diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..22a2a1f --- /dev/null +++ b/nginx.conf @@ -0,0 +1,99 @@ +server { + server_name www.kirsle.net; + listen 443 ssl; + listen [::]:443 ssl; + + index index.cgi index.php index.html index.htm; + + access_log /home/kirsle/logs/access_log; + error_log /home/kirsle/logs/error_log; + + ssl on; + ssl_certificate /etc/letsencrypt/live/www.kirsle.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.kirsle.net/privkey.pem; + include ssl_params; + + root /home/kirsle/git/rophako; + + location /static { + alias /home/kirsle/www/static; + } + location /creativity { + alias /home/kirsle/www/creativity; + } + location /doc { + alias /home/kirsle/www/doc; + } + location /images { + alias /home/kirsle/www/images; + } + location /mail { + alias /home/kirsle/www/mail; + } + location /piwik { + alias /home/kirsle/www/piwik; + index index.php; + } + location /projects { + alias /home/kirsle/www/projects; + } + location /wizards { + alias /home/kirsle/www/wizards; + } + location /favicon.ico { + alias /home/kirsle/www/favicon.ico; + } + + # uwsgi + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_redirect off; + proxy_pass http://127.0.0.1:9000; + } + + # run php scripts + location ~ \.php$ { + include fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /home/kirsle/www$fastcgi_script_name; + } + + # legacy CGI scripts + # https://wiki.debian.org/nginx/FastCGI + location ~ \.cgi$ { + try_files $uri $uri/ /index.cgi; + gzip off; + root /home/kirsle/public_html; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + include fastcgi_params; + fastcgi_param SERVER_NAME $host; + } +} + +# Legacy kirsle domains over port 80 +server { + server_name kirsle.net www.kirsle.net .kirsle.com .kirsle.org .cuvou.com .cuvou.net .cuvou.org ckir.net .ckir.net; + listen 80; + listen [::]:80; + return 301 https://www.kirsle.net$request_uri; +} + +# SSL, but wrong domain +server { + server_name kirsle.net .kirsle.com .kirsle.org; + listen [::]:443 ssl; + listen 443 ssl; + + ssl on; + ssl_certificate /etc/letsencrypt/live/www.kirsle.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.kirsle.net/privkey.pem; + include ssl_params; + + return 301 https://www.kirsle.net$request_uri; +} +