diff options
author | jaseg <code@jaseg.net> | 2019-06-26 16:41:45 +0900 |
---|---|---|
committer | jaseg <git@jaseg.net> | 2019-06-26 16:41:45 +0900 |
commit | 297cfc071e2d3e68dd137139db2c0a2c48611443 (patch) | |
tree | ecf4b7b8f00fe06d4ba4b87ed6deb5e49dba909b /nginx.conf | |
parent | a2d4afc7dfe278dacc64b5177ff993267c909685 (diff) | |
download | infra-297cfc071e2d3e68dd137139db2c0a2c48611443.tar.gz infra-297cfc071e2d3e68dd137139db2c0a2c48611443.tar.bz2 infra-297cfc071e2d3e68dd137139db2c0a2c48611443.zip |
Misc changes. Move up to fedora 30, add gerbolyze, secure download
Diffstat (limited to 'nginx.conf')
-rw-r--r-- | nginx.conf | 80 |
1 files changed, 65 insertions, 15 deletions
@@ -51,36 +51,86 @@ http { ssl_certificate "/etc/letsencrypt/live/gerbolyze.jaseg.net/fullchain.pem"; ssl_certificate_key "/etc/letsencrypt/live/gerbolyze.jaseg.net/privkey.pem"; ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem"; - include /etc/letsencrypt/options-ssl-nginx.conf; + include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_stapling on; - ssl_stapling_verify on; + ssl_stapling on; + ssl_stapling_verify on; - resolver 67.207.67.2 67.207.67.3 valid=300s; - resolver_timeout 10s; + resolver 67.207.67.2 67.207.67.3 valid=300s; + resolver_timeout 10s; - add_header Strict-Transport-Security "max-age=86400"; + add_header Strict-Transport-Security "max-age=86400"; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; - location ^~ /static/ { - root /var/lib/gerboweb; - } + location ^~ /static/ { + root /var/lib/gerboweb; + } + + location / { + include uwsgi_params; + uwsgi_pass unix:/run/uwsgi/gerboweb.socket; + } + + error_page 404 /404.html; + location = /40x.html { + root /usr/share/nginx/html; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + } + + server { + listen 80; + listen [::]:80; + server_name blog.jaseg.net blog.jaseg.net; + return 301 https://$host$request_uri; + } + + server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name blog.jaseg.net blog.jaseg.net; + root /usr/share/nginx/html; + + ssl_certificate "/etc/letsencrypt/live/blog.jaseg.net/fullchain.pem"; + ssl_certificate_key "/etc/letsencrypt/live/blog.jaseg.net/privkey.pem"; + ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem"; + include /etc/letsencrypt/options-ssl-nginx.conf; + + ssl_stapling on; + ssl_stapling_verify on; + + resolver 67.207.67.2 67.207.67.3 valid=300s; + resolver_timeout 10s; + + add_header Strict-Transport-Security "max-age=86400"; + + # Load configuration files for the default server block. + include /etc/nginx/default.d/*.conf; location / { - include uwsgi_params; - uwsgi_pass unix:/run/uwsgi/gerboweb.socket; + root /var/www/blog.jaseg.net; + } + + location /d/ { + rewrite ^/d/(.*)$ /$1 break; + include uwsgi_params; + uwsgi_pass unix:/run/uwsgi/secure-download.socket; } error_page 404 /404.html; - location = /40x.html { - root /usr/share/nginx/html; + location = /40x.html { + root /usr/share/nginx/html; } error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; + location = /50x.html { + root /usr/share/nginx/html; } } |