diff --git a/al.ert.space b/al.ert.space index 547b4e5..cca2950 100644 --- a/al.ert.space +++ b/al.ert.space @@ -22,8 +22,8 @@ server { listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/al.ert.space/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/al.ert.space/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot @@ -41,4 +41,4 @@ server { return 404; # managed by Certbot -} +} \ No newline at end of file diff --git a/default b/default index 43d6b0c..c841ceb 100644 --- a/default +++ b/default @@ -1,12 +1,17 @@ ## # You should look at the following URL's in order to grasp a solid understanding # of Nginx configuration files in order to fully unleash the power of Nginx. -# http://wiki.nginx.org/Pitfalls -# http://wiki.nginx.org/QuickStart -# http://wiki.nginx.org/Configuration +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure # -# Generally, you will want to move this file somewhere, and start with a clean -# file but keep this around for reference. Or just disable in sites-enabled. +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. # # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. ## @@ -46,15 +51,15 @@ server { try_files $uri $uri/ =404; } - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # pass PHP scripts to FastCGI server # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # - # # With php7.0-cgi alone: + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; - # # With php7.0-fpm: - # fastcgi_pass unix:/run/php/php7.0-fpm.sock; #} # deny access to .htaccess files, if Apache's document root @@ -84,77 +89,3 @@ server { # try_files $uri $uri/ =404; # } #} - -server { - - # SSL configuration - # - # listen 443 ssl default_server; - # listen [::]:443 ssl default_server; - # - # Note: You should disable gzip for SSL traffic. - # See: https://bugs.debian.org/773332 - # - # Read up on ssl_ciphers to ensure a secure configuration. - # See: https://bugs.debian.org/765782 - # - # Self signed certs generated by the ssl-cert package - # Don't use them in a production server! - # - # include snippets/snakeoil.conf; - - root /var/www/html; - - # Add index.php to the list if you are using PHP - index index.html index.htm index.nginx-debian.html; - server_name ert.space; # managed by Certbot - - - location / { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ =404; - } - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # include snippets/fastcgi-php.conf; - # - # # With php7.0-cgi alone: - # fastcgi_pass 127.0.0.1:9000; - # # With php7.0-fpm: - # fastcgi_pass unix:/run/php/php7.0-fpm.sock; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} - - - listen [::]:443 ssl; # managed by Certbot - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - -} -server { - if ($host = ert.space) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - listen 80 ; - listen [::]:80 ; - server_name ert.space; - return 404; # managed by Certbot - - -} - diff --git a/ert.space b/ert.space index 075698c..0cfee0e 100644 --- a/ert.space +++ b/ert.space @@ -5,10 +5,10 @@ server { try_files $uri $uri/ =404; } - listen [::]:443 ssl; # managed by Certbot + listen [::]:443 ssl ipv6only=on; # managed by Certbot listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/ert.space-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/ert.space-0001/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot diff --git a/ex.ert.space b/ex.ert.space index 8b7228c..397e1aa 100644 --- a/ex.ert.space +++ b/ex.ert.space @@ -9,8 +9,8 @@ server { listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/ex.ert.space/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/ex.ert.space/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot @@ -27,4 +27,4 @@ server { return 404; # managed by Certbot -} +} \ No newline at end of file diff --git a/gitb.ert.space b/gitb.ert.space index 4daa5e3..1483e92 100644 --- a/gitb.ert.space +++ b/gitb.ert.space @@ -8,8 +8,8 @@ server { listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/gitb.ert.space/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/gitb.ert.space/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot diff --git a/hilb.ert.space b/hilb.ert.space index e0afbce..dbe527c 100644 --- a/hilb.ert.space +++ b/hilb.ert.space @@ -9,8 +9,8 @@ server { listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/hilb.ert.space/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/hilb.ert.space/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot @@ -27,4 +27,4 @@ server { return 404; # managed by Certbot -} +} \ No newline at end of file diff --git a/in.ert.space b/in.ert.space index 8b4f5ae..eb3b7fa 100644 --- a/in.ert.space +++ b/in.ert.space @@ -1,15 +1,15 @@ server { - root /srv/www/in.ert.space; + root /srv/www/ert.space; server_name in.ert.space; error_page 404 /404.html; location / { try_files $uri $uri/ =404; } - listen [::]:443 ssl ipv6only=on; # managed by Certbot + listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/in.ert.space/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/in.ert.space/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot diff --git a/ress.ert.space b/ress.ert.space index 40233d5..6c5857c 100644 --- a/ress.ert.space +++ b/ress.ert.space @@ -8,8 +8,8 @@ server { listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/ress.ert.space/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/ress.ert.space/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot diff --git a/stand.ert.space b/stand.ert.space new file mode 100644 index 0000000..8ae948a --- /dev/null +++ b/stand.ert.space @@ -0,0 +1,29 @@ +server { + server_name stand.ert.space; + location / { + proxy_pass http://localhost:3030; + proxy_set_header Host $host; + proxy_set_header X-Real_IP $remote_addr; + } + + listen [::]:443 ssl; # managed by Certbot + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/ert.space/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/ert.space/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = stand.ert.space) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + listen [::]:80; + server_name stand.ert.space; + return 404; # managed by Certbot + + +} \ No newline at end of file