From 281232b3c94181232a350f7162475c6ac9704d43 Mon Sep 17 00:00:00 2001 From: "root@culturestrings" Date: Sun, 14 Jun 2020 21:39:42 +0000 Subject: nginx: make the vhost configuration files site-agnostic. --- .../fs/etc/nginx/vhosts.d/culturestrings.org.conf | 28 ---------- public/fs/etc/nginx/vhosts.d/dev.midipix.org.conf | 43 --------------- public/fs/etc/nginx/vhosts.d/dl.foss21.org.conf | 22 -------- public/fs/etc/nginx/vhosts.d/dl.midipix.org.conf | 22 -------- public/fs/etc/nginx/vhosts.d/docs.foss21.org.conf | 38 -------------- public/fs/etc/nginx/vhosts.d/git.foss21.org.conf | 60 --------------------- public/fs/etc/nginx/vhosts.d/git.midipix.org.conf | 60 --------------------- public/fs/etc/nginx/vhosts.d/midipix.org.conf | 33 ------------ .../fs/etc/nginx/vhosts.d/mirror.midipix.org.conf | 22 -------- .../nginx/vhosts.d/nginx-primary-subdomain-cfg.sh | 61 ++++++++++++++++++++++ .../etc/nginx/vhosts.d/nginx-primary-zone-cfg.sh | 59 +++++++++++++++++++++ .../fs/etc/nginx/vhosts.d/nginx-subdomain-cfg.sh | 16 ++++++ public/fs/etc/nginx/vhosts.d/nginx.cgit.conf.in | 60 +++++++++++++++++++++ public/fs/etc/nginx/vhosts.d/nginx.index.conf.in | 22 ++++++++ .../etc/nginx/vhosts.d/nginx.pagure.docs.conf.in | 38 ++++++++++++++ .../etc/nginx/vhosts.d/nginx.pagure.main.conf.in | 43 +++++++++++++++ .../fs/etc/nginx/vhosts.d/srcbase.foss21.org.conf | 22 -------- .../fs/etc/nginx/vhosts.d/srcbase.midipix.org.conf | 22 -------- .../vhosts.d/typography.culturestrings.org.conf | 22 -------- .../etc/nginx/vhosts.d/www.culturestrings.org.conf | 28 ---------- public/fs/etc/nginx/vhosts.d/www.midipix.org.conf | 33 ------------ 21 files changed, 299 insertions(+), 455 deletions(-) delete mode 100644 public/fs/etc/nginx/vhosts.d/culturestrings.org.conf delete mode 100644 public/fs/etc/nginx/vhosts.d/dev.midipix.org.conf delete mode 100644 public/fs/etc/nginx/vhosts.d/dl.foss21.org.conf delete mode 100644 public/fs/etc/nginx/vhosts.d/dl.midipix.org.conf delete mode 100644 public/fs/etc/nginx/vhosts.d/docs.foss21.org.conf delete mode 100644 public/fs/etc/nginx/vhosts.d/git.foss21.org.conf delete mode 100644 public/fs/etc/nginx/vhosts.d/git.midipix.org.conf delete mode 100644 public/fs/etc/nginx/vhosts.d/midipix.org.conf delete mode 100644 public/fs/etc/nginx/vhosts.d/mirror.midipix.org.conf create mode 100755 public/fs/etc/nginx/vhosts.d/nginx-primary-subdomain-cfg.sh create mode 100755 public/fs/etc/nginx/vhosts.d/nginx-primary-zone-cfg.sh create mode 100755 public/fs/etc/nginx/vhosts.d/nginx-subdomain-cfg.sh create mode 100644 public/fs/etc/nginx/vhosts.d/nginx.cgit.conf.in create mode 100644 public/fs/etc/nginx/vhosts.d/nginx.index.conf.in create mode 100644 public/fs/etc/nginx/vhosts.d/nginx.pagure.docs.conf.in create mode 100644 public/fs/etc/nginx/vhosts.d/nginx.pagure.main.conf.in delete mode 100644 public/fs/etc/nginx/vhosts.d/srcbase.foss21.org.conf delete mode 100644 public/fs/etc/nginx/vhosts.d/srcbase.midipix.org.conf delete mode 100644 public/fs/etc/nginx/vhosts.d/typography.culturestrings.org.conf delete mode 100644 public/fs/etc/nginx/vhosts.d/www.culturestrings.org.conf delete mode 100644 public/fs/etc/nginx/vhosts.d/www.midipix.org.conf (limited to 'public') diff --git a/public/fs/etc/nginx/vhosts.d/culturestrings.org.conf b/public/fs/etc/nginx/vhosts.d/culturestrings.org.conf deleted file mode 100644 index 1cd1362..0000000 --- a/public/fs/etc/nginx/vhosts.d/culturestrings.org.conf +++ /dev/null @@ -1,28 +0,0 @@ -server { - listen [::]:80; - server_name culturestrings.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name culturestrings.org; - - location /typography { - root /srv/www/htdocs/$host; - fancyindex on; - ssi on; - } - - location / { - root /srv/www/htdocs/$host/; - index index.html index.htm; - ssi on; - } - - ssl_certificate /srv/webroot/culturestrings.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/culturestrings.