Krautspace/nginx-config
Archived
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

first commit

Browse source
This commit is contained in:
root 2016-05-21 11:47:21 +00:00
commit 5e2487cecb
22 changed files with 930 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
.gitignore vendored Normal file
View file

@ -0,0 +1,17 @@
# Do _NOT_ add any certificates
certs/
*.crt
*.cert
*.csr
*.pem
*.crt-bkp
*.key
# dont add symbolic links from sites-enabled
sites-enabled/
# symbolic link to nginx moduldir /usr/lib/nginx/modules
modules
# emacy backup files
*~
# dpkg foo
*.dpkg-old
*.old

9
Readme.md Normal file
View file

@ -0,0 +1,9 @@
### our nginx version ###
# nginx -V
nginx version: nginx/1.10.0
built by gcc 4.9.2 (Debian 4.9.2-10)
built with OpenSSL 1.0.1k 8 Jan 2015
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --add-dynamic-module=debian/extra/njs-1c50334fbea6/nginx --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,--as-needed'

7
conf.d/gzip.conf Normal file
View file

@ -0,0 +1,7 @@
gzip on;
gzip_min_length 1100;
gzip_comp_level 6;
gzip_http_version 1.0;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss application/xhtml+xml text/javascript image/svg+xml application/x-graphviz text/x-graphviz;

29
fastcgi_params Normal file
View file

@ -0,0 +1,29 @@
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
# ----- Add by Martin89 -----
fastcgi_param SCRIPT_FILENAME $request_filename;

109
koi-utf Normal file
View file

@ -0,0 +1,109 @@
# This map is not a full koi8-r <> utf8 map: it does not contain
# box-drawing and some other characters. Besides this map contains
# several koi8-u and Byelorussian letters which are not in koi8-r.
# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
# map instead.
charset_map koi8-r utf-8 {
80 E282AC ; # euro
95 E280A2 ; # bullet
9A C2A0 ; # &nbsp;
9E C2B7 ; # &middot;
A3 D191 ; # small yo
A4 D194 ; # small Ukrainian ye
A6 D196 ; # small Ukrainian i
A7 D197 ; # small Ukrainian yi
AD D291 ; # small Ukrainian soft g
AE D19E ; # small Byelorussian short u
B0 C2B0 ; # &deg;
B3 D081 ; # capital YO
B4 D084 ; # capital Ukrainian YE
B6 D086 ; # capital Ukrainian I
B7 D087 ; # capital Ukrainian YI
B9 E28496 ; # numero sign
BD D290 ; # capital Ukrainian soft G
BE D18E ; # capital Byelorussian short U
BF C2A9 ; # (C)
C0 D18E ; # small yu
C1 D0B0 ; # small a
C2 D0B1 ; # small b
C3 D186 ; # small ts
C4 D0B4 ; # small d
C5 D0B5 ; # small ye
C6 D184 ; # small f
C7 D0B3 ; # small g
C8 D185 ; # small kh
C9 D0B8 ; # small i
CA D0B9 ; # small j
CB D0BA ; # small k
CC D0BB ; # small l
CD D0BC ; # small m
CE D0BD ; # small n
CF D0BE ; # small o
D0 D0BF ; # small p
D1 D18F ; # small ya
D2 D180 ; # small r
D3 D181 ; # small s
D4 D182 ; # small t
D5 D183 ; # small u
D6 D0B6 ; # small zh
D7 D0B2 ; # small v
D8 D18C ; # small soft sign
D9 D18B ; # small y
DA D0B7 ; # small z
DB D188 ; # small sh
DC D18D ; # small e
DD D189 ; # small shch
DE D187 ; # small ch
DF D18A ; # small hard sign
E0 D0AE ; # capital YU
E1 D090 ; # capital A
E2 D091 ; # capital B
E3 D0A6 ; # capital TS
E4 D094 ; # capital D
E5 D095 ; # capital YE
E6 D0A4 ; # capital F
E7 D093 ; # capital G
E8 D0A5 ; # capital KH
E9 D098 ; # capital I
EA D099 ; # capital J
EB D09A ; # capital K
EC D09B ; # capital L
ED D09C ; # capital M
EE D09D ; # capital N
EF D09E ; # capital O
F0 D09F ; # capital P
F1 D0AF ; # capital YA
F2 D0A0 ; # capital R
F3 D0A1 ; # capital S
F4 D0A2 ; # capital T
F5 D0A3 ; # capital U
F6 D096 ; # capital ZH
F7 D092 ; # capital V
F8 D0AC ; # capital soft sign
F9 D0AB ; # capital Y
FA D097 ; # capital Z
FB D0A8 ; # capital SH
FC D0AD ; # capital E
FD D0A9 ; # capital SHCH
FE D0A7 ; # capital CH
FF D0AA ; # capital hard sign
}

