal file
122
sites-available/kraut.space.conf
Normal file
|
|
@ -0,0 +1,122 @@
|
|||
server {
|
||||
listen 0.0.0.0:80 default;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:80 default;
|
||||
server_name www.kraut.space;
|
||||
|
||||
access_log /var/log/nginx/www.krautspace.de_access.log ano;
|
||||
error_log /var/log/nginx/www.krautspace.de_error.log;
|
||||
|
||||
# weiterleiten
|
||||
rewrite ^ https://$host$request_uri? permanent;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 0.0.0.0:443 ssl default;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl default;
|
||||
ssl_certificate /etc/ssl/private/star.kraut.space.combined.crt;
|
||||
ssl_certificate_key /etc/ssl/private/star.kraut.space.key;
|
||||
server_name kraut.space www.kraut.space;
|
||||
|
||||
access_log /var/log/nginx/kraut.space_access.log ano;
|
||||
error_log /var/log/nginx/kraut.space_error.log;
|
||||
|
||||
add_header Public-Key-Pins 'pin-sha256="h1eF+0TRBTfD0ksblNkZnC3XQ8/w1tKDotkBiZcyThc="; pin-sha256="2r/gJIym/afOi0tM9pcbibG1b0uixXHzwInOT+KVKPE="; pin-sha256="LUZ6gnGnIWtu/uXeQMfEEBlP8J6azBxFhPct2qpGYYk="; max-age=1209600; includeSubDomains';
|
||||
|
||||
add_header Strict-Transport-Security max-age=15768000; # six months
|
||||
|
||||
if ($host = www.kraut.space) {
|
||||
return 301 https://kraut.space$request_uri;
|
||||
}
|
||||
|
||||
root /var/www/wiki.hackspace-jena.de;
|
||||
|
||||
# falls es mal (global) an sein sollte
|
||||
autoindex off;
|
||||
index doku.php;
|
||||
client_max_body_size 15M;
|
||||
client_body_buffer_size 128k;
|
||||
|
||||
location ^~ /.well-known/ { allow all; }
|
||||
location = /robots.txt { log_not_found off; }
|
||||
location = /favicon.ico { log_not_found off; }
|
||||
location ~ /\. { deny all; }
|
||||
location ~ ~$ { deny all; }
|
||||
|
||||
# versuche Datei zu finden, leite sonst an @dw weiter
|
||||
location / {
|
||||
try_files $uri $uri/ @dw;
|
||||
}
|
||||
|
||||
# setze Header
|
||||
location ~ ^/lib/.*\.(gif|png|ico|jpg|svg|ttf)$ {
|
||||
expires 30d;
|
||||
}
|
||||
|
||||
# versuche was passendes für die anfrage zu finden
|
||||
location @dw {
|
||||
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
|
||||
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
|
||||
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
|
||||
rewrite ^/(.*) /doku.php?id=$1 last;
|
||||
}
|
||||
|
||||
# führe PHP-Script aus
|
||||
location ~ \.php$ {
|
||||
include fastcgi_params;
|
||||
fastcgi_buffers 16 16k;
|
||||
fastcgi_buffer_size 32k;
|
||||
fastcgi_param HTTPS $php_https; # DW checks $_SERVER['HTTPS']
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_pass unix:/var/run/php5-fpm.sock;
|
||||
# entferne Header "X-Powered-By: PHP/5.4.40-1~dotdeb+wheezy.1"
|
||||
fastcgi_hide_header "X-Powered-By";