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/culturestrings.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/dev.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/dev.midipix.org.conf deleted file mode 100644 index bca8852..0000000 --- a/public/fs/etc/nginx/vhosts.d/dev.midipix.org.conf +++ /dev/null @@ -1,43 +0,0 @@ -server { - listen [::]:80; - server_name dev.midipix.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name dev.midipix.org; - root /srv/www/htdocs; - - - access_log /var/log/nginx/pagure_access.log; - error_log /var/log/nginx/pagure_error.log; - - - location @pagure { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://unix:/tmp/.pagure_web.sock; - } - - location / { - try_files $uri @pagure; - } - - location /static { - alias /usr/lib/python3.6/site-packages/pagure/static/; - } - - location /releases { - alias /srv/www/pagure-releases/; - autoindex on; - } - - ssl_certificate /srv/webroot/midipix.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/midipix.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/midipix.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/dl.foss21.org.conf b/public/fs/etc/nginx/vhosts.d/dl.foss21.org.conf deleted file mode 100644 index 36dd0bd..0000000 --- a/public/fs/etc/nginx/vhosts.d/dl.foss21.org.conf +++ /dev/null @@ -1,22 +0,0 @@ -server { - listen [::]:80; - server_name dl.foss21.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name dl.foss21.org; - - location / { - root /srv/www/htdocs/foss21.org/dl; - fancyindex on; - ssi on; - } - - ssl_certificate /srv/webroot/foss21.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/foss21.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/foss21.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/dl.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/dl.midipix.org.conf deleted file mode 100644 index 1b51e5a..0000000 --- a/public/fs/etc/nginx/vhosts.d/dl.midipix.org.conf +++ /dev/null @@ -1,22 +0,0 @@ -server { - listen [::]:80; - server_name dl.midipix.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name dl.midipix.org; - - location / { - root /srv/www/htdocs/midipix.org/dl; - fancyindex on; - ssi on; - } - - ssl_certificate /srv/webroot/midipix.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/midipix.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/midipix.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/docs.foss21.org.conf b/public/fs/etc/nginx/vhosts.d/docs.foss21.org.conf deleted file mode 100644 index bddbcd2..0000000 --- a/public/fs/etc/nginx/vhosts.d/docs.foss21.org.conf +++ /dev/null @@ -1,38 +0,0 @@ -server { - listen [::]:80; - server_name docs.foss21.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name docs.foss21.org; - root /srv/www/htdocs; - - - access_log /var/log/nginx/pagure_docs.access.log; - error_log /var/log/nginx/pagure_docs.error.log; - - - location @pagure_docs { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://unix:/tmp/.pagure_docs_web.sock; - } - - location / { - try_files $uri @pagure_docs; - } - - location /static { - alias /usr/lib/python3.6/site-packages/pagure/static/; - } - - ssl_certificate /srv/webroot/foss21.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/foss21.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/foss21.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/git.foss21.org.conf b/public/fs/etc/nginx/vhosts.d/git.foss21.org.conf deleted file mode 100644 index 39a7d46..0000000 --- a/public/fs/etc/nginx/vhosts.d/git.foss21.org.conf +++ /dev/null @@ -1,60 +0,0 @@ -server { - listen [::]:80; - server_name git.foss21.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name git.foss21.org; - root /srv/www/htdocs; - - # legacy (bookmarked) /cgit.git addresses - location /cgit.cgi { - rewrite ^/cgit.cgi(/.*)$ $1 last; - } - - # git-http-backend: initial clone GET request - location ~ ^(/namespace)?