103
koi-win Normal file
View file

@ -0,0 +1,103 @@
charset_map koi8-r windows-1251 {
80 88 ; # euro
95 95 ; # bullet
9A A0 ; # &nbsp;
9E B7 ; # &middot;
A3 B8 ; # small yo
A4 BA ; # small Ukrainian ye
A6 B3 ; # small Ukrainian i
A7 BF ; # small Ukrainian yi
AD B4 ; # small Ukrainian soft g
AE A2 ; # small Byelorussian short u
B0 B0 ; # &deg;
B3 A8 ; # capital YO
B4 AA ; # capital Ukrainian YE
B6 B2 ; # capital Ukrainian I
B7 AF ; # capital Ukrainian YI
B9 B9 ; # numero sign
BD A5 ; # capital Ukrainian soft G
BE A1 ; # capital Byelorussian short U
BF A9 ; # (C)
C0 FE ; # small yu
C1 E0 ; # small a
C2 E1 ; # small b
C3 F6 ; # small ts
C4 E4 ; # small d
C5 E5 ; # small ye
C6 F4 ; # small f
C7 E3 ; # small g
C8 F5 ; # small kh
C9 E8 ; # small i
CA E9 ; # small j
CB EA ; # small k
CC EB ; # small l
CD EC ; # small m
CE ED ; # small n
CF EE ; # small o
D0 EF ; # small p
D1 FF ; # small ya
D2 F0 ; # small r
D3 F1 ; # small s
D4 F2 ; # small t
D5 F3 ; # small u
D6 E6 ; # small zh
D7 E2 ; # small v
D8 FC ; # small soft sign
D9 FB ; # small y
DA E7 ; # small z
DB F8 ; # small sh
DC FD ; # small e
DD F9 ; # small shch
DE F7 ; # small ch
DF FA ; # small hard sign
E0 DE ; # capital YU
E1 C0 ; # capital A
E2 C1 ; # capital B
E3 D6 ; # capital TS
E4 C4 ; # capital D
E5 C5 ; # capital YE
E6 D4 ; # capital F
E7 C3 ; # capital G
E8 D5 ; # capital KH
E9 C8 ; # capital I
EA C9 ; # capital J
EB CA ; # capital K
EC CB ; # capital L
ED CC ; # capital M
EE CD ; # capital N
EF CE ; # capital O
F0 CF ; # capital P
F1 DF ; # capital YA
F2 D0 ; # capital R
F3 D1 ; # capital S
F4 D2 ; # capital T
F5 D3 ; # capital U
F6 C6 ; # capital ZH
F7 C2 ; # capital V
F8 DC ; # capital soft sign
F9 DB ; # capital Y
FA C7 ; # capital Z
FB D8 ; # capital SH
FC DD ; # capital E
FD D9 ; # capital SHCH
FE D7 ; # capital CH
FF DA ; # capital hard sign
}

