diff --git a/etc/contrib/nginx/fastcgi.conf b/etc/contrib/nginx/fastcgi.conf new file mode 100644 index 0000000..091738c --- /dev/null +++ b/etc/contrib/nginx/fastcgi.conf @@ -0,0 +1,26 @@ + +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/etc/contrib/nginx/fastcgi_params b/etc/contrib/nginx/fastcgi_params new file mode 100644 index 0000000..28decb9 --- /dev/null +++ b/etc/contrib/nginx/fastcgi_params @@ -0,0 +1,25 @@ + +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/etc/contrib/nginx/http.d/default.conf b/etc/contrib/nginx/http.d/default.conf new file mode 100644 index 0000000..4704a69 --- /dev/null +++ b/etc/contrib/nginx/http.d/default.conf @@ -0,0 +1,17 @@ +# This is a default site configuration which will simply return 404, preventing +# chance access to any other virtualhost. + +server { + listen 80 default_server; + listen [::]:80 default_server; + + # Everything is a 404 + location / { + return 404; + } + + # You may need this to prevent return 404 recursion. + location = /404.html { + internal; + } +} diff --git a/etc/contrib/nginx/mime.types b/etc/contrib/nginx/mime.types new file mode 100644 index 0000000..2961256 --- /dev/null +++ b/etc/contrib/nginx/mime.types @@ -0,0 +1,97 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/etc/contrib/nginx/nginx.conf b/etc/contrib/nginx/nginx.conf new file mode 100644 index 0000000..7913aa8 --- /dev/null +++ b/etc/contrib/nginx/nginx.conf @@ -0,0 +1,60 @@ +user www; +worker_processes auto; # it will be determinate automatically by the number of core +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx/nginx.pid; # it permit you to use /etc/init.d/nginx reload|restart|stop|start + +events { + worker_connections 1024; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + # server_tokens off; + + server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} diff --git a/etc/contrib/nginx/nginx.conf.orig b/etc/contrib/nginx/nginx.conf.orig new file mode 100644 index 0000000..bc784a3 --- /dev/null +++ b/etc/contrib/nginx/nginx.conf.orig @@ -0,0 +1,107 @@ +# /etc/nginx/nginx.conf + +user nginx; + +# Set number of worker processes automatically based on number of CPU cores. +worker_processes auto; + +# Enables the use of JIT for regular expressions to speed-up their processing. +pcre_jit on; + +# Configures default error logger. +error_log /var/log/nginx/error.log warn; + +# Includes files with directives to load dynamic modules. +include /etc/nginx/modules/*.conf; + +# Uncomment to include files with config snippets into the root context. +# NOTE: This will be enabled by default in Alpine 3.15. +#include /etc/nginx/conf.d/*.conf; + +events { + # The maximum number of simultaneous connections that can be opened by + # a worker process. + worker_connections 1024; +} + +http { + # Includes mapping of file name extensions to MIME types of responses + # and defines the default type. + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Name servers used to resolve names of upstream servers into addresses. + # It's also needed when using tcpsocket and udpsocket in Lua modules. + #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001; + + # Don't tell nginx version to the clients. Default is 'on'. + server_tokens off; + + # Specifies the maximum accepted body size of a client request, as + # indicated by the request header Content-Length. If the stated content + # length is greater than this size, then the client receives the HTTP + # error code 413. Set to 0 to disable. Default is '1m'. + client_max_body_size 1m; + + # Sendfile copies data between one FD and other from within the kernel, + # which is more efficient than read() + write(). Default is off. + sendfile on; + + # Causes nginx to attempt to send its HTTP response head in one packet, + # instead of using partial frames. Default is 'off'. + tcp_nopush on; + + + # Enables the specified protocols. Default is TLSv1 TLSv1.1 TLSv1.2. + # TIP: If you're not obligated to support ancient clients, remove TLSv1.1. + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + + # Path of the file with Diffie-Hellman parameters for EDH ciphers. + # TIP: Generate with: `openssl dhparam -out /etc/ssl/nginx/dh2048.pem 2048` + #ssl_dhparam /etc/ssl/nginx/dh2048.pem; + + # Specifies that our cipher suits should be preferred over client ciphers. + # Default is 'off'. + ssl_prefer_server_ciphers on; + + # Enables a shared SSL cache with size that can hold around 8000 sessions. + # Default is 'none'. + ssl_session_cache shared:SSL:2m; + + # Specifies a time during which a