/(.+?)/info(/.*)?$ { - try_files $uri @git_http_backend; - } - - # git-http-backend: clone POST request - location ~ ^(/namespace)?/(.+?)/git-upload-pack { - try_files $uri @git_http_backend; - } - - # otherwise, cgit - location / { - try_files $uri @cgit; - } - - location @git_http_backend { - include uwsgi_params; - uwsgi_modifier1 9; - uwsgi_pass unix:/run/uwsgi/git.socket; - - uwsgi_param HTTP_HOST $server_name; - uwsgi_param GIT_PROJECT_ROOT /srv/git; - uwsgi_param PATH_INFO $uri; - uwsgi_param GIT_HTTP_EXPORT_ALL ""; - } - - location @cgit { - include uwsgi_params; - uwsgi_modifier1 9; - uwsgi_pass unix:/run/uwsgi/cgit.socket; - - uwsgi_param HTTP_HOST $server_name; - uwsgi_param CGIT_CONFIG /etc/cgit.d/cgitrc.foss21.org; - uwsgi_param SCRIPT_FILENAME $document_root/cgit.cgi; - uwsgi_param PATH_INFO $uri; - uwsgi_param QUERY_STRING $args; - } - - ssl_certificate /srv/webroot/foss21.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/foss21.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/foss21.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/git.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/git.midipix.org.conf deleted file mode 100644 index da9030a..0000000 --- a/public/fs/etc/nginx/vhosts.d/git.midipix.org.conf +++ /dev/null @@ -1,60 +0,0 @@ -server { - listen [::]:80; - server_name git.midipix.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name git.midipix.org; - root /srv/www/htdocs; - - # legacy (bookmarked) /cgit.git addresses - location /cgit.cgi { - rewrite ^/cgit.cgi(/.*)$ $1 last; - } - - # git-http-backend: initial clone GET request - location ~ ^(/namespace)?/(.+?)/info(/.*)?$ { - try_files $uri @git_http_backend; - } - - # git-http-backend: clone POST request - location ~ ^(/namespace)?/(.+?)/git-upload-pack { - try_files $uri @git_http_backend; - } - - # otherwise, cgit - location / { - try_files $uri @cgit; - } - - location @git_http_backend { - include uwsgi_params; - uwsgi_modifier1 9; - uwsgi_pass unix:/run/uwsgi/git.socket; - - uwsgi_param HTTP_HOST $server_name; - uwsgi_param GIT_PROJECT_ROOT /srv/git; - uwsgi_param PATH_INFO $uri; - uwsgi_param GIT_HTTP_EXPORT_ALL ""; - } - - location @cgit { - include uwsgi_params; - uwsgi_modifier1 9; - uwsgi_pass unix:/run/uwsgi/cgit.socket; - - uwsgi_param HTTP_HOST $server_name; - uwsgi_param CGIT_CONFIG /etc/cgit.d/cgitrc.midipix.org; - uwsgi_param SCRIPT_FILENAME $document_root/cgit.cgi; - uwsgi_param PATH_INFO $uri; - uwsgi_param QUERY_STRING $args; - } - - ssl_certificate /srv/webroot/midipix.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/midipix.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/midipix.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/midipix.org.conf b/public/fs/etc/nginx/vhosts.d/midipix.org.conf deleted file mode 100644 index 6ab2cb4..0000000 --- a/public/fs/etc/nginx/vhosts.d/midipix.org.conf +++ /dev/null @@ -1,33 +0,0 @@ -server { - listen [::]:80; - server_name midipix.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name midipix.org; - - location /dl { - root /srv/www/htdocs/$host; - fancyindex on; - ssi on; - } - - location /mirror { - root /srv/www/htdocs/$host; - fancyindex on; - ssi on; - } - - location / { - root /srv/www/htdocs/$host/; - index index.html index.htm; - ssi on; - } - - ssl_certificate /srv/webroot/midipix.org/ssl/gandi/midipix.org.pem; - ssl_certificate_key /srv/webroot/midipix.org/ssl/gandi/midipix.org.key; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/mirror.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/mirror.midipix.org.conf deleted file mode 100644 index 9bf532b..0000000 --- a/public/fs/etc/nginx/vhosts.d/mirror.midipix.org.conf +++ /dev/null @@ -1,22 +0,0 @@ -server { - listen [::]:80; - server_name mirror.midipix.