89
mime.types Normal file
View file

@ -0,0 +1,89 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

76
nginx.conf Normal file
View file

@ -0,0 +1,76 @@
user www-data;
worker_processes 2;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# definiere mehrere Formate für logfiles
# Format main bindet gegen über dem Default http_x_forwarded_for, gzip_ratio, zeiten und pipe usw.
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" "$http_x_forwarded_for" '
'"$gzip_ratio" "$request_time" "$upstream_response_time" "$pipe"';
# das selbe Format nochmal nur mit ausgtauschter Fake IP
log_format ano '0.0.0.0 - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" "$http_x_forwarded_for" '
'"$gzip_ratio" "$request_time" "$upstream_response_time" "$pipe"';
# dieses Format ist für revers-proxy gedacht um mehr informationen über den Cache Zustand bei der Anfrage zu erhalten
log_format cache '$time_local $upstream_cache_status '
'Cache-Control: $upstream_http_cache_control '
'Expires: $upstream_http_expires '
'"$request" ($status) "$gzip_ratio" '
'"$request_time" "$upstream_response_time" "$pipe"';
access_log /var/log/nginx/access.log main;
upstream ro01 {
server [2001:470:6c:655::2] weight=10;
server local.krautspace.de weight=1;
}
proxy_cache_path /var/lib/nginx/cache keys_zone=statusATro01:10m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES2\
56:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-\
SHA:CAMELLIA128-SHA:AES128-SHA';
ssl_dhparam /etc/ssl/private/dhparams.pem;
add_header Strict-Transport-Security max-age=15768000; # six months
## Use a SSL/TLS cache for SSL session resume.
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# setzt die Variable php_https abhängig davon ob es sich um eine https Verbindung handelt, ist für die Weitergabe an php
map $scheme $php_https { default off; https on; }
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
server_tokens off;
# etag ist Ausgeschalten wegen erweiterter möglicher Tracking von Usern
etag off;
# Hier lohnt sich auch ein Blick hinnein
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

17
scgi_params Normal file
View file

@ -0,0 +1,17 @@
scgi_param REQUEST_METHOD $request_method;
scgi_param REQUEST_URI $request_uri;
scgi_param QUERY_STRING $query_string;
scgi_param CONTENT_TYPE $content_type;
scgi_param DOCUMENT_URI $document_uri;
scgi_param DOCUMENT_ROOT $document_root;
scgi_param SCGI 1;
scgi_param SERVER_PROTOCOL $server_protocol;
scgi_param REQUEST_SCHEME $scheme;
scgi_param HTTPS $https if_not_empty;
scgi_param REMOTE_ADDR $remote_addr;
scgi_param REMOTE_PORT $remote_port;
scgi_param SERVER_PORT $server_port;
scgi_param SERVER_NAME $server_name;

11
sites-available/default Normal file
View file

@ -0,0 +1,11 @@
server {
listen 0.0.0.0:80 default;
listen [2a01:4f8:151:51a3:176:9:184:3]:80 default;
access_log /var/log/nginx/access.log ano;
error_log /var/log/nginx/error.log warn;
location / {
return 404;
}
}

15
sites-available/hackspace-jena.de Normal file
View file

@ -0,0 +1,15 @@
server {
listen 0.0.0.0:80;
listen [2a01:4f8:151:51a3:176:9:184:3]:80;
listen 0.0.0.0:443 ssl;
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl;
ssl_certificate /etc/nginx/certs/www.krautspace.de.crt;
ssl_certificate_key /etc/nginx/certs/www.krautspace.de.key;
server_name www.hackspace-jena.de hackspace-jena.de;
access_log /var/log/nginx/hackspace-jena.de_access.log ano;
error_log /var/log/nginx/hackspace-jena.de_error.log;
# weiterleiten
rewrite ^ https://www.krautspace.de$request_uri permanent;
}

