diff options
Diffstat (limited to 'web/etc/nginx/default.conf')
| -rw-r--r-- | web/etc/nginx/default.conf | 331 |
1 files changed, 0 insertions, 331 deletions
diff --git a/web/etc/nginx/default.conf b/web/etc/nginx/default.conf deleted file mode 100644 index 80fc4f3..0000000 --- a/web/etc/nginx/default.conf +++ /dev/null @@ -1,331 +0,0 @@ -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. - -ssl_dhparam /etc/nginx/dhparam.pem; -resolver 185.110.149.2 185.110.148.2; - -# Yoda! -server { - listen 80 default_server; - listen [::]:80 default_server; - root /var/www/html; - # Add index.php to the list if you are using PHP - index index.html index.htm index.nginx-debian.html; - add_header Strict-Transport-Security max-age=15768000; - server_name yoda.tg16.gathering.org; - - location /display { - allow 185.110.148.24; - allow 2a06:5841:1337::24; - allow 185.110.148.25; - allow 2a06:5841:1337::25; - allow 185.110.148.26; - allow 2a06:5841:1337::26; - allow 2a06:5841:150a::/64; - allow 185.110.150.0/25; - deny all; - } - #location / { - # return 301 https://$host$request_uri; - #} -} - -# Munin -server { - listen 80; - listen [::]:80; - access_log /var/log/nginx/munin.tg16.gathering.org_ssl_access.log; - error_log /var/log/nginx/munin.tg16.gathering.org_ssl_error.log error; - root /var/www/html; - - server_name munin.tg16.gathering.org; - - allow 185.110.150.0/25; - allow 2a06:5841:150a::/64; - allow 185.110.149.0/26; - allow 2a06:5841:149a::/64; - allow 185.110.148.0/26; - allow 2a06:5841:1337::/64; - allow 185.110.151.0/27; - allow 2a06:5841:151a::/64; - deny all; - - location ^~ /munin-cgi/munin-cgi-graph/ { - fastcgi_split_path_info ^(/munin-cgi/munin-cgi-graph)(.*); - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_pass unix:/var/run/munin/fastcgi-graph.sock; - include fastcgi_params; - } - - - location /munin/static/ { - alias /etc/munin/static/; - } - - location /munin/ { - fastcgi_split_path_info ^(/munin)(.*); - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_pass unix:/var/run/munin/fastcgi-html.sock; - include fastcgi_params; - - rewrite ^/munin/(.*.png)$ /munin-cgi/munin-cgi-graph/$1; - } - - location = / { - return 301 $scheme://$server_name/munin/; - } -} - -# Yoda! -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - access_log /var/log/nginx/yoda.tg16.gathering.org_ssl_access.log; - error_log /var/log/nginx/yoda.tg16.gathering.org_ssl_error.log error; - server_name yoda.tg16.gathering.org; - add_header Strict-Transport-Security max-age=0; - add_header Public-Key-Pins 'pin-sha256="47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="; pin-sha256="DqEaRBrMacYurT/HXzsxYONYXAyhWRgNa3/+g3920uQ="; max-age=5184000; includeSubDomains'; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; - ssl_prefer_server_ciphers on; - ssl_certificate /root/le/prodcerts/yoda.prod.pem; - ssl_certificate_key /root/le/keys/domain.key; - ssl_session_timeout 5m; - ssl_session_cache shared:SSL:50m; - client_max_body_size 10m; - ssl_stapling on; - ssl_stapling_verify on; - root /var/www/html; - index index.pl index.html; - location ~ \.pl|cgi$ { - try_files $uri =404; - gzip off; - fastcgi_pass 127.0.0.1:8999; - fastcgi_index index.pl; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - } - location / { - try_files $uri $uri/ =404; - } -} - -# Webcam -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - access_log /var/log/nginx/webcam.tg16.gathering.org_ssl_access.log; - error_log /var/log/nginx/webcam.tg16.gathering.org_ssl_error.log error; - server_name webcam.tg16.gathering.org webcams.tg16.gathering.org; - add_header Strict-Transport-Security max-age=0; - add_header Public-Key-Pins 'pin-sha256="47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="; pin-sha256="DqEaRBrMacYurT/HXzsxYONYXAyhWRgNa3/+g3920uQ="; max-age=5184000; includeSubDomains'; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; - ssl_prefer_server_ciphers on; - ssl_certificate /root/le/prodcerts/yoda.prod.pem; - ssl_certificate_key /root/le/keys/domain.key; - ssl_session_timeout 5m; - ssl_session_cache shared:SSL:50m; - client_max_body_size 10m; - ssl_stapling on; - ssl_stapling_verify on; - root /var/www/webcam; - location / { - return 301 http://stream.tg16.gathering.org/; - #try_files $uri $uri/ =404; - } -} - -# Stream -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - access_log /var/log/nginx/stream.tg16.gathering.org_ssl_access.log; - error_log /var/log/nginx/stream.tg16.gathering.org_ssl_error.log error; - server_name stream.tg16.gathering.org streams.tg16.gathering.org; - #add_header Strict-Transport-Security max-age=15768000; - add_header Strict-Transport-Security max-age=0; - #add_header Public-Key-Pins 'pin-sha256="47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="; pin-sha256="DqEaRBrMacYurT/HXzsxYONYXAyhWRgNa3/+g3920uQ="; max-age=5184000; includeSubDomains'; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; - ssl_prefer_server_ciphers on; - ssl_certificate /root/le/prodcerts/yoda.prod.pem; - ssl_certificate_key /root/le/keys/domain.key; - ssl_session_timeout 5m; - ssl_session_cache shared:SSL:50m; - client_max_body_size 10m; - ssl_stapling on; - ssl_stapling_verify on; - root /var/www/stream/; - index index.pl index.html; - location /hls { - types { - #application/vnd.apple.mpegurl m3u8; - application/x-mpegURL m3u8; - video/mp2t ts; - text/html htm; - } - root /var/www/; - add_header Cache-Control no-cache; - } - location /stat { - allow 185.110.150.0/25; - allow 2a06:5841:150a::/64; - allow 185.110.149.0/26; - allow 2a06:5841:149a::/64; - allow 185.110.148.0/26; - allow 2a06:5841:1337::/64; - allow 185.110.151.0/27; - allow 2a06:5841:151a::/64; - deny all; - rtmp_stat all; - rtmp_stat_stylesheet /stat.xsl; - } - location /stat.xsl { - allow 185.110.150.0/25; - allow 2a06:5841:150a::/64; - allow 185.110.149.0/26; - allow 2a06:5841:149a::/64; - allow 185.110.148.0/26; - allow 2a06:5841:1337::/64; - allow 185.110.151.0/27; - allow 2a06:5841:151a::/64; - deny all; - } - location ~ \.pl|cgi$ { - try_files $uri =404; - gzip off; - fastcgi_pass 127.0.0.1:8999; - fastcgi_index index.pl; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - } - location / { - return 301 http://$host$request_uri; - #try_files $uri $uri/ =404; - } -} - -# Stream -server { - listen 80; - listen [::]:80; - access_log /var/log/nginx/stream.tg16.gathering.org_access.log; - error_log /var/log/nginx/stream.tg16.gathering.org_error.log error; - server_name stream.tg16.gathering.org streams.tg16.gathering.org; - add_header Strict-Transport-Security max-age=0; - client_max_body_size 10m; - root /var/www/stream/; -# index index.pl index.html; - index index.pl index.py index.html; - location /hls { - types { - #application/vnd.apple.mpegurl m3u8; - application/x-mpegURL m3u8; - video/mp2t ts; - text/html htm; - } - root /var/www/; - add_header Cache-Control no-cache; - } - location /stat { - allow 185.110.150.0/25; - allow 2a06:5841:150a::/64; - allow 185.110.149.0/26; - allow 2a06:5841:149a::/64; - allow 185.110.148.0/26; - allow 2a06:5841:1337::/64; - allow 185.110.151.0/27; - allow 2a06:5841:151a::/64; - deny all; - rtmp_stat all; - rtmp_stat_stylesheet /stat.xsl; - } - location /stat.xsl { - allow 185.110.150.0/25; - allow 2a06:5841:150a::/64; - allow 185.110.149.0/26; - allow 2a06:5841:149a::/64; - allow 185.110.148.0/26; - allow 2a06:5841:1337::/64; - allow 185.110.151.0/27; - allow 2a06:5841:151a::/64; - deny all; - } - location ~ \.py { - try_files $uri =404; - fastcgi_pass unix:/tmp/index-fcgi.sock; - fastcgi_index index.py; - fastcgi_param PATH_INFO $fastcgi_path_info; - include fastcgi_params; - } - location ~ \.pl|cgi$ { - try_files $uri =404; - gzip off; - fastcgi_pass 127.0.0.1:8999; - fastcgi_index index.pl; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - } - location / { - try_files $uri $uri/ =404; - } -} - -# NMS-backend -upstream nms { - server obi-wan.tg16.gathering.org; - keepalive 32; -} - -# NMS -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - access_log /var/log/nginx/nms.tg16.gathering.org_ssl_access.log; - error_log /var/log/nginx/nms.tg16.gathering.org_ssl_error.log error; - server_name nms.tg16.gathering.org nms-public.tg16.gathering.org nms-api.tg16.gathering.org nms4.tg16.gathering.org nms6.tg16.gathering.org; - add_header Strict-Transport-Security max-age=15768000; - add_header Public-Key-Pins 'pin-sha256="47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="; pin-sha256="DqEaRBrMacYurT/HXzsxYONYXAyhWRgNa3/+g3920uQ="; max-age=5184000; includeSubDomains'; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; - ssl_prefer_server_ciphers on; - ssl_certificate /root/le/prodcerts/yoda.prod.pem; - ssl_certificate_key /root/le/keys/domain.key; - ssl_session_timeout 5m; - ssl_session_cache shared:SSL:50m; - client_max_body_size 10m; - ssl_stapling on; - ssl_stapling_verify on; - location / { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_pass http://nms; - proxy_http_version 1.1; - proxy_set_header Connection ""; - } -} - -# Stats -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - access_log /var/log/nginx/stats.tg16.gathering.org_ssl_access.log; - error_log /var/log/nginx/stats.tg16.gathering.org_ssl_error.log error; - server_name stats.tg16.gathering.org; - add_header Strict-Transport-Security max-age=15768000; - add_header Public-Key-Pins 'pin-sha256="47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="; pin-sha256="DqEaRBrMacYurT/HXzsxYONYXAyhWRgNa3/+g3920uQ="; max-age=5184000; includeSubDomains'; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; - ssl_prefer_server_ciphers on; - ssl_certificate /root/le/prodcerts/yoda.prod.pem; - ssl_certificate_key /root/le/keys/domain.key; - ssl_session_timeout 5m; - ssl_session_cache shared:SSL:50m; - client_max_body_size 10m; - ssl_stapling on; - ssl_stapling_verify on; - root /var/www/stats; - location / { - try_files $uri $uri/ =404; - } -} |