diff options
author | root@culturestrings <root@culturestrings> | 2020-06-14 21:39:42 +0000 |
---|---|---|
committer | root@culturestrings <root@culturestrings> | 2020-06-14 21:39:42 +0000 |
commit | 281232b3c94181232a350f7162475c6ac9704d43 (patch) | |
tree | 90dae3003bf6d9939a6a1b0b63faf6a25018a02e /public/fs | |
parent | cc67b0cddd44756394b21b80f31e7829821babec (diff) | |
download | culturestrings-281232b3c94181232a350f7162475c6ac9704d43.tar.bz2 culturestrings-281232b3c94181232a350f7162475c6ac9704d43.tar.xz |
nginx: make the vhost configuration files site-agnostic.
Diffstat (limited to 'public/fs')
18 files changed, 174 insertions, 330 deletions
diff --git a/public/fs/etc/nginx/vhosts.d/culturestrings.org.conf b/public/fs/etc/nginx/vhosts.d/culturestrings.org.conf deleted file mode 100644 index 1cd1362..0000000 --- a/public/fs/etc/nginx/vhosts.d/culturestrings.org.conf +++ /dev/null @@ -1,28 +0,0 @@ -server { - listen [::]:80; - server_name culturestrings.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name culturestrings.org; - - location /typography { - root /srv/www/htdocs/$host; - fancyindex on; - ssi on; - } - - location / { - root /srv/www/htdocs/$host/; - index index.html index.htm; - ssi on; - } - - ssl_certificate /srv/webroot/culturestrings.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/culturestrings.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/culturestrings.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/dl.foss21.org.conf b/public/fs/etc/nginx/vhosts.d/dl.foss21.org.conf deleted file mode 100644 index 36dd0bd..0000000 --- a/public/fs/etc/nginx/vhosts.d/dl.foss21.org.conf +++ /dev/null @@ -1,22 +0,0 @@ -server { - listen [::]:80; - server_name dl.foss21.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name dl.foss21.org; - - location / { - root /srv/www/htdocs/foss21.org/dl; - fancyindex on; - ssi on; - } - - ssl_certificate /srv/webroot/foss21.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/foss21.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/foss21.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/dl.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/dl.midipix.org.conf deleted file mode 100644 index 1b51e5a..0000000 --- a/public/fs/etc/nginx/vhosts.d/dl.midipix.org.conf +++ /dev/null @@ -1,22 +0,0 @@ -server { - listen [::]:80; - server_name dl.midipix.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name dl.midipix.org; - - location / { - root /srv/www/htdocs/midipix.org/dl; - fancyindex on; - ssi on; - } - - ssl_certificate /srv/webroot/midipix.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/midipix.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/midipix.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/git.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/git.midipix.org.conf deleted file mode 100644 index da9030a..0000000 --- a/public/fs/etc/nginx/vhosts.d/git.midipix.org.conf +++ /dev/null @@ -1,60 +0,0 @@ -server { - listen [::]:80; - server_name git.midipix.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name git.midipix.org; - root /srv/www/htdocs; - - # legacy (bookmarked) /cgit.git addresses - location /cgit.cgi { - rewrite ^/cgit.cgi(/.*)$ $1 last; - } - - # git-http-backend: initial clone GET request - location ~ ^(/namespace)?/(.+?)/info(/.*)?$ { - try_files $uri @git_http_backend; - } - - # git-http-backend: clone POST request - location ~ ^(/namespace)?/(.+?)/git-upload-pack { - try_files $uri @git_http_backend; - } - - # otherwise, cgit - location / { - try_files $uri @cgit; - } - - location @git_http_backend { - include uwsgi_params; - uwsgi_modifier1 9; - uwsgi_pass unix:/run/uwsgi/git.socket; - - uwsgi_param HTTP_HOST $server_name; - uwsgi_param GIT_PROJECT_ROOT /srv/git; - uwsgi_param PATH_INFO $uri; - uwsgi_param GIT_HTTP_EXPORT_ALL ""; - } - - location @cgit { - include uwsgi_params; - uwsgi_modifier1 9; - uwsgi_pass unix:/run/uwsgi/cgit.socket; - - uwsgi_param HTTP_HOST $server_name; - uwsgi_param CGIT_CONFIG /etc/cgit.d/cgitrc.midipix.org; - uwsgi_param SCRIPT_FILENAME $document_root/cgit.cgi; - uwsgi_param PATH_INFO $uri; - uwsgi_param QUERY_STRING $args; - } - - ssl_certificate /srv/webroot/midipix.