122
sites-available/kraut.space.conf Normal file
View file

@ -0,0 +1,122 @@
server {
listen 0.0.0.0:80 default;
listen [2a01:4f8:151:51a3:176:9:184:3]:80 default;
server_name www.kraut.space;
access_log /var/log/nginx/www.krautspace.de_access.log ano;
error_log /var/log/nginx/www.krautspace.de_error.log;
# weiterleiten
rewrite ^ https://$host$request_uri? permanent;
}
server {
listen 0.0.0.0:443 ssl default;
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl default;
ssl_certificate /etc/ssl/private/star.kraut.space.combined.crt;
ssl_certificate_key /etc/ssl/private/star.kraut.space.key;
server_name kraut.space www.kraut.space;
access_log /var/log/nginx/kraut.space_access.log ano;
error_log /var/log/nginx/kraut.space_error.log;
add_header Public-Key-Pins 'pin-sha256="h1eF+0TRBTfD0ksblNkZnC3XQ8/w1tKDotkBiZcyThc="; pin-sha256="2r/gJIym/afOi0tM9pcbibG1b0uixXHzwInOT+KVKPE="; pin-sha256="LUZ6gnGnIWtu/uXeQMfEEBlP8J6azBxFhPct2qpGYYk="; max-age=1209600; includeSubDomains';
add_header Strict-Transport-Security max-age=15768000; # six months
if ($host = www.kraut.space) {
return 301 https://kraut.space$request_uri;
}
root /var/www/wiki.hackspace-jena.de;
# falls es mal (global) an sein sollte
autoindex off;
index doku.php;
client_max_body_size 15M;
client_body_buffer_size 128k;
location ^~ /.well-known/ { allow all; }
location = /robots.txt { log_not_found off; }
location = /favicon.ico { log_not_found off; }
location ~ /\. { deny all; }
location ~ ~$ { deny all; }
# versuche Datei zu finden, leite sonst an @dw weiter
location / {
try_files $uri $uri/ @dw;
}
# setze Header
location ~ ^/lib/.*\.(gif|png|ico|jpg|svg|ttf)$ {
expires 30d;
}
# versuche was passendes für die anfrage zu finden
location @dw {
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
rewrite ^/(.*) /doku.php?id=$1 last;
}
# führe PHP-Script aus
location ~ \.php$ {
include fastcgi_params;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param HTTPS $php_https; # DW checks $_SERVER['HTTPS']
fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/php5-fpm.sock;
# entferne Header "X-Powered-By: PHP/5.4.40-1~dotdeb+wheezy.1"
fastcgi_hide_header "X-Powered-By";
}
# das ist mit absicht hier hinten!
# soll erst nach dokuwiki verarbeitung überprüft werden, nicht das einige Artikel nicht zu öffnen sind
location ~ /(data|conf|bin|inc)/ { deny all; }
### XMPP
# forward http-bind requests to the prosody instance
location /http-bind {
proxy_pass http://localhost:5280/http-bind;
proxy_buffering off;
tcp_nodelay on;
# add_header Access-Control-Allow-Origin *;
proxy_set_header Host anon.krautspace.de;
}
# forward xmpp registrations to prosody
location /xmpp/ {
index index.php;
# Idee für schönere umsetzung
# expires 7d;
# try_file $uri $uri/ /xmpp/index.php;
if (-f $request_filename) {
expires 7d;
break;
}
rewrite ^/xmpp/(.*) /xmpp/index.php last;
}
### CHAT
# setze Header
location ~* ^/chat/*.\.(js|css|json|map|gif|png|swf|mp3)$ {
expires 7d;
}
# sonstige anfragen an /chat/, versuche datei zu finden
location /chat/ {
# forward /chat/ to /chat/index.html as per request of qbi
index index.html;
try_files $uri $uri/ =404;
}
location ~* ^/chat2/*.\.(js|css|json|map|gif|png|swf|mp3)$ {
expires 7d;
}
location /chat2/ {
index index.html;
try_files $uri $uri/ =404;
}
}

