aboutsummaryrefslogtreecommitdiff
path: root/gerboweb/deploy/nginx.conf
diff options
context:
space:
mode:
authorjaseg <code@jaseg.net>2019-06-26 16:41:45 +0900
committerjaseg <git@jaseg.net>2019-06-26 16:41:45 +0900
commit8cb082a42d71a1e86a138eb58106d636e7c6d191 (patch)
tree8d4da453893c338dcd19671596c95100da4c83ce /gerboweb/deploy/nginx.conf
parent20f0df3892aea77ff17aed032aba7d9207fd85ae (diff)
downloadgerbolyze-8cb082a42d71a1e86a138eb58106d636e7c6d191.tar.gz
gerbolyze-8cb082a42d71a1e86a138eb58106d636e7c6d191.tar.bz2
gerbolyze-8cb082a42d71a1e86a138eb58106d636e7c6d191.zip
Misc changes. Move up to fedora 30, add gerbolyze, secure download
Diffstat (limited to 'gerboweb/deploy/nginx.conf')
-rw-r--r--gerboweb/deploy/nginx.conf80
1 files changed, 65 insertions, 15 deletions
diff --git a/gerboweb/deploy/nginx.conf b/gerboweb/deploy/nginx.conf
index 6344904..1f44981 100644
--- a/gerboweb/deploy/nginx.conf
+++ b/gerboweb/deploy/nginx.conf
@@ -51,36 +51,86 @@ http {
ssl_certificate "/etc/letsencrypt/live/gerbolyze.jaseg.net/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/gerbolyze.jaseg.net/privkey.pem";
ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
- include /etc/letsencrypt/options-ssl-nginx.conf;
+ include /etc/letsencrypt/options-ssl-nginx.conf;
- ssl_stapling on;
- ssl_stapling_verify on;
+ ssl_stapling on;
+ ssl_stapling_verify on;
- resolver 67.207.67.2 67.207.67.3 valid=300s;
- resolver_timeout 10s;
+ resolver 67.207.67.2 67.207.67.3 valid=300s;
+ resolver_timeout 10s;
- add_header Strict-Transport-Security "max-age=86400";
+ add_header Strict-Transport-Security "max-age=86400";
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
- location ^~ /static/ {
- root /var/lib/gerboweb;
- }
+ location ^~ /static/ {
+ root /var/lib/gerboweb;
+ }
+
+ location / {
+ include uwsgi_params;
+ uwsgi_pass unix:/run/uwsgi/gerboweb.socket;
+ }
+
+ error_page 404 /404.html;
+ location = /40x.html {
+ root /usr/share/nginx/html;
+ }
+
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+ }
+
+ server {
+ listen 80;
+ listen [::]:80;
+ server_name blog.jaseg.net blog.jaseg.net;
+ return 301 https://$host$request_uri;
+ }
+
+ server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name blog.jaseg.net blog.jaseg.net;
+ root /usr/share/nginx/html;
+
+ ssl_certificate "/etc/letsencrypt/live/blog.jaseg.net/fullchain.pem";
+ ssl_certificate_key "/etc/letsencrypt/live/blog.jaseg.net/privkey.pem";
+ ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
+ include /etc/letsencrypt/options-ssl-nginx.conf;
+
+ ssl_stapling on;
+ ssl_stapling_verify on;
+
+ resolver 67.207.67.2 67.207.67.3 valid=300s;
+ resolver_timeout 10s;
+
+ add_header Strict-Transport-Security "max-age=86400";
+
+ # Load configuration files for the default server block.
+ include /etc/nginx/default.d/*.conf;
location / {
- include uwsgi_params;
- uwsgi_pass unix:/run/uwsgi/gerboweb.socket;
+ root /var/www/blog.jaseg.net;
+ }
+
+ location /d/ {
+ rewrite ^/d/(.*)$ /$1 break;
+ include uwsgi_params;
+ uwsgi_pass unix:/run/uwsgi/secure-download.socket;
}
error_page 404 /404.html;
- location = /40x.html {
- root /usr/share/nginx/html;
+ location = /40x.html {
+ root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- root /usr/share/nginx/html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
}
}