From 01b2048dbf02ac726dabde5e846b9d6ac9aff0e6 Mon Sep 17 00:00:00 2001 From: drebs Date: Fri, 11 Mar 2011 14:53:39 -0300 Subject: initial recommit --- templates/etc/nginx/domain.erb | 161 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100644 templates/etc/nginx/domain.erb (limited to 'templates/etc/nginx/domain.erb') diff --git a/templates/etc/nginx/domain.erb b/templates/etc/nginx/domain.erb new file mode 100644 index 0000000..72f864a --- /dev/null +++ b/templates/etc/nginx/domain.erb @@ -0,0 +1,161 @@ +# <%= domain %> proxy config + +# Set the max size for file uploads +client_max_body_size 100M; + +server { + # see config tips at + # http://blog.taragana.com/index.php/archive/nginx-hacking-tips/ + + # Don't log anything + access_log /dev/null; + error_log /dev/null; + + # simple reverse-proxy + listen 80; + server_name *.<%= domain > <%= domain > + + # enable HSTS header + add_header Strict-Transport-Security max-age=15768000; + + # https redirection by default + rewrite ^(.*) https://$host$1 redirect; + + # rewrite rules for backups.<%= domain > + #if ($host ~* ^backups\.<%= domain %>$) { + # rewrite ^(.*) https://$host$1 redirect; + # break; + #} + + # rewrite rules for admin.<%= domain > + #if ($host ~* ^admin\.<%= domain %>$) { + # rewrite ^(.*) https://$host$1 redirect; + # break; + #} + + # rewrite rules for munin.<%= domain > + #if ($host ~* ^munin\.<%= domain %>$) { + # rewrite ^(.*) https://$host$1 redirect; + # break; + #} + + # rewrite rules for trac.<%= domain > + #if ($host ~* ^trac\.<%= domain %>$) { + # rewrite ^(.*) https://$host$1 redirect; + # break; + #} + + # rewrite rules for nagios.<%= domain > + #if ($host ~* ^nagios\.<%= domain %>$) { + # rewrite ^(.*) https://$host$1 redirect; + # break; + #} + + # rewrite rules for htpasswd.<%= domain > + #if ($host ~* ^htpasswd\.<%= domain %>$) { + # rewrite ^(.*) https://$host$1 redirect; + # break; + #} + + # rewrite rules for postfixadmin.<%= domain > + #if ($host ~* ^postfixadmin\.<%= domain %>$) { + # rewrite ^(.*) https://$host$1 redirect; + # break; + #} + + # rewrite rules for mail.<%= domain > + #if ($host ~* ^mail\.<%= domain %>$) { + # rewrite ^(.*) https://$host$1 redirect; + # break; + #} + + # rewrite rules for lists.<%= domain > + #if ($host ~* ^lists\.<%= domain %>$) { + # rewrite ^(.*) https://$host$1 redirect; + # break; + #} + + # pass requests for dynamic content + location / { + proxy_set_header Host $http_host; + proxy_pass http://weblocal:80; + } + +} + +server { + # https reverse proxy + listen 443; + server_name *.<%= domain > <%= domain >; + + # Don't log anything + access_log /dev/null; + error_log /dev/null; + + ssl on; + ssl_certificate /etc/ssl/certs/cert.crt; + ssl_certificate_key /etc/ssl/private/cert.pem; + + ssl_session_timeout 5m; + + ssl_protocols SSLv3 TLSv1; + ssl_ciphers HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH; + ssl_prefer_server_ciphers on; + + # Set the max size for file uploads + client_max_body_size 100M; + + location / { + # preserve http header + proxy_set_header Host $http_host; + + proxy_read_timeout 120; + proxy_connect_timeout 120; + + # rewrite rules for admin.<%= domain > + if ($host ~* ^admin\.<%= domain %>$) { + proxy_pass http://admin:80; + break; + } + + # rewrite rules for munin.<%= domain > + if ($host ~* ^munin\.<%= domain %>$) { + proxy_pass http://admin:80; + break; + } + + # rewrite rules for trac.<%= domain > + if ($host ~* ^trac\.<%= domain %>$) { + proxy_pass http://admin:80; + break; + } + + # rewrite rules for nagios.<%= domain > + if ($host ~* ^nagios\.<%= domain %>$) { + proxy_pass http://admin:80; + break; + } + + # rewrite rules for postfixadmin.<%= domain > + if ($host ~* ^postfixadmin\.<%= domain %>$) { + proxy_pass http://mail:80; + break; + } + + # rewrite rules for mail.<%= domain > + if ($host ~* ^mail\.<%= domain %>$) { + proxy_pass http://mail:80; + break; + } + + # rewrite rules for lists.<%= domain > + if ($host ~* ^lists\.<%= domain %>$) { + proxy_pass http://mail:80; + break; + } + + # default proxy pass + proxy_pass http://weblocal:80; + } + +} -- cgit v1.2.3