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/midipix.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/midipix.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/midipix.org.conf b/public/fs/etc/nginx/vhosts.d/midipix.org.conf deleted file mode 100644 index 6ab2cb4..0000000 --- a/public/fs/etc/nginx/vhosts.d/midipix.org.conf +++ /dev/null @@ -1,33 +0,0 @@ -server { - listen [::]:80; - server_name midipix.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name midipix.org; - - location /dl { - root /srv/www/htdocs/$host; - fancyindex on; - ssi on; - } - - location /mirror { - root /srv/www/htdocs/$host; - fancyindex on; - ssi on; - } - - location / { - root /srv/www/htdocs/$host/; - index index.html index.htm; - ssi on; - } - - ssl_certificate /srv/webroot/midipix.org/ssl/gandi/midipix.org.pem; - ssl_certificate_key /srv/webroot/midipix.org/ssl/gandi/midipix.org.key; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/mirror.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/mirror.midipix.org.conf deleted file mode 100644 index 9bf532b..0000000 --- a/public/fs/etc/nginx/vhosts.d/mirror.midipix.org.conf +++ /dev/null @@ -1,22 +0,0 @@ -server { - listen [::]:80; - server_name mirror.midipix.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name mirror.midipix.org; - - location / { - root /srv/www/htdocs/midipix.org/mirror; - fancyindex on; - ssi on; - } - - ssl_certificate /srv/webroot/midipix.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/midipix.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/midipix.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/nginx-primary-subdomain-cfg.sh b/public/fs/etc/nginx/vhosts.d/nginx-primary-subdomain-cfg.sh new file mode 100755 index 0000000..748360e --- /dev/null +++ b/public/fs/etc/nginx/vhosts.d/nginx-primary-subdomain-cfg.sh @@ -0,0 +1,61 @@ +#!/bin/sh + +set -eu + +IFS=',' + +sitesubd="$1" +sitedirs="$2" +sitezone="${sitesubd#*.}" +sitepref="${sitesubd%%.*}" + +cfg_script="$0" +cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P) + +# header +cat << _EOF +server { + listen [::]:80; + server_name ${sitesubd}; + return 301 https://\$server_name\$request_uri; +} + +server { + listen [::]:443; + server_name ${sitesubd}; + +_EOF + +# indexed locations +for sitedir in ${sitedirs}; do + +cat << _EOF + location /${sitedir} { + root /srv/www/htdocs/\$host; + fancyindex on; + ssi on; + } + +_EOF + +done + +# root directory +cat << _EOF + location / { + root /srv/www/htdocs/\$host; + index index.html index.htm; + ssi on; + } + +_EOF + +# ssl and footer +cat << _EOF + ssl_certificate /srv/webroot/${sitezone}/ssl/fullchain.pem; + ssl_certificate_key /srv/webroot/${sitezone}/ssl/privkey.pem; + ssl_trusted_certificate /srv/webroot/${sitezone}/ssl/chain.pem; + + include conf.d/ssl_params; +} +_EOF diff --git a/public/fs/etc/nginx/vhosts.d/nginx-primary-zone-cfg.sh b/public/fs/etc/nginx/vhosts.d/nginx-primary-zone-cfg.sh new file mode 100755 index 0000000..f325fe1 --- /dev/null +++ b/public/fs/etc/nginx/vhosts.d/nginx-primary-zone-cfg.sh @@ -0,0 +1,59 @@ +#!/bin/sh + +set -eu + +IFS=',' + +sitezone="$1" +sitedirs="$2" + +cfg_script="$0" +cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P) + +# header +cat << _EOF +server { + listen [::]:80; + server_name ${sitezone}; + return 301 https://\$server_name\$request_uri; +} + +server { + listen [::]:443; + server_name ${sitezone}; + +_EOF + +# indexed locations +for sitedir in ${sitedirs}; do + +cat << _EOF + location /${sitedir} { + root /srv/www/htdocs/\$host; + fancyindex on; + ssi on; + } + +_EOF + +done + +# root directory +cat << _EOF + location / { + root /srv/www/htdocs/\$host; + index index.html index.htm; + ssi on; + } + +_EOF + +# ssl and footer +cat << _EOF + ssl_certificate /srv/webroot/${sitezone}/ssl/fullchain.pem; + ssl_certificate_key /srv/webroot/${sitezone}/ssl/privkey.pem; + ssl_trusted_certificate /srv/webroot/${sitezone}/ssl/chain.pem; + + include conf.d/ssl_params; +} +_EOF diff --git a/public/fs/etc/nginx/vhosts.d/nginx-subdomain-cfg.sh b/public/fs/etc/nginx/vhosts.d/nginx-subdomain-cfg.sh new file mode 100755 index 0000000..942e289 --- /dev/null +++ b/public/fs/etc/nginx/vhosts.d/nginx-subdomain-cfg.