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name mirror.midipix.org; - - location / { - root /srv/www/htdocs/midipix.org/mirror; - fancyindex on; - ssi on; - } - - ssl_certificate /srv/webroot/midipix.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/midipix.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/midipix.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/nginx-primary-subdomain-cfg.sh b/public/fs/etc/nginx/vhosts.d/nginx-primary-subdomain-cfg.sh new file mode 100755 index 0000000..748360e --- /dev/null +++ b/public/fs/etc/nginx/vhosts.d/nginx-primary-subdomain-cfg.sh @@ -0,0 +1,61 @@ +#!/bin/sh + +set -eu + +IFS=',' + +sitesubd="$1" +sitedirs="$2" +sitezone="${sitesubd#*.}" +sitepref="${sitesubd%%.*}" + +cfg_script="$0" +cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P) + +# header +cat << _EOF +server { + listen [::]:80; + server_name ${sitesubd}; + return 301 https://\$server_name\$request_uri; +} + +server { + listen [::]:443; + server_name ${sitesubd}; + +_EOF + +# indexed locations +for sitedir in ${sitedirs}; do + +cat << _EOF + location /${sitedir} { + root /srv/www/htdocs/\$host; + fancyindex on; + ssi on; + } + +_EOF + +done + +# root directory +cat << _EOF + location / { + root /srv/www/htdocs/\$host; + index index.html index.htm; + ssi on; + } + +_EOF + +# ssl and footer +cat << _EOF + ssl_certificate /srv/webroot/${sitezone}/ssl/fullchain.pem; + ssl_certificate_key /srv/webroot/${sitezone}/ssl/privkey.pem; + ssl_trusted_certificate /srv/webroot/${sitezone}/ssl/chain.pem; + + include conf.d/ssl_params; +} +_EOF diff --git a/public/fs/etc/nginx/vhosts.d/nginx-primary-zone-cfg.sh b/public/fs/etc/nginx/vhosts.d/nginx-primary-zone-cfg.sh new file mode 100755 index 0000000..f325fe1 --- /dev/null +++ b/public/fs/etc/nginx/vhosts.d/nginx-primary-zone-cfg.sh @@ -0,0 +1,59 @@ +#!/bin/sh + +set -eu + +IFS=',' + +sitezone="$1" +sitedirs="$2" + +cfg_script="$0" +cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P) + +# header +cat << _EOF +server { + listen [::]:80; + server_name ${sitezone}; + return 301 https://\$server_name\$request_uri; +} + +server { + listen [::]:443; + server_name ${sitezone}; + +_EOF + +# indexed locations +for sitedir in ${sitedirs}; do + +cat << _EOF + location /${sitedir} { + root /srv/www/htdocs/\$host; + fancyindex on; + ssi on; + } + +_EOF + +done + +# root directory +cat << _EOF + location / { + root /srv/www/htdocs/\$host; + index index.html index.htm; + ssi on; + } + +_EOF + +# ssl and footer +cat << _EOF + ssl_certificate /srv/webroot/${sitezone}/ssl/fullchain.pem; + ssl_certificate_key /srv/webroot/${sitezone}/ssl/privkey.pem; + ssl_trusted_certificate /srv/webroot/${sitezone}/ssl/chain.pem; + + include conf.d/ssl_params; +} +_EOF diff --git a/public/fs/etc/nginx/vhosts.d/nginx-subdomain-cfg.sh b/public/fs/etc/nginx/vhosts.d/nginx-subdomain-cfg.sh new file mode 100755 index 0000000..942e289 --- /dev/null +++ b/public/fs/etc/nginx/vhosts.d/nginx-subdomain-cfg.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +set -eu + +sitetype="$1" +sitesubd="$2" +sitezone="${sitesubd#*.}" +sitepref="${sitesubd%%.*}" + +cfg_script="$0" +cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P) + +sed -e 's/@sitesubd@/'"${sitesubd}"'/g' \ + -e 's/@sitezone@/'"${sitezone}"'/g' \ + -e 's/@sitepref@/'"${sitepref}"'/g' \ + "${cfg_srcdir}/nginx.${sitetype}.conf.in" diff --git a/public/fs/etc/nginx/vhosts.d/nginx.cgit.conf.in b/public/fs/etc/nginx/vhosts.d/nginx.cgit.conf.in new file mode 100644 index 0000000..f0ef55a --- /dev/null +++ b/public/fs/etc/nginx/vhosts.d/nginx.cgit.conf.in @@ -0,0 +1,60 @@ +server { + listen [::]:80; + server_name @sitesubd@; + return 301 https://$server_name$request_uri; +} + +server { + listen [::]:443; + server_name @sitesubd@; + root /srv/www/htdocs; + + # legacy (bookmarked) /cgit.git addresses + location /cgit.cgi { + rewrite ^/cgit.cgi(/.*)$ $1 last; + } + + # git-http-backend: initial clone GET request + location ~ ^(/namespace)?