client may reuse the session parameters. + # Default is '5m'. + ssl_session_timeout 1h; + + # Disable TLS session tickets (they are insecure). Default is 'on'. + ssl_session_tickets off; + + + # Enable gzipping of responses. + #gzip on; + + # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'. + gzip_vary on; + + + # Helper variable for proxying websockets. + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + + # Specifies the main log format. + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + # Sets the path, format, and configuration for a buffered log write. + access_log /var/log/nginx/access.log main; + + + # Includes virtual hosts configs. + include /etc/nginx/http.d/*.conf; +} + +# TIP: Uncomment if you use stream module. +#include /etc/nginx/stream.conf; diff --git a/etc/contrib/nginx/scgi_params b/etc/contrib/nginx/scgi_params new file mode 100644 index 0000000..6d4ce4f --- /dev/null +++ b/etc/contrib/nginx/scgi_params @@ -0,0 +1,17 @@ + +scgi_param REQUEST_METHOD $request_method; +scgi_param REQUEST_URI $request_uri; +scgi_param QUERY_STRING $query_string; +scgi_param CONTENT_TYPE $content_type; + +scgi_param DOCUMENT_URI $document_uri; +scgi_param DOCUMENT_ROOT $document_root; +scgi_param SCGI 1; +scgi_param SERVER_PROTOCOL $server_protocol; +scgi_param REQUEST_SCHEME $scheme; +scgi_param HTTPS $https if_not_empty; + +scgi_param REMOTE_ADDR $remote_addr; +scgi_param REMOTE_PORT $remote_port; +scgi_param SERVER_PORT $server_port; +scgi_param SERVER_NAME $server_name; diff --git a/etc/contrib/nginx/sites-available/nunosempere.com b/etc/contrib/nginx/sites-available/nunosempere.com new file mode 100644 index 0000000..11bc143 --- /dev/null +++ b/etc/contrib/nginx/sites-available/nunosempere.com @@ -0,0 +1,98 @@ +# Old config: +# server { +# +# +# listen 443 ssl; # managed by Certbot +# ssl_certificate /etc/letsencrypt/live/nunosempere.com/fullchain.pem; # managed by Certbot +# ssl_certificate_key /etc/letsencrypt/live/nunosempere.com/privkey.pem; # managed by Certbot +# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot +# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +# # listen 80; +# # listen [::]:80; +# +# root /home/www/werc/werc-1.5.0/sites/nunosempere.com; +# index index.html index.htm index.nginx-debian.html; +# server_name nunosempere.com; +# +# location / { +# try_files $uri $uri/ =404; +# } +# } + +server { + server_name nunosempere.com; # Replace with your domain name. + + #charset utf-8; + + #access_log logs/host.access.log main; + + location / { + + # FastCGI params, usually stored in fastcgi_params + # and imported with a command like the following: + #include fastcgi_params; + + # Typical contents of fastcgi_params (inlined here): + fastcgi_pass localhost:9000; + + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + + #fastcgi_param SCRIPT_FILENAME /var/www/werc/bin/werc.rc; + fastcgi_param SCRIPT_NAME /home/www/werc/werc-1.5.0/bin/werc.rc; + #fastcgi_param SCRIPT_NAME $fastcgi_script_name; + + fastcgi_param REQUEST_URI $request_uri; + fastcgi_param DOCUMENT_URI $document_uri; + fastcgi_param DOCUMENT_ROOT $document_root; + fastcgi_param SERVER_PROTOCOL $server_protocol; + + fastcgi_param GATEWAY_INTERFACE CGI/1.1; + fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + + fastcgi_param REMOTE_ADDR $remote_addr; + fastcgi_param REMOTE_PORT $remote_port; + fastcgi_param SERVER_ADDR $server_addr; + fastcgi_param SERVER_PORT $server_port; + fastcgi_param SERVER_NAME $server_name; + fastcgi_param REMOTE_USER $remote_user; + + #root /home/uriel/werc/werc-1.5.0/sites/nunosempere.com; + #root /var/www/werc/sites/$server_addr; # XXX This doesn't work, not sure why :( + #nuno: I confirm that the above doesn't work. + root /; + #root /home/www/werc/werc-1.5.0/sites/nunosempere.com; + + #index index.html index.htm; + } + + # listen 443 ssl; # managed by Certbot + # ssl_certificate /etc/letsencrypt/live/nunosempere.com/fullchain.pem; # managed by Certbot + # ssl_certificate_key /etc/letsencrypt/live/nunosempere.com/privkey.pem; # managed by Certbot + # include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/nunosempere.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/nunosempere.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = nunosempere.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name nunosempere.com; + return 404; # managed by Certbot + + +} diff --git a/etc/contrib/nginx/sites-available/nunosempere.com-simple b/etc/contrib/nginx/sites-available/nunosempere.com-simple new file mode 100644 index 0000000..956f2d8 --- /dev/null +++ b/etc/contrib/nginx/sites-available/nunosempere.com-simple @@ -0,0 +1,21 @@ +# Old config: + server { + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/nunosempere.