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +set -eu + +sitetype="$1" +sitesubd="$2" +sitezone="${sitesubd#*.}" +sitepref="${sitesubd%%.*}" + +cfg_script="$0" +cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P) + +sed -e 's/@sitesubd@/'"${sitesubd}"'/g' \ + -e 's/@sitezone@/'"${sitezone}"'/g' \ + -e 's/@sitepref@/'"${sitepref}"'/g' \ + "${cfg_srcdir}/nginx.${sitetype}.conf.in" diff --git a/public/fs/etc/nginx/vhosts.d/git.foss21.org.conf b/public/fs/etc/nginx/vhosts.d/nginx.cgit.conf.in index 39a7d46..f0ef55a 100644 --- a/public/fs/etc/nginx/vhosts.d/git.foss21.org.conf +++ b/public/fs/etc/nginx/vhosts.d/nginx.cgit.conf.in @@ -1,12 +1,12 @@ server { listen [::]:80; - server_name git.foss21.org; + server_name @sitesubd@; return 301 https://$server_name$request_uri; } server { listen [::]:443; - server_name git.foss21.org; + server_name @sitesubd@; root /srv/www/htdocs; # legacy (bookmarked) /cgit.git addresses @@ -46,15 +46,15 @@ server { uwsgi_pass unix:/run/uwsgi/cgit.socket; uwsgi_param HTTP_HOST $server_name; - uwsgi_param CGIT_CONFIG /etc/cgit.d/cgitrc.foss21.org; + uwsgi_param CGIT_CONFIG /etc/cgit.d/cgitrc.@sitezone@; uwsgi_param SCRIPT_FILENAME $document_root/cgit.cgi; uwsgi_param PATH_INFO $uri; uwsgi_param QUERY_STRING $args; } - ssl_certificate /srv/webroot/foss21.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/foss21.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/foss21.org/ssl/chain.pem; + ssl_certificate /srv/webroot/@sitezone@/ssl/fullchain.pem; + ssl_certificate_key /srv/webroot/@sitezone@/ssl/privkey.pem; + ssl_trusted_certificate /srv/webroot/@sitezone@/ssl/chain.pem; include conf.d/ssl_params; } diff --git a/public/fs/etc/nginx/vhosts.d/nginx.index.conf.in b/public/fs/etc/nginx/vhosts.d/nginx.index.conf.in new file mode 100644 index 0000000..8cbae91 --- /dev/null +++ b/public/fs/etc/nginx/vhosts.d/nginx.index.conf.in @@ -0,0 +1,22 @@ +server { + listen [::]:80; + server_name @sitesubd@; + return 301 https://$server_name$request_uri; +} + +server { + listen [::]:443; + server_name @sitesubd@; + + location / { + root /srv/www/htdocs/@sitezone@/@sitepref@; + fancyindex on; + ssi on; + } + + ssl_certificate /srv/webroot/@sitezone@/ssl/fullchain.pem; + ssl_certificate_key /srv/webroot/@sitezone@/ssl/privkey.pem; + ssl_trusted_certificate /srv/webroot/@sitezone@/ssl/chain.pem; + + include conf.d/ssl_params; +} diff --git a/public/fs/etc/nginx/vhosts.d/docs.foss21.org.conf b/public/fs/etc/nginx/vhosts.d/nginx.pagure.docs.conf.in index bddbcd2..945fc9b 100644 --- a/public/fs/etc/nginx/vhosts.d/docs.foss21.org.conf +++ b/public/fs/etc/nginx/vhosts.d/nginx.pagure.docs.conf.in @@ -1,12 +1,12 @@ server { listen [::]:80; - server_name docs.foss21.org; + server_name @sitesubd@; return 301 https://$server_name$request_uri; } server { listen [::]:443; - server_name docs.foss21.org; + server_name @sitesubd@; root /srv/www/htdocs; @@ -30,9 +30,9 @@ server { alias /usr/lib/python3.6/site-packages/pagure/static/; } - ssl_certificate /srv/webroot/foss21.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/foss21.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/foss21.org/ssl/chain.pem; + ssl_certificate /srv/webroot/@sitezone@/ssl/fullchain.pem; + ssl_certificate_key /srv/webroot/@sitezone@/ssl/privkey.pem; + ssl_trusted_certificate /srv/webroot/@sitezone@/ssl/chain.pem; include conf.d/ssl_params; } diff --git a/public/fs/etc/nginx/vhosts.d/dev.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/nginx.pagure.main.conf.in index bca8852..0441ac5 100644 --- a/public/fs/etc/nginx/vhosts.d/dev.midipix.org.conf +++ b/public/fs/etc/nginx/vhosts.d/nginx.pagure.main.conf.in @@ -1,12 +1,12 @@ server { listen [::]:80; - server_name dev.midipix.org; + server_name @sitesubd@; return 301 https://$server_name$request_uri; } server { listen [::]:443; - server_name dev.midipix.org; + server_name @sitesubd@; root /srv/www/htdocs; @@ -35,9 +35,9 @@ server { autoindex on; } - ssl_certificate /srv/webroot/midipix.