/(.+?)/info(/.*)?$ { + try_files $uri @git_http_backend; + } + + # git-http-backend: clone POST request + location ~ ^(/namespace)?/(.+?)/git-upload-pack { + try_files $uri @git_http_backend; + } + + # otherwise, cgit + location / { + try_files $uri @cgit; + } + + location @git_http_backend { + include uwsgi_params; + uwsgi_modifier1 9; + uwsgi_pass unix:/run/uwsgi/git.socket; + + uwsgi_param HTTP_HOST $server_name; + uwsgi_param GIT_PROJECT_ROOT /srv/git; + uwsgi_param PATH_INFO $uri; + uwsgi_param GIT_HTTP_EXPORT_ALL ""; + } + + location @cgit { + include uwsgi_params; + uwsgi_modifier1 9; + uwsgi_pass unix:/run/uwsgi/cgit.socket; + + uwsgi_param HTTP_HOST $server_name; + uwsgi_param CGIT_CONFIG /etc/cgit.d/cgitrc.@sitezone@; + uwsgi_param SCRIPT_FILENAME $document_root/cgit.cgi; + uwsgi_param PATH_INFO $uri; + uwsgi_param QUERY_STRING $args; + } + + ssl_certificate /srv/webroot/@sitezone@/ssl/fullchain.pem; + ssl_certificate_key /srv/webroot/@sitezone@/ssl/privkey.pem; + ssl_trusted_certificate /srv/webroot/@sitezone@/ssl/chain.pem; + + include conf.d/ssl_params; +} diff --git a/public/fs/etc/nginx/vhosts.d/nginx.index.conf.in b/public/fs/etc/nginx/vhosts.d/nginx.index.conf.in new file mode 100644 index 0000000..8cbae91 --- /dev/null +++ b/public/fs/etc/nginx/vhosts.d/nginx.index.conf.in @@ -0,0 +1,22 @@ +server { + listen [::]:80; + server_name @sitesubd@; + return 301 https://$server_name$request_uri; +} + +server { + listen [::]:443; + server_name @sitesubd@; + + location / { + root /srv/www/htdocs/@sitezone@/@sitepref@; + fancyindex on; + ssi on; + } + + ssl_certificate /srv/webroot/@sitezone@/ssl/fullchain.pem; + ssl_certificate_key /srv/webroot/@sitezone@/ssl/privkey.pem; + ssl_trusted_certificate /srv/webroot/@sitezone@/ssl/chain.pem; + + include conf.d/ssl_params; +} diff --git a/public/fs/etc/nginx/vhosts.d/nginx.pagure.docs.conf.in b/public/fs/etc/nginx/vhosts.d/nginx.pagure.docs.conf.in new file mode 100644 index 0000000..945fc9b --- /dev/null +++ b/public/fs/etc/nginx/vhosts.d/nginx.pagure.docs.conf.in @@ -0,0 +1,38 @@ +server { + listen [::]:80; + server_name @sitesubd@; + return 301 https://$server_name$request_uri; +} + +server { + listen [::]:443; + server_name @sitesubd@; + root /srv/www/htdocs; + + + access_log /var/log/nginx/pagure_docs.access.log; + error_log /var/log/nginx/pagure_docs.error.log; + + + location @pagure_docs { + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://unix:/tmp/.pagure_docs_web.sock; + } + + location / { + try_files $uri @pagure_docs; + } + + location /static { + alias /usr/lib/python3.6/site-packages/pagure/static/; + } + + ssl_certificate /srv/webroot/@sitezone@/ssl/fullchain.pem; + ssl_certificate_key /srv/webroot/@sitezone@/ssl/privkey.pem; + ssl_trusted_certificate /srv/webroot/@sitezone@/ssl/chain.pem; + + include conf.d/ssl_params; +} diff --git a/public/fs/etc/nginx/vhosts.d/nginx.pagure.main.conf.in b/public/fs/etc/nginx/vhosts.d/nginx.pagure.main.conf.in new file mode 100644 index 0000000..0441ac5 --- /dev/null +++ b/public/fs/etc/nginx/vhosts.d/nginx.pagure.main.conf.in @@ -0,0 +1,43 @@ +server { + listen [::]:80; + server_name @sitesubd@; + return 301 https://$server_name$request_uri; +} + +server { + listen [::]:443; + server_name @sitesubd@; + root /srv/www/htdocs; + + + access_log /var/log/nginx/pagure_access.log; + error_log /var/log/nginx/pagure_error.log; + + + location @pagure { + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://unix:/tmp/.pagure_web.sock; + } + + location / { + try_files $uri @pagure; + } + + location /static { + alias /usr/lib/python3.6/site-packages/pagure/static/; + } + + location /releases { + alias /srv/www/pagure-releases/; + autoindex on; + } + + ssl_certificate /srv/webroot/@sitezone@/ssl/fullchain.pem; + ssl_certificate_key /srv/webroot/@sitezone@/ssl/privkey.pem; + ssl_trusted_certificate /srv/webroot/@sitezone@/ssl/chain.pem; + + include conf.d/ssl_params; +} diff --git a/public/fs/etc/nginx/vhosts.d/srcbase.foss21.org.conf b/public/fs/etc/nginx/vhosts.d/srcbase.foss21.org.conf deleted file mode 100644 index ac9dafc..0000000 --- a/public/fs/etc/nginx/vhosts.d/srcbase.foss21.org.conf +++ /dev/null @@ -1,22 +0,0 @@ -server { - listen [::]:80; - server_name srcbase.foss21.