From 297cfc071e2d3e68dd137139db2c0a2c48611443 Mon Sep 17 00:00:00 2001
From: jaseg <code@jaseg.net>
Date: Wed, 26 Jun 2019 16:41:45 +0900
Subject: Misc changes. Move up to fedora 30, add gerbolyze, secure download

---
 nginx.conf | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 65 insertions(+), 15 deletions(-)

(limited to 'nginx.conf')

diff --git a/nginx.conf b/nginx.conf
index 6344904..1f44981 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -51,36 +51,86 @@ http {
         ssl_certificate "/etc/letsencrypt/live/gerbolyze.jaseg.net/fullchain.pem";
         ssl_certificate_key "/etc/letsencrypt/live/gerbolyze.jaseg.net/privkey.pem";
         ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
-	include /etc/letsencrypt/options-ssl-nginx.conf;
+        include /etc/letsencrypt/options-ssl-nginx.conf;
 
-	ssl_stapling on;
-	ssl_stapling_verify on;
+        ssl_stapling on;
+        ssl_stapling_verify on;
 
-	resolver 67.207.67.2 67.207.67.3 valid=300s;
-	resolver_timeout 10s;
+        resolver 67.207.67.2 67.207.67.3 valid=300s;
+        resolver_timeout 10s;
 
-	add_header Strict-Transport-Security "max-age=86400";
+        add_header Strict-Transport-Security "max-age=86400";
 
         # Load configuration files for the default server block.
         include /etc/nginx/default.d/*.conf;
 
-	location ^~ /static/ {
-	      root /var/lib/gerboweb;
-	}
+        location ^~ /static/ {
+              root /var/lib/gerboweb;
+        }
+
+        location / {
+              include uwsgi_params;
+              uwsgi_pass unix:/run/uwsgi/gerboweb.socket;
+        }
+
+        error_page 404 /404.html;
+        location = /40x.html {
+            root         /usr/share/nginx/html;
+        }
+
+        error_page 500 502 503 504 /50x.html;
+        location = /50x.html {
+            root         /usr/share/nginx/html;
+        }
+    }
+
+    server {
+        listen       80;
+        listen       [::]:80;
+        server_name  blog.jaseg.net blog.jaseg.net;
+        return 301 https://$host$request_uri;
+    }
+
+    server {
+        listen       443 ssl http2;
+        listen       [::]:443 ssl http2;
+        server_name  blog.jaseg.net blog.jaseg.net;
+        root         /usr/share/nginx/html;
+
+        ssl_certificate "/etc/letsencrypt/live/blog.jaseg.net/fullchain.pem";
+        ssl_certificate_key "/etc/letsencrypt/live/blog.jaseg.net/privkey.pem";
+        ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem";
+        include /etc/letsencrypt/options-ssl-nginx.conf;
+
+        ssl_stapling on;
+        ssl_stapling_verify on;
+
+        resolver 67.207.67.2 67.207.67.3 valid=300s;
+        resolver_timeout 10s;
+
+        add_header Strict-Transport-Security "max-age=86400";
+
+        # Load configuration files for the default server block.
+        include /etc/nginx/default.d/*.conf;
 
         location / {
-	      include uwsgi_params;
-	      uwsgi_pass unix:/run/uwsgi/gerboweb.socket;
+            root /var/www/blog.jaseg.net;
+        }
+
+        location /d/ {
+            rewrite ^/d/(.*)$ /$1 break;
+            include uwsgi_params;
+            uwsgi_pass unix:/run/uwsgi/secure-download.socket;
         }
 
         error_page 404 /404.html;
-	location = /40x.html {
-	    root         /usr/share/nginx/html;
+        location = /40x.html {
+            root         /usr/share/nginx/html;
         }
 
         error_page 500 502 503 504 /50x.html;
-	location = /50x.html {
-	    root         /usr/share/nginx/html;
+        location = /50x.html {
+            root         /usr/share/nginx/html;
         }
     }
 
-- 
cgit