First commit
This commit is contained in:
parent
a99da690f6
commit
d63fe26d1e
32
exemple.yml
Normal file
32
exemple.yml
Normal file
|
@ -0,0 +1,32 @@
|
|||
nginx_le_reload: drycronkey
|
||||
nginx_certs_renew_cron: drycronkey
|
||||
|
||||
nginx_vhost:
|
||||
- name: www.dryusdan.fr-80.conf
|
||||
server_name: www.dryusdan.fr
|
||||
listen: 80
|
||||
ipv6: true
|
||||
template: redirect
|
||||
redirect: "https://$host$request_uri"
|
||||
redirect_code: 301
|
||||
- name: www.dryusdan.fr-443.conf
|
||||
server_name: www.dryusdan.fr
|
||||
listen: 443
|
||||
ipv6: true
|
||||
ssl: true
|
||||
letsencrypt: true
|
||||
client_max_body_size: '10M'
|
||||
template: proxy
|
||||
proxy: 10.10.10.1:2987
|
||||
include_conf:
|
||||
- headers.conf
|
||||
- name: cash.dryusdan.fr-80.conf
|
||||
server_name: cash.dryusdan.fr
|
||||
listen: 80
|
||||
ipv6: false
|
||||
root: /var/www/cash_dryusdan_fr/public
|
||||
index: index.php
|
||||
template: php
|
||||
fastcgi_param:
|
||||
- name: HTTPS
|
||||
value: on
|
72
files/check_cert.sh
Normal file
72
files/check_cert.sh
Normal file
|
@ -0,0 +1,72 @@
|
|||
#!/bin/bash
|
||||
|
||||
RELOAD_NGINX=0
|
||||
|
||||
## Variables
|
||||
CSI="\033["
|
||||
CEND="${CSI}0m"
|
||||
CRED="${CSI}1;31m"
|
||||
CGREEN="${CSI}1;32m"
|
||||
CYELLