upstream backend_snipt { server 127.0.0.1:8000; } {% if pillar.env_name != 'vagrant' %} server { listen 80; server_name *.{{ pillar.hostname }}; if ($host ~* "^([^.]+(\.[^.]+)*)\.{{ pillar.hostname }}$"){ set $subd $1; rewrite ^(.*)$ https://$subd.{{ pillar.hostname }}$1 permanent; break; } } server { listen 80; server_name {{ pillar.hostname }} www.{{ pillar.hostname }} beta.{{ pillar.hostname }}; rewrite ^(.*) https://{{ pillar.hostname }}$1 permanent; } server { listen 443; server_name www.{{ pillar.hostname }}; ssl on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"; ssl_certificate /etc/certs/{{ pillar.hostname }}.crt; ssl_certificate_key /etc/certs/{{ pillar.hostname }}.key; rewrite ^(.*) https://{{ pillar.hostname }}$1 permanent; } server { listen 443; server_name {{ pillar.hostname }} *.{{ pillar.hostname }}; ssl on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"; ssl_certificate /etc/certs/{{ pillar.hostname }}.crt; ssl_certificate_key /etc/certs/{{ pillar.hostname }}.key; location ~* /favicon.ico { root /var/www/snipt/static/img/; expires max; } location / { # Open CORS config from https://gist.github.com/michiel/1064640. if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Length' 0; return 204; } if ($request_method = 'POST') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; } if ($request_method = 'GET') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; } rewrite_by_lua ' if string.find(ngx.var.host, "_") then local newHost, n = ngx.re.gsub(ngx.var.host, "_", "-") ngx.redirect(ngx.var.scheme .. "://" .. newHost .. ngx.var.uri) end '; proxy_pass http://backend_snipt; proxy_set_header Host $host; } location /static/ { alias /var/www/snipt/static/; expires max; } location /public/feed/ { rewrite ^/public/feed/$ https://{{ pillar.hostname }}/public/?rss permanent; } } server { listen 80 default_server; location / { proxy_pass http://backend_snipt; proxy_set_header Host $host; } location /static/ { alias /var/www/snipt/static/; expires max; } location ~* /favicon.ico { root /var/www/snipt/static/img/; expires max; } } {% else %} server { listen 80 default_server; location / { proxy_pass http://backend_snipt; proxy_set_header Host $host; } location /static/ { alias /var/www/snipt/media/; expires max; } location ~* /favicon.ico { root /var/www/snipt/media/img/; expires max; } } {% endif %}