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/nunosempere.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + # listen 80; + # listen [::]:80; + + root /home/www/werc/werc-1.5.0/sites/nunosempere.com; + index index.html index.htm index.nginx-debian.html; + server_name nunosempere.com; + + location / { + try_files $uri $uri/ =404; + } + } + diff --git a/etc/contrib/nginx/sites-available/samotsvety.org b/etc/contrib/nginx/sites-available/samotsvety.org new file mode 100644 index 0000000..49a7e3b --- /dev/null +++ b/etc/contrib/nginx/sites-available/samotsvety.org @@ -0,0 +1,91 @@ +# Old config: +# server { +# +# +# listen 443 ssl; # managed by Certbot +# ssl_certificate /etc/letsencrypt/live/samotsvety.org/fullchain.pem; # managed by Certbot +# ssl_certificate_key /etc/letsencrypt/live/samotsvety.org/privkey.pem; # managed by Certbot +# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot +# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +# # listen 80; +# # listen [::]:80; +# +# root /home/www/werc/werc-1.5.0/sites/samotsvety.org; +# index index.html index.htm index.nginx-debian.html; +# server_name samotsvety.org; +# +# location / { +# try_files $uri $uri/ =404; +# } +# } + +server { + server_name samotsvety.org; # Replace with your domain name. + + #charset utf-8; + + #access_log logs/host.access.log main; + + location / { + + # FastCGI params, usually stored in fastcgi_params + # and imported with a command like the following: + #include fastcgi_params; + + # Typical contents of fastcgi_params (inlined here): + fastcgi_pass localhost:9000; + + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + + #fastcgi_param SCRIPT_FILENAME /var/www/werc/bin/werc.rc; + fastcgi_param SCRIPT_NAME /home/www/werc/werc-1.5.0/bin/werc.rc; + #fastcgi_param SCRIPT_NAME $fastcgi_script_name; + + fastcgi_param REQUEST_URI $request_uri; + fastcgi_param DOCUMENT_URI $document_uri; + fastcgi_param DOCUMENT_ROOT $document_root; + fastcgi_param SERVER_PROTOCOL $server_protocol; + + fastcgi_param GATEWAY_INTERFACE CGI/1.1; + fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + + fastcgi_param REMOTE_ADDR $remote_addr; + fastcgi_param REMOTE_PORT $remote_port; + fastcgi_param SERVER_ADDR $server_addr; + fastcgi_param SERVER_PORT $server_port; + fastcgi_param SERVER_NAME $server_name; + fastcgi_param REMOTE_USER $remote_user; + + #root /home/uriel/werc/werc-1.5.0/sites/samotsvety.org; + #root /var/www/werc/sites/$server_addr; # XXX This doesn't work, not sure why :( + #nuno: I confirm that the above doesn't work. + root /; + #root /home/www/werc/werc-1.5.0/sites/samotsvety.org; + + #index index.html index.htm; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/samotsvety.org/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/samotsvety.org/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = samotsvety.org) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name samotsvety.org; + return 404; # managed by Certbot + + +} +# diff --git a/etc/contrib/nginx/sites-enabled/nunosempere.com b/etc/contrib/nginx/sites-enabled/nunosempere.com new file mode 120000 index 0000000..56aab98 --- /dev/null +++ b/etc/contrib/nginx/sites-enabled/nunosempere.com @@ -0,0 +1 @@ +/etc/nginx/sites-available/nunosempere.com \ No newline at end of file diff --git a/etc/contrib/nginx/sites-enabled/samotsvety.org b/etc/contrib/nginx/sites-enabled/samotsvety.org new file mode 120000 index 0000000..24f8967 --- /dev/null +++ b/etc/contrib/nginx/sites-enabled/samotsvety.org @@ -0,0 +1 @@ +/etc/nginx/sites-available/samotsvety.org \ No newline at end of file diff --git a/etc/contrib/nginx/uwsgi_params b/etc/contrib/nginx/uwsgi_params new file mode 100644 index 0000000..09c732c --- /dev/null +++ b/etc/contrib/nginx/uwsgi_params @@ -0,0 +1,17 @@ + +uwsgi_param QUERY_STRING $query_string; +uwsgi_param REQUEST_METHOD $request_method; +uwsgi_param CONTENT_TYPE $content_type; +uwsgi_param CONTENT_LENGTH $content_length; + +uwsgi_param REQUEST_URI $request_uri; +uwsgi_param PATH_INFO $document_uri; +uwsgi_param DOCUMENT_ROOT $document_root; +uwsgi_param SERVER_PROTOCOL $server_protocol; +uwsgi_param REQUEST_SCHEME $scheme; +uwsgi_param HTTPS $https if_not_empty; + +uwsgi_param REMOTE_ADDR $remote_addr; +uwsgi_param REMOTE_PORT $remote_port; +uwsgi_param SERVER_PORT $server_port; +uwsgi_param SERVER_NAME $server_name;