summaryrefslogtreecommitdiff
path: root/templates/etc/nginx/domain.erb
diff options
context:
space:
mode:
Diffstat (limited to 'templates/etc/nginx/domain.erb')
-rw-r--r--templates/etc/nginx/domain.erb173
1 files changed, 0 insertions, 173 deletions
diff --git a/templates/etc/nginx/domain.erb b/templates/etc/nginx/domain.erb
deleted file mode 100644
index 8beff14..0000000
--- a/templates/etc/nginx/domain.erb
+++ /dev/null
@@ -1,173 +0,0 @@
-# <%= domain %> proxy config
-
-# Set the max size for file uploads
-client_max_body_size 100M;
-
-# SNI Configuration
-server {
- listen 443 default;
- server_name _;
- ssl on;
- ssl_certificate /etc/ssl/certs/blank.crt;
- ssl_certificate_key /etc/ssl/private/blank.pem;
- return 403;
-}
-
-server {
- # see config tips at
- # http://blog.taragana.com/index.php/archive/nginx-hacking-tips/
-
- # Don't log anything
- access_log /dev/null;
- error_log /dev/null;
-
- # simple reverse-proxy
- listen 80;
- server_name *.<%= domain %> <%= domain %>
-
- # enable HSTS header
- add_header Strict-Transport-Security "max-age=15768000; includeSubdomains";
-
- # https redirection by default
- rewrite ^(.*) https://$host$1 redirect;
-
- # rewrite rules for backups.<%= domain %>
- #if ($host ~* ^backups\.<%= domain %>$) {
- # rewrite ^(.*) https://$host$1 redirect;
- # break;
- #}
-
- # rewrite rules for admin.<%= domain %>
- #if ($host ~* ^admin\.<%= domain %>$) {
- # rewrite ^(.*) https://$host$1 redirect;
- # break;
- #}
-
- # rewrite rules for munin.<%= domain %>
- #if ($host ~* ^munin\.<%= domain %>$) {
- # rewrite ^(.*) https://$host$1 redirect;
- # break;
- #}
-
- # rewrite rules for trac.<%= domain %>
- #if ($host ~* ^trac\.<%= domain %>$) {
- # rewrite ^(.*) https://$host$1 redirect;
- # break;
- #}
-
- # rewrite rules for nagios.<%= domain %>
- #if ($host ~* ^nagios\.<%= domain %>$) {
- # rewrite ^(.*) https://$host$1 redirect;
- # break;
- #}
-
- # rewrite rules for htpasswd.<%= domain %>
- #if ($host ~* ^htpasswd\.<%= domain %>$) {
- # rewrite ^(.*) https://$host$1 redirect;
- # break;
- #}
-
- # rewrite rules for postfixadmin.<%= domain %>
- #if ($host ~* ^postfixadmin\.<%= domain %>$) {
- # rewrite ^(.*) https://$host$1 redirect;
- # break;
- #}
-
- # rewrite rules for mail.<%= domain %>
- #if ($host ~* ^mail\.<%= domain %>$) {
- # rewrite ^(.*) https://$host$1 redirect;
- # break;
- #}
-
- # rewrite rules for lists.<%= domain %>
- #if ($host ~* ^lists\.<%= domain %>$) {
- # rewrite ^(.*) https://$host$1 redirect;
- # break;
- #}
-
- # pass requests for dynamic content
- location / {
- proxy_set_header Host $http_host;
- proxy_pass http://weblocal:80;
- }
-
-}
-
-server {
- # https reverse proxy
- listen 443;
- server_name *.<%= domain %> <%= domain %>;
-
- # Don't log anything
- access_log /dev/null;
- error_log /dev/null;
-
- ssl on;
- ssl_certificate /etc/ssl/certs/cert.crt;
- ssl_certificate_key /etc/ssl/private/cert.pem;
-
- ssl_session_timeout 5m;
-
- ssl_protocols SSLv3 TLSv1;
- ssl_ciphers HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH;
- ssl_prefer_server_ciphers on;
- ssl_dhparam /etc/ssl/dhparams/dhparams_2048.pem;
-
- # Set the max size for file uploads
- client_max_body_size 100M;
-
- location / {
- # preserve http header and set forwarded proto
- proxy_set_header Host $http_host;
- proxy_set_header X-Forwarded-Proto https;
-
- proxy_read_timeout 120;
- proxy_connect_timeout 120;
-
- # rewrite rules for admin.<%= domain %>
- if ($host ~* ^admin\.<%= domain %>$) {
- proxy_pass http://admin:80;
- break;
- }
-
- # rewrite rules for munin.<%= domain %>
- if ($host ~* ^munin\.<%= domain %>$) {
- proxy_pass http://admin:80;
- break;
- }
-
- # rewrite rules for trac.<%= domain %>
- if ($host ~* ^trac\.<%= domain %>$) {
- proxy_pass http://admin:80;
- break;
- }
-
- # rewrite rules for nagios.<%= domain %>
- if ($host ~* ^nagios\.<%= domain %>$) {
- proxy_pass http://admin:80;
- break;
- }
-
- # rewrite rules for postfixadmin.<%= domain %>
- if ($host ~* ^postfixadmin\.<%= domain %>$) {
- proxy_pass http://mail:80;
- break;
- }
-
- # rewrite rules for mail.<%= domain %>
- if ($host ~* ^mail\.<%= domain %>$) {
- proxy_pass http://mail:80;
- break;
- }
-
- # rewrite rules for lists.<%= domain %>
- if ($host ~* ^lists\.<%= domain %>$) {
- proxy_pass http://mail:80;
- break;
- }
-
- # default proxy pass
- proxy_pass http://weblocal:80;
- }
-
-}
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-05 14:49:39 +0000