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name srcbase.foss21.org; - - location / { - root /srv/www/htdocs/foss21.org/srcbase; - fancyindex on; - ssi on; - } - - ssl_certificate /srv/webroot/foss21.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/foss21.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/foss21.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/srcbase.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/srcbase.midipix.org.conf deleted file mode 100644 index cee190b..0000000 --- a/public/fs/etc/nginx/vhosts.d/srcbase.midipix.org.conf +++ /dev/null @@ -1,22 +0,0 @@ -server { - listen [::]:80; - server_name srcbase.midipix.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name srcbase.midipix.org; - - location / { - root /srv/www/htdocs/midipix.org/srcbase; - fancyindex on; - ssi on; - } - - ssl_certificate /srv/webroot/midipix.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/midipix.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/midipix.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/typography.culturestrings.org.conf b/public/fs/etc/nginx/vhosts.d/typography.culturestrings.org.conf deleted file mode 100644 index d44ac11..0000000 --- a/public/fs/etc/nginx/vhosts.d/typography.culturestrings.org.conf +++ /dev/null @@ -1,22 +0,0 @@ -server { - listen [::]:80; - server_name typography.culturestrings.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name typography.culturestrings.org; - - location / { - root /srv/www/htdocs/culturestrings.org/typography; - fancyindex on; - ssi on; - } - - ssl_certificate /srv/webroot/culturestrings.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/culturestrings.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/culturestrings.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/www.culturestrings.org.conf b/public/fs/etc/nginx/vhosts.d/www.culturestrings.org.conf deleted file mode 100644 index 7d17cfc..0000000 --- a/public/fs/etc/nginx/vhosts.d/www.culturestrings.org.conf +++ /dev/null @@ -1,28 +0,0 @@ -server { - listen [::]:80; - server_name www.culturestrings.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name www.culturestrings.org; - - location /typography { - root /srv/www/htdocs/$host; - fancyindex on; - ssi on; - } - - location / { - root /srv/www/htdocs/$host/; - index index.html index.htm; - ssi on; - } - - ssl_certificate /srv/webroot/culturestrings.org/ssl/fullchain.pem; - ssl_certificate_key /srv/webroot/culturestrings.org/ssl/privkey.pem; - ssl_trusted_certificate /srv/webroot/culturestrings.org/ssl/chain.pem; - - include conf.d/ssl_params; -} diff --git a/public/fs/etc/nginx/vhosts.d/www.midipix.org.conf b/public/fs/etc/nginx/vhosts.d/www.midipix.org.conf deleted file mode 100644 index 304212c..0000000 --- a/public/fs/etc/nginx/vhosts.d/www.midipix.org.conf +++ /dev/null @@ -1,33 +0,0 @@ -server { - listen [::]:80; - server_name www.midipix.org; - return 301 https://$server_name$request_uri; -} - -server { - listen [::]:443; - server_name www.midipix.org; - - location /dl { - root /srv/www/htdocs/$host; - fancyindex on; - ssi on; - } - - location /mirror { - root /srv/www/htdocs/$host; - fancyindex on; - ssi on; - } - - location / { - root /srv/www/htdocs/$host/; - index index.html index.htm; - ssi on; - } - - ssl_certificate /srv/webroot/midipix.org/ssl/gandi/midipix.org.pem; - ssl_certificate_key /srv/webroot/midipix.org/ssl/gandi/midipix.org.key; - - include conf.d/ssl_params; -} -- cgit v1.2.3