|
||||
}
|
||||
|
||||
# das ist mit absicht hier hinten!
|
||||
# soll erst nach dokuwiki verarbeitung überprüft werden, nicht das einige Artikel nicht zu öffnen sind
|
||||
location ~ /(data|conf|bin|inc)/ { deny all; }
|
||||
|
||||
### XMPP
|
||||
# forward http-bind requests to the prosody instance
|
||||
location /http-bind {
|
||||
proxy_pass http://localhost:5280/http-bind;
|
||||
proxy_buffering off;
|
||||
tcp_nodelay on;
|
||||
# add_header Access-Control-Allow-Origin *;
|
||||
proxy_set_header Host anon.krautspace.de;
|
||||
}
|
||||
|
||||
# forward xmpp registrations to prosody
|
||||
location /xmpp/ {
|
||||
index index.php;
|
||||
# Idee für schönere umsetzung
|
||||
# expires 7d;
|
||||
# try_file $uri $uri/ /xmpp/index.php;
|
||||
if (-f $request_filename) {
|
||||
expires 7d;
|
||||
break;
|
||||
}
|
||||
rewrite ^/xmpp/(.*) /xmpp/index.php last;
|
||||
}
|
||||
|
||||
### CHAT
|
||||
# setze Header
|
||||
location ~* ^/chat/*.\.(js|css|json|map|gif|png|swf|mp3)$ {
|
||||
expires 7d;
|
||||
}
|
||||
# sonstige anfragen an /chat/, versuche datei zu finden
|
||||
location /chat/ {
|
||||
# forward /chat/ to /chat/index.html as per request of qbi
|
||||
index index.html;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location ~* ^/chat2/*.\.(js|css|json|map|gif|png|swf|mp3)$ {
|
||||
expires 7d;
|
||||
}
|
||||
|
||||
location /chat2/ {
|
||||
index index.html;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
||||
15
sites-available/krautspace.de
Normal file
15
sites-available/krautspace.de
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
server {
|
||||
listen 0.0.0.0:80;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:80;
|
||||
listen 0.0.0.0:443 ssl;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl;
|
||||
ssl_certificate /etc/ssl/private/star.krautspace.de.combined.crt;
|
||||
ssl_certificate_key /etc/ssl/private/star.krautspace.de.key;
|
||||
server_name krautspace.de;
|
||||
|
||||
access_log /var/log/nginx/krautspace.de_access.log ano;
|
||||
error_log /var/log/nginx/krautspace.de_error.log;
|
||||
|
||||
# weiterleiten
|
||||
rewrite ^ https://www.krautspace.de$request_uri permanent;
|
||||
}
|
||||
17
sites-available/lpd.kraut.space.conf
Normal file
17
sites-available/lpd.kraut.space.conf
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
server {
|
||||
listen 0.0.0.0:80;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:80;
|
||||
listen 0.0.0.0:443 ssl;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl;
|
||||
ssl_certificate /etc/ssl/private/star.kraut.space.combined.crt;
|
||||
ssl_certificate_key /etc/ssl/private/star.kraut.space.key;
|
||||
server_name lpd.kraut.space;
|
||||
|
||||
access_log /var/log/nginx/kraut.space_access.log ano;
|
||||
error_log /var/log/nginx/kraut.space_error.log;
|
||||
|
||||
add_header Public-Key-Pins 'pin-sha256="h1eF+0TRBTfD0ksblNkZnC3XQ8/w1tKDotkBiZcyThc="; pin-sha256="LUZ6gnGnIWtu/uXeQMfEEBlP8J6azBxFhPct2qpGYYk="; max-age=1209600; includeSubDomains';
|
||||
|
||||
# weiterleiten
|
||||
rewrite ^ https://kraut.space/hswiki:termine:regelmaessige:linux-presentation-day:start permanent;
|
||||
}
|
||||
14
sites-available/media.hackspace-jena.de
Normal file
14
sites-available/media.hackspace-jena.de
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
server {
|
||||
listen 0.0.0.0:80;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:80;
|
||||
listen 0.0.0.0:443 ssl;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl;
|
||||
ssl_certificate /etc/nginx/certs/www.krautspace.de.crt;
|
||||
ssl_certificate_key /etc/nginx/certs/www.krautspace.de.key;
|
||||
server_name media.hackspace-jena.de;
|
||||
|
||||
access_log /var/log/nginx/media.hackspace-jena.de_access.log ano;
|
||||
error_log /var/log/nginx/media.hackspace-jena.de_error.log;
|
||||
|
||||
rewrite ^ https://media.krautspace.de$request_uri permanent;
|
||||
}
|
||||
29
sites-available/media.krautspace.de
Normal file
29
sites-available/media.krautspace.de
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
server {
|
||||
listen 0.0.0.0:80;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:80;
|
||||
server_name media.krautspace.de;
|
||||
access_log /var/log/nginx/media.krautspace.de_access.log ano;
|
||||
error_log /var/log/nginx/media.krautspace.de_error.log;
|
||||
rewrite ^ https://$host$request_uri permanent;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 0.0.0.0:443 ssl;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl;
|
||||
ssl_certificate /etc/ssl/private/star.krautspace.de.combined.crt;
|
||||
ssl_certificate_key /etc/ssl/private/star.krautspace.de.key;
|
||||
server_name media.krautspace.de;
|
||||
|
||||
access_log /var/log/nginx/media.krautspace.de_access.log ano;
|
||||
error_log /var/log/nginx/media.krautspace.de_error.log;
