No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

nginx.conf 4.4KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191
  1. worker_processes 2;
  2. events {
  3. worker_connections 1024;
  4. }
  5. http {
  6. # Some SSL stuff
  7. ssl_protocols TLSv1.2 TLSv1.3;
  8. ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
  9. ssl_prefer_server_ciphers on;
  10. # Some global configurations
  11. client_max_body_size 10M;
  12. include mime.types;
  13. default_type application/octet-stream;
  14. sendfile on;
  15. keepalive_timeout 65;
  16. gzip on;
  17. # header crap
  18. add_header X-Frame-Options "SAMEORIGIN" always;
  19. add_header X-XSS-Protection "1; mode=block" always;
  20. add_header X-Content-Type-Options "nosniff" always;
  21. add_header Referrer-Policy "no-referrer" always;
  22. # erg.. fix this eventually.
  23. add_header Content-Security-Policy 'self' always;
  24. # http://ja13.org and https://ja13.org
  25. server {
  26. server_name ja13.org;
  27. listen 80;
  28. listen [::]:80;
  29. listen 443 ssl http2;
  30. listen [::]:443 ssl http2;
  31. root /srv/http/http;
  32. ssl_certificate /etc/letsencrypt/live/ja13.org-0001/fullchain.pem;
  33. ssl_certificate_key /etc/letsencrypt/live/ja13.org-0001/privkey.pem;
  34. location / {
  35. index index.html;
  36. autoindex on;
  37. }
  38. location /robots.txt {
  39. root /srv/http/common;
  40. index robots.txt;
  41. }
  42. location /favicon.ico {
  43. root /srv/http/common;
  44. index favicon.ico;
  45. }
  46. location /resume.pdf {
  47. root /srv/http/resume;
  48. index resume.pdf;
  49. }
  50. }
  51. # http://john.ja13.org and https://john.ja13.org
  52. server {
  53. server_name john.ja13.org;
  54. listen 80;
  55. listen [::]:80;
  56. listen 443 ssl http2;
  57. listen [::]:443 ssl http2;
  58. root /srv/http/john;
  59. allow 10.0.0.0/24;
  60. deny all;
  61. ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
  62. ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
  63. location / {
  64. proxy_pass http://10.0.0.4;
  65. }
  66. }
  67. # http://ns1.ja13.org and https://ns1.ja13.org
  68. server {
  69. server_name ns1.ja13.org;
  70. listen 80;
  71. listen [::]:80;
  72. listen 443 ssl http2;
  73. listen [::]:443 ssl http2;
  74. root /srv/http/ns1;
  75. ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
  76. ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
  77. location / {
  78. index index.html;
  79. autoindex on;
  80. }
  81. location /robots.txt {
  82. root /srv/http/common;
  83. index robots.txt;
  84. }
  85. location /favicon.ico {
  86. root /srv/http/common;
  87. index favicon.ico;
  88. }
  89. }
  90. # http://wifi.ja13.org and https://wifi.ja13.org
  91. server {
  92. server_name wifi.ja13.org;
  93. listen 80;
  94. listen [::]:80;
  95. listen 443 ssl http2;
  96. listen [::]:443 ssl http2;
  97. root /srv/http;
  98. allow 10.0.0.0/24;
  99. deny all;
  100. ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
  101. ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
  102. location / {
  103. proxy_set_header Referer "";
  104. proxy_ssl_verify off;
  105. proxy_pass https://127.0.0.1:8443;
  106. }
  107. }
  108. # http://resume.ja13.org and https://resume.ja13.org
  109. server {
  110. server_name resume.ja13.org;
  111. listen 80;
  112. listen [::]:80;
  113. listen 443 ssl http2;
  114. listen [::]:443 ssl http2;
  115. root /srv/http/resume;
  116. ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
  117. ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
  118. location / {
  119. index index.html;
  120. autoindex on;
  121. }
  122. location /robots.txt {
  123. root /srv/http/common;
  124. index robots.txt;
  125. }
  126. location /favicon.ico {
  127. root /srv/http/common;
  128. index favicon.ico;
  129. }
  130. }
  131. # http://*.ja13.org and https://*.ja13.org (a catch all domain)
  132. server {
  133. server_name _;
  134. listen 80 default_server;
  135. listen [::]:80 default_server;
  136. listen 443 ssl http2 default_server;
  137. listen [::]:443 ssl http2 default_server;
  138. root /srv/http/lost;
  139. ssl_certificate /etc/letsencrypt/live/ja13.org/fullchain.pem;
  140. ssl_certificate_key /etc/letsencrypt/live/ja13.org/privkey.pem;
  141. location / {
  142. index index.html;
  143. autoindex on;
  144. }
  145. location /robots.txt {
  146. root /srv/http/common;
  147. index robots.txt;
  148. }
  149. location /favicon.ico {
  150. root /srv/http/common;
  151. index favicon.ico;
  152. }
  153. location /resume.pdf {
  154. root /srv/http/resume;
  155. index resume.pdf;
  156. }
  157. }
  158. }