15
sites-available/krautspace.de Normal file
View file

@ -0,0 +1,15 @@
server {
listen 0.0.0.0:80;
listen [2a01:4f8:151:51a3:176:9:184:3]:80;
listen 0.0.0.0:443 ssl;
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl;
ssl_certificate /etc/ssl/private/star.krautspace.de.combined.crt;
ssl_certificate_key /etc/ssl/private/star.krautspace.de.key;
server_name krautspace.de;
access_log /var/log/nginx/krautspace.de_access.log ano;
error_log /var/log/nginx/krautspace.de_error.log;
# weiterleiten
rewrite ^ https://www.krautspace.de$request_uri permanent;
}

17
sites-available/lpd.kraut.space.conf Normal file
View file

@ -0,0 +1,17 @@
server {
listen 0.0.0.0:80;
listen [2a01:4f8:151:51a3:176:9:184:3]:80;
listen 0.0.0.0:443 ssl;
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl;
ssl_certificate /etc/ssl/private/star.kraut.space.combined.crt;
ssl_certificate_key /etc/ssl/private/star.kraut.space.key;
server_name lpd.kraut.space;
access_log /var/log/nginx/kraut.space_access.log ano;
error_log /var/log/nginx/kraut.space_error.log;
add_header Public-Key-Pins 'pin-sha256="h1eF+0TRBTfD0ksblNkZnC3XQ8/w1tKDotkBiZcyThc="; pin-sha256="LUZ6gnGnIWtu/uXeQMfEEBlP8J6azBxFhPct2qpGYYk="; max-age=1209600; includeSubDomains';
# weiterleiten
rewrite ^ https://kraut.space/hswiki:termine:regelmaessige:linux-presentation-day:start permanent;
}

14
sites-available/media.hackspace-jena.de Normal file
View file

@ -0,0 +1,14 @@
server {
listen 0.0.0.0:80;
listen [2a01:4f8:151:51a3:176:9:184:3]:80;
listen 0.0.0.0:443 ssl;
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl;
ssl_certificate /etc/nginx/certs/www.krautspace.de.crt;
ssl_certificate_key /etc/nginx/certs/www.krautspace.de.key;
server_name media.hackspace-jena.de;
access_log /var/log/nginx/media.hackspace-jena.de_access.log ano;
error_log /var/log/nginx/media.hackspace-jena.de_error.log;
rewrite ^ https://media.krautspace.de$request_uri permanent;
}

29
sites-available/media.krautspace.de Normal file
View file

@ -0,0 +1,29 @@
server {
listen 0.0.0.0:80;
listen [2a01:4f8:151:51a3:176:9:184:3]:80;
server_name media.krautspace.de;
access_log /var/log/nginx/media.krautspace.de_access.log ano;
error_log /var/log/nginx/media.krautspace.de_error.log;
rewrite ^ https://$host$request_uri permanent;
}
server {
listen 0.0.0.0:443 ssl;
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl;
ssl_certificate /etc/ssl/private/star.krautspace.de.combined.crt;
ssl_certificate_key /etc/ssl/private/star.krautspace.de.key;
server_name media.krautspace.de;
access_log /var/log/nginx/media.krautspace.de_access.log ano;
error_log /var/log/nginx/media.krautspace.de_error.log;
root /var/www/media.hackspace-jena.de;
charset utf-8;
location = /favicon.ico { log_not_found off; }
location = /robots.txt { log_not_found off; }
location / {
autoindex on;
}
}

14
sites-available/status.hackspace-jena.de Normal file
View file

@ -0,0 +1,14 @@
server {
listen 0.0.0.0:80;
listen 0.0.0.0:443 ssl;
listen [2a01:4f8:151:51a3:176:9:184:3]:80;
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl;
ssl_certificate /etc/nginx/certs/www.krautspace.de.crt;
ssl_certificate_key /etc/nginx/certs/www.krautspace.de.key;
server_name status.hackspace-jena.de;
access_log /var/log/nginx/status.hackspace-jena.de_access.log ano;
error_log /var/log/nginx/status.hackspace-jena.de_error.log;
rewrite ^ https://status.krautspace.de$request_uri permanent;
}