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/midipix.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/midipix.org/ssl/chain.pem; + ssl_certificate /srv/webroot/@sitezone@/ssl/fullchain.pem; + ssl_certificate_key /srv/webroot/@sitezone@/ssl/privkey.pem; + ssl_trusted_certificate /srv/webroot/@sitezone@/ssl/chain.pem; include conf.d/ssl_params; } diff --git a/public/fs/etc/nginx/vhosts.d/srcbase.foss21.org.conf b/public/fs/etc/nginx/vhosts.d/srcbase.foss21.org.conf deleted file mode 100644 index ac9dafc..0000000 --- a/public/fs/etc/nginx/vhosts.d/srcbase.foss21.org.conf +++ /dev/null @@ -1,22 +0,0 @@ -server { - listen [::]:80; - server_name srcbase.foss21.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name srcbase.foss21.org; - - location / { - root /srv/www/htdocs/foss21.org/srcbase; - fancyindex on; - ssi on; - } - - ssl_certificate /srv/webroot/foss21.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/foss21.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/foss21.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/srcbase.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/srcbase.midipix.org.conf deleted file mode 100644 index cee190b..0000000 --- a/public/fs/etc/nginx/vhosts.d/srcbase.midipix.org.conf +++ /dev/null @@ -1,22 +0,0 @@ -server { - listen [::]:80; - server_name srcbase.midipix.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name srcbase.midipix.org; - - location / { - root /srv/www/htdocs/midipix.org/srcbase; - fancyindex on; - ssi on; - } - - ssl_certificate /srv/webroot/midipix.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/midipix.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/midipix.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/typography.culturestrings.org.conf b/public/fs/etc/nginx/vhosts.d/typography.culturestrings.org.conf deleted file mode 100644 index d44ac11..0000000 --- a/public/fs/etc/nginx/vhosts.d/typography.culturestrings.org.conf +++ /dev/null @@ -1,22 +0,0 @@ -server { - listen [::]:80; - server_name typography.culturestrings.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name typography.culturestrings.org; - - location / { - root /srv/www/htdocs/culturestrings.org/typography; - fancyindex on; - ssi on; - } - - ssl_certificate /srv/webroot/culturestrings.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/culturestrings.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/culturestrings.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/www.culturestrings.org.conf b/public/fs/etc/nginx/vhosts.d/www.culturestrings.org.conf deleted file mode 100644 index 7d17cfc..0000000 --- a/public/fs/etc/nginx/vhosts.d/www.culturestrings.org.conf +++ /dev/null @@ -1,28 +0,0 @@ -server { - listen [::]:80; - server_name www.culturestrings.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name www.culturestrings.org; - - location /typography { - root /srv/www/htdocs/$host; - fancyindex on; - ssi on; - } - - location / { - root /srv/www/htdocs/$host/; - index index.html index.htm; - ssi on; - } - - ssl_certificate /srv/webroot/culturestrings.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/culturestrings.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/culturestrings.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/www.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/www.midipix.org.conf deleted file mode 100644 index 304212c..0000000 --- a/public/fs/etc/nginx/vhosts.d/www.midipix.org.conf +++ /dev/null @@ -1,33 +0,0 @@ -server { - listen [::]:80; - server_name www.midipix.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name www.midipix.org; - - location /dl { - root /srv/www/htdocs/$host; - fancyindex on; - ssi on; - } - - location /mirror { - root /srv/www/htdocs/$host; - fancyindex on; - ssi on; - } - - location / { - root /srv/www/htdocs/$host/; - index index.html index.htm; - ssi on; - } - - ssl_certificate /srv/webroot/midipix.org/ssl/gandi/midipix.org.pem; - ssl_certificate_key /srv/webroot/midipix.org/ssl/gandi/midipix.org.key; - - include conf.d/ssl_params; -} |