|
||||
|
||||
root /var/www/media.hackspace-jena.de;
|
||||
charset utf-8;
|
||||
|
||||
location = /favicon.ico { log_not_found off; }
|
||||
location = /robots.txt { log_not_found off; }
|
||||
|
||||
location / {
|
||||
autoindex on;
|
||||
}
|
||||
}
|
||||
14
sites-available/status.hackspace-jena.de
Normal file
14
sites-available/status.hackspace-jena.de
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
server {
|
||||
listen 0.0.0.0:80;
|
||||
listen 0.0.0.0:443 ssl;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:80;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl;
|
||||
ssl_certificate /etc/nginx/certs/www.krautspace.de.crt;
|
||||
ssl_certificate_key /etc/nginx/certs/www.krautspace.de.key;
|
||||
server_name status.hackspace-jena.de;
|
||||
|
||||
access_log /var/log/nginx/status.hackspace-jena.de_access.log ano;
|
||||
error_log /var/log/nginx/status.hackspace-jena.de_error.log;
|
||||
|
||||
rewrite ^ https://status.krautspace.de$request_uri permanent;
|
||||
}
|
||||
47
sites-available/status.krautspace.de
Normal file
47
sites-available/status.krautspace.de
Normal file
|
|
@ -0,0 +1,47 @@
|
|||
server {
|
||||
listen 0.0.0.0:80;
|
||||
listen 0.0.0.0:443 ssl;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:80;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl;
|
||||
ssl_certificate /etc/ssl/private/star.krautspace.de.combined.crt;
|
||||
ssl_certificate_key /etc/ssl/private/star.krautspace.de.key;
|
||||
server_name status.krautspace.de status.kraut.space;
|
||||
|
||||
access_log /var/log/nginx/status.krautspace.de_access.log ano;
|
||||
error_log /var/log/nginx/status.krautspace.de_error.log;
|
||||
|
||||
root /var/www/status.hackspace-jena.de;
|
||||
autoindex on;
|
||||
|
||||
# für alles das mit "/api" begint /api ausliefern und paar Heder setzen
|
||||
location ^~ /api {
|
||||
gzip_min_length 500; # hier mal senken damit kompremiert wird
|
||||
default_type application/json;
|
||||
add_header Cache-Control no-cache;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
try_files /api =404;
|
||||
}
|
||||
|
||||
# für png Bilder in src und images Header setzen
|
||||
location ^~ /images/ {
|
||||
expires 30d;
|
||||
}
|
||||
|
||||
# für /status/button/ revers-Proxy nutzen
|
||||
location /status/button/ {
|
||||
keepalive_timeout 0;
|
||||
chunked_transfer_encoding off;
|
||||
# leite Anfrage an router.krautspace.de (ro01) weiter
|
||||
proxy_pass http://ro01/status/;
|
||||
proxy_connect_timeout 10s;
|
||||
proxy_cache_valid 200 15s;
|
||||
proxy_cache_valid any 5s;
|
||||
proxy_cache statusATro01;
|
||||
proxy_ignore_client_abort on; # damit Cache aktualisiert wird
|
||||
}
|
||||
|
||||
# jede sonstige Anfrage
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
||||
22
sites-available/wiki.hackspace-jena.de
Normal file
22
sites-available/wiki.hackspace-jena.de
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
server {
|
||||
listen 0.0.0.0:80;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:80;
|
||||
listen 0.0.0.0:443 ssl;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl;
|
||||
ssl_certificate /etc/nginx/certs/www.krautspace.de.crt;
|
||||
ssl_certificate_key /etc/nginx/certs/www.krautspace.de.key;
|
||||
server_name wiki.hackspace-jena.de;
|
||||
|
||||
access_log /var/log/nginx/wiki.hackspace-jena.de_access.log ano;
|
||||
error_log /var/log/nginx/wiki.hackspace-jena.de_error.log;
|
||||
index index.html;
|
||||
# wenn nichts angegeben ist
|
||||
location = / {
|
||||
rewrite ^ https://www.krautspace.de/hswiki:start permanent;
|
||||
}
|
||||
|
||||
# alles andere
|
||||
location / {
|
||||
rewrite ^ https://www.krautspace.de$request_uri permanent;
|
||||
}
|
||||
}
|
||||
25
sites-available/www.krautspace.de
Normal file
25
sites-available/www.krautspace.de
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
server {
|
||||
listen 0.0.0.0:80;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:80;
|
||||
server_name www.krautspace.de;
|
||||
|
||||
access_log /var/log/nginx/www.krautspace.de_access.log ano;
|
||||
error_log /var/log/nginx/www.krautspace.de_error.log;
|
||||
|
||||
# weiterleiten
|
||||
rewrite ^ https://$host$request_uri? permanent;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 0.0.0.0:443 ssl;
|
||||
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl;
|
||||
ssl_certificate /etc/ssl/private/star.krautspace.de.combined.crt;
|
||||
ssl_certificate_key /etc/ssl/private/star.krautspace.de.key;
|
||||
server_name www.krautspace.de;
|
||||
|
||||
# weiterleiten
|
||||
rewrite ^ https://kraut.space$request_uri permanent;
|
||||
|
||||
add_header Public-Key-Pins 'pin-sha256="IwnHI5F3Ynnwa2dWAs48o8shoaHiqshUDT/CV+qankk="; max-age=1209600; includeSubDomains';
|
||||
|
||||
}
|
||||
Reference in a new issue