47
sites-available/status.krautspace.de Normal file
View file

@ -0,0 +1,47 @@
server {
listen 0.0.0.0:80;
listen 0.0.0.0:443 ssl;
listen [2a01:4f8:151:51a3:176:9:184:3]:80;
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl;
ssl_certificate /etc/ssl/private/star.krautspace.de.combined.crt;
ssl_certificate_key /etc/ssl/private/star.krautspace.de.key;
server_name status.krautspace.de status.kraut.space;
access_log /var/log/nginx/status.krautspace.de_access.log ano;
error_log /var/log/nginx/status.krautspace.de_error.log;
root /var/www/status.hackspace-jena.de;
autoindex on;
# für alles das mit "/api" begint /api ausliefern und paar Heder setzen
location ^~ /api {
gzip_min_length 500; # hier mal senken damit kompremiert wird
default_type application/json;
add_header Cache-Control no-cache;
add_header Access-Control-Allow-Origin *;
try_files /api =404;
}
# für png Bilder in src und images Header setzen
location ^~ /images/ {
expires 30d;
}
# für /status/button/ revers-Proxy nutzen
location /status/button/ {
keepalive_timeout 0;
chunked_transfer_encoding off;
# leite Anfrage an router.krautspace.de (ro01) weiter
proxy_pass http://ro01/status/;
proxy_connect_timeout 10s;
proxy_cache_valid 200 15s;
proxy_cache_valid any 5s;
proxy_cache statusATro01;
proxy_ignore_client_abort on; # damit Cache aktualisiert wird
}
# jede sonstige Anfrage
location / {
try_files $uri $uri/ =404;
}
}

22
sites-available/wiki.hackspace-jena.de Normal file
View file

@ -0,0 +1,22 @@
server {
listen 0.0.0.0:80;
listen [2a01:4f8:151:51a3:176:9:184:3]:80;
listen 0.0.0.0:443 ssl;
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl;
ssl_certificate /etc/nginx/certs/www.krautspace.de.crt;
ssl_certificate_key /etc/nginx/certs/www.krautspace.de.key;
server_name wiki.hackspace-jena.de;
access_log /var/log/nginx/wiki.hackspace-jena.de_access.log ano;
error_log /var/log/nginx/wiki.hackspace-jena.de_error.log;
index index.html;
# wenn nichts angegeben ist
location = / {
rewrite ^ https://www.krautspace.de/hswiki:start permanent;
}
# alles andere
location / {
rewrite ^ https://www.krautspace.de$request_uri permanent;
}
}

25
sites-available/www.krautspace.de Normal file
View file

@ -0,0 +1,25 @@
server {
listen 0.0.0.0:80;
listen [2a01:4f8:151:51a3:176:9:184:3]:80;
server_name www.krautspace.de;
access_log /var/log/nginx/www.krautspace.de_access.log ano;
error_log /var/log/nginx/www.krautspace.de_error.log;
# weiterleiten
rewrite ^ https://$host$request_uri? permanent;
}
server {
listen 0.0.0.0:443 ssl;
listen [2a01:4f8:151:51a3:176:9:184:3]:443 ssl;
ssl_certificate /etc/ssl/private/star.krautspace.de.combined.crt;
ssl_certificate_key /etc/ssl/private/star.krautspace.de.key;
server_name www.krautspace.de;
# weiterleiten
rewrite ^ https://kraut.space$request_uri permanent;
add_header Public-Key-Pins 'pin-sha256="IwnHI5F3Ynnwa2dWAs48o8shoaHiqshUDT/CV+qankk="; max-age=1209600; includeSubDomains';
}

17
uwsgi_params Normal file
View file

@ -0,0 +1,17 @@
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param REQUEST_SCHEME $scheme;
uwsgi_param HTTPS $https if_not_empty;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;

