From 9d1d0ada3a3e73a4b08c62d7d06f587d0907b335 Mon Sep 17 00:00:00 2001 From: Valentin Popov Date: Tue, 28 Apr 2020 15:34:13 +0400 Subject: Initial NGINX Signed-off-by: Valentin Popov --- debian/personal-vps/nginx/.gitignore | 20 +++++++ debian/personal-vps/nginx/README.md | 3 + debian/personal-vps/nginx/conf.d/code.conf | 27 +++++++++ debian/personal-vps/nginx/conf.d/default.conf | 15 +++++ debian/personal-vps/nginx/conf.d/gist.conf | 41 +++++++++++++ .../personal-vps/nginx/conf.d/redirect_http.conf | 8 +++ debian/personal-vps/nginx/conf.d/sync.conf | 27 +++++++++ debian/personal-vps/nginx/nginx.conf | 68 ++++++++++++++++++++++ 8 files changed, 209 insertions(+) create mode 100644 debian/personal-vps/nginx/.gitignore create mode 100644 debian/personal-vps/nginx/README.md create mode 100644 debian/personal-vps/nginx/conf.d/code.conf create mode 100644 debian/personal-vps/nginx/conf.d/default.conf create mode 100644 debian/personal-vps/nginx/conf.d/gist.conf create mode 100644 debian/personal-vps/nginx/conf.d/redirect_http.conf create mode 100644 debian/personal-vps/nginx/conf.d/sync.conf create mode 100644 debian/personal-vps/nginx/nginx.conf diff --git a/debian/personal-vps/nginx/.gitignore b/debian/personal-vps/nginx/.gitignore new file mode 100644 index 0000000..7904abd --- /dev/null +++ b/debian/personal-vps/nginx/.gitignore @@ -0,0 +1,20 @@ +### Linux ### + +*~ + +# temporary files which can be created if a process still has a handle open of a deleted file +.fuse_hidden* + +# KDE directory preferences +.directory + +# Linux trash folder which might appear on any partition or disk +.Trash-* + +# .nfs files are created when an open file is removed but is still being accessed +.nfs* + +### NGINX ### + +modules/ +ssl/ \ No newline at end of file diff --git a/debian/personal-vps/nginx/README.md b/debian/personal-vps/nginx/README.md new file mode 100644 index 0000000..c39ebd2 --- /dev/null +++ b/debian/personal-vps/nginx/README.md @@ -0,0 +1,3 @@ +# NGINX Settings + +Coming soon... \ No newline at end of file diff --git a/debian/personal-vps/nginx/conf.d/code.conf b/debian/personal-vps/nginx/conf.d/code.conf new file mode 100644 index 0000000..b0cf60d --- /dev/null +++ b/debian/personal-vps/nginx/conf.d/code.conf @@ -0,0 +1,27 @@ +map $http_upgrade $connection_upgrade { + default upgrade; + "" close; +} + +server { + charset utf-8; + listen 443 ssl http2; + listen [::]:443 ssl http2; + root /var/www/html; + server_name code.valentineus.link; + + access_log off; + error_log /var/log/nginx/code/error.log warn; + + location / { + proxy_http_version 1.1; + proxy_pass http://unix:/var/run/gitea/gitea.sock; + + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + } +} \ No newline at end of file diff --git a/debian/personal-vps/nginx/conf.d/default.conf b/debian/personal-vps/nginx/conf.d/default.conf new file mode 100644 index 0000000..fc9cd26 --- /dev/null +++ b/debian/personal-vps/nginx/conf.d/default.conf @@ -0,0 +1,15 @@ +server { + charset utf-8; + listen 443 ssl http2; + listen [::]:443 ssl http2; + root /usr/share/nginx/html; + server_name valentineus.link + *.valentineus.link; + + access_log /var/log/nginx/default/access.log; + error_log /var/log/nginx/default/error.log warn; + + location / { + index index.html; + } +} \ No newline at end of file diff --git a/debian/personal-vps/nginx/conf.d/gist.conf b/debian/personal-vps/nginx/conf.d/gist.conf new file mode 100644 index 0000000..cae6608 --- /dev/null +++ b/debian/personal-vps/nginx/conf.d/gist.conf @@ -0,0 +1,41 @@ +server { + charset utf-8; + listen 443 ssl http2; + listen [::]:443 ssl http2; + root /var/www/html/PrivateBin; + server_name gist.valentineus.link; + + access_log off; + error_log /var/log/nginx/gist/error.log warn; + + location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ { + access_log off; + expires 30d; + } + + location ~ ^/(data|cfg|tmp) { + deny all; + } + + location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ { + deny all; + } + + location ~ /\. { + deny all; + } + + location ~ [^/]\.