132 lines
4.2 KiB
Plaintext
132 lines
4.2 KiB
Plaintext
upstream backend_snipt {
|
|
server 127.0.0.1:8000;
|
|
}
|
|
{% if pillar.env_name != 'vagrant' %}
|
|
server {
|
|
listen 80;
|
|
server_name *.{{ pillar.hostname }};
|
|
|
|
if ($host ~* "^([^.]+(\.[^.]+)*)\.{{ pillar.hostname }}$"){
|
|
set $subd $1;
|
|
rewrite ^(.*)$ https://$subd.{{ pillar.hostname }}$1 permanent;
|
|
break;
|
|
}
|
|
}
|
|
server {
|
|
listen 80;
|
|
server_name {{ pillar.hostname }} www.{{ pillar.hostname }} beta.{{ pillar.hostname }};
|
|
rewrite ^(.*) https://{{ pillar.hostname }}$1 permanent;
|
|
}
|
|
server {
|
|
listen 443;
|
|
server_name www.{{ pillar.hostname }};
|
|
|
|
ssl on;
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
|
|
ssl_certificate /etc/certs/{{ pillar.hostname }}.crt;
|
|
ssl_certificate_key /etc/certs/{{ pillar.hostname }}.key;
|
|
|
|
rewrite ^(.*) https://{{ pillar.hostname }}$1 permanent;
|
|
}
|
|
server {
|
|
listen 443;
|
|
server_name {{ pillar.hostname }} *.{{ pillar.hostname }};
|
|
|
|
ssl on;
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
|
|
ssl_certificate /etc/certs/{{ pillar.hostname }}.crt;
|
|
ssl_certificate_key /etc/certs/{{ pillar.hostname }}.key;
|
|
|
|
location ~* /favicon.ico {
|
|
root /var/www/snipt/static/img/;
|
|
expires max;
|
|
}
|
|
|
|
location / {
|
|
|
|
# Open CORS config from https://gist.github.com/michiel/1064640.
|
|
if ($request_method = 'OPTIONS') {
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
add_header 'Access-Control-Allow-Credentials' 'true';
|
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
|
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
|
add_header 'Access-Control-Max-Age' 1728000;
|
|
add_header 'Content-Type' 'text/plain charset=UTF-8';
|
|
add_header 'Content-Length' 0;
|
|
return 204;
|
|
}
|
|
if ($request_method = 'POST') {
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
add_header 'Access-Control-Allow-Credentials' 'true';
|
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
|
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
|
}
|
|
if ($request_method = 'GET') {
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
add_header 'Access-Control-Allow-Credentials' 'true';
|
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
|
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
|
}
|
|
|
|
rewrite_by_lua '
|
|
if string.find(ngx.var.host, "_") then
|
|
local newHost, n = ngx.re.gsub(ngx.var.host, "_", "-")
|
|
ngx.redirect(ngx.var.scheme .. "://" .. newHost .. ngx.var.uri)
|
|
end
|
|
';
|
|
|
|
proxy_pass http://backend_snipt;
|
|
proxy_set_header Host $host;
|
|
|
|
}
|
|
|
|
location /static/ {
|
|
alias /var/www/snipt/static/;
|
|
expires max;
|
|
}
|
|
|
|
location /public/feed/ {
|
|
rewrite ^/public/feed/$ https://{{ pillar.hostname }}/public/?rss permanent;
|
|
}
|
|
}
|
|
server {
|
|
listen 80 default_server;
|
|
|
|
location / {
|
|
proxy_pass http://backend_snipt;
|
|
proxy_set_header Host $host;
|
|
}
|
|
|
|
location /static/ {
|
|
alias /var/www/snipt/static/;
|
|
expires max;
|
|
}
|
|
location ~* /favicon.ico {
|
|
root /var/www/snipt/static/img/;
|
|
expires max;
|
|
}
|
|
}
|
|
{% else %}
|
|
server {
|
|
listen 80 default_server;
|
|
|
|
location / {
|
|
proxy_pass http://backend_snipt;
|
|
proxy_set_header Host $host;
|
|
}
|
|
|
|
location /static/ {
|
|
alias /var/www/snipt/media/;
|
|
expires max;
|
|
}
|
|
location ~* /favicon.ico {
|
|
root /var/www/snipt/media/img/;
|
|
expires max;
|
|
}
|
|
}
|
|
{% endif %}
|