126
win-utf Normal file
View file

@ -0,0 +1,126 @@
# This map is not a full windows-1251 <> utf8 map: it does not
# contain Serbian and Macedonian letters. If you need a full map,
# use contrib/unicode2nginx/win-utf map instead.
charset_map windows-1251 utf-8 {
82 E2809A ; # single low-9 quotation mark
84 E2809E ; # double low-9 quotation mark
85 E280A6 ; # ellipsis
86 E280A0 ; # dagger
87 E280A1 ; # double dagger
88 E282AC ; # euro
89 E280B0 ; # per mille
91 E28098 ; # left single quotation mark
92 E28099 ; # right single quotation mark
93 E2809C ; # left double quotation mark
94 E2809D ; # right double quotation mark
95 E280A2 ; # bullet
96 E28093 ; # en dash
97 E28094 ; # em dash
99 E284A2 ; # trade mark sign
A0 C2A0 ; # &nbsp;
A1 D18E ; # capital Byelorussian short U
A2 D19E ; # small Byelorussian short u
A4 C2A4 ; # currency sign
A5 D290 ; # capital Ukrainian soft G
A6 C2A6 ; # borken bar
A7 C2A7 ; # section sign
A8 D081 ; # capital YO
A9 C2A9 ; # (C)
AA D084 ; # capital Ukrainian YE
AB C2AB ; # left-pointing double angle quotation mark
AC C2AC ; # not sign
AD C2AD ; # soft hypen
AE C2AE ; # (R)
AF D087 ; # capital Ukrainian YI
B0 C2B0 ; # &deg;
B1 C2B1 ; # plus-minus sign
B2 D086 ; # capital Ukrainian I
B3 D196 ; # small Ukrainian i
B4 D291 ; # small Ukrainian soft g
B5 C2B5 ; # micro sign
B6 C2B6 ; # pilcrow sign
B7 C2B7 ; # &middot;
B8 D191 ; # small yo
B9 E28496 ; # numero sign
BA D194 ; # small Ukrainian ye
BB C2BB ; # right-pointing double angle quotation mark
BF D197 ; # small Ukrainian yi
C0 D090 ; # capital A
C1 D091 ; # capital B
C2 D092 ; # capital V
C3 D093 ; # capital G
C4 D094 ; # capital D
C5 D095 ; # capital YE
C6 D096 ; # capital ZH
C7 D097 ; # capital Z
C8 D098 ; # capital I
C9 D099 ; # capital J
CA D09A ; # capital K
CB D09B ; # capital L
CC D09C ; # capital M
CD D09D ; # capital N
CE D09E ; # capital O
CF D09F ; # capital P
D0 D0A0 ; # capital R
D1 D0A1 ; # capital S
D2 D0A2 ; # capital T
D3 D0A3 ; # capital U
D4 D0A4 ; # capital F
D5 D0A5 ; # capital KH
D6 D0A6 ; # capital TS
D7 D0A7 ; # capital CH
D8 D0A8 ; # capital SH
D9 D0A9 ; # capital SHCH
DA D0AA ; # capital hard sign
DB D0AB ; # capital Y
DC D0AC ; # capital soft sign
DD D0AD ; # capital E
DE D0AE ; # capital YU
DF D0AF ; # capital YA
E0 D0B0 ; # small a
E1 D0B1 ; # small b
E2 D0B2 ; # small v
E3 D0B3 ; # small g
E4 D0B4 ; # small d
E5 D0B5 ; # small ye
E6 D0B6 ; # small zh
E7 D0B7 ; # small z
E8 D0B8 ; # small i
E9 D0B9 ; # small j
EA D0BA ; # small k
EB D0BB ; # small l
EC D0BC ; # small m
ED D0BD ; # small n
EE D0BE ; # small o
EF D0BF ; # small p
F0 D180 ; # small r
F1 D181 ; # small s
F2 D182 ; # small t
F3 D183 ; # small u
F4 D184 ; # small f
F5 D185 ; # small kh
F6 D186 ; # small ts
F7 D187 ; # small ch
F8 D188 ; # small sh
F9 D189 ; # small shch
FA D18A ; # small hard sign
FB D18B ; # small y
FC D18C ; # small soft sign
FD D18D ; # small e
FE D18E ; # small yu
FF D18F ; # small ya
}