(php|html|htm)(/|$) { + include fastcgi_params; + fastcgi_pass unix:/run/php/php7.3-fpm.sock; + fastcgi_index index.php; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + } + + location / { + index index.php; + try_files $uri $uri/ /index.php; + } +} \ No newline at end of file diff --git a/debian/personal-vps/nginx/conf.d/redirect_http.conf b/debian/personal-vps/nginx/conf.d/redirect_http.conf new file mode 100644 index 0000000..897d6d7 --- /dev/null +++ b/debian/personal-vps/nginx/conf.d/redirect_http.conf @@ -0,0 +1,8 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + return 301 https://$host$request_uri; + + access_log off; + error_log off; +} \ No newline at end of file diff --git a/debian/personal-vps/nginx/conf.d/sync.conf b/debian/personal-vps/nginx/conf.d/sync.conf new file mode 100644 index 0000000..c76466d --- /dev/null +++ b/debian/personal-vps/nginx/conf.d/sync.conf @@ -0,0 +1,27 @@ +map $http_upgrade $connection_upgrade { + default upgrade; + "" close; +} + +server { + charset utf-8; + listen 443 ssl http2; + listen [::]:443 ssl http2; + root /var/www/html; + server_name sync.valentineus.link; + + access_log off; + error_log /var/log/nginx/sync/error.log warn; + + location / { + proxy_http_version 1.1; + proxy_pass http://127.0.0.1:8384; + + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + } +} \ No newline at end of file diff --git a/debian/personal-vps/nginx/nginx.conf b/debian/personal-vps/nginx/nginx.conf new file mode 100644 index 0000000..904923d --- /dev/null +++ b/debian/personal-vps/nginx/nginx.conf @@ -0,0 +1,68 @@ +pid /run/nginx.pid; +user www-data; +worker_processes 1; + +events { + multi_accept on; + use epoll; + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + server_names_hash_bucket_size 128; + + # Logging + access_log off; + error_log /var/log/nginx/error.log warn; + + # Timings + keepalive_requests 100; + keepalive_timeout 30; + + # Connection timings + client_body_timeout 10; + client_max_body_size 3m; + reset_timedout_connection on; + send_timeout 2; + sendfile on; + + # Tuning packages + tcp_nodelay on; + tcp_nopush on; + + # Data compression + gzip on; + gzip_comp_level 9; + gzip_disable "msie6"; + gzip_proxied any; + gzip_types application/atom+xml application/javascript application/json application/rss+xml application/x-font-ttf application/x-javascript application/x-web-app-manifest+json application/xhtml+xml application/xml application/xml+rss font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component text/x-json text/xml; + gzip_vary on; + + # SSL certificates + ssl_certificate ssl/domain.pem; + ssl_certificate_key ssl/domain.key; + ssl_client_certificate ssl/cloudflare-origin.pem; + + # SSL configuration + ssl_verify_client on; + ssl_session_cache shared:MozSSL:10m; + ssl_session_tickets off; + ssl_session_timeout 1d; + + # Modern configuration + ssl_prefer_server_ciphers off; + ssl_protocols TLSv1.3; + + # HSTS (ngx_http_headers_module is required) (63072000 seconds) + add_header Strict-Transport-Security "max-age=63072000" always; + + # Caching + open_file_cache max=200000 inactive=20s; + open_file_cache_errors on; + open_file_cache_min_uses 2; + open_file_cache_valid 30s; + + include /etc/nginx/conf.d/*.conf; +} \ No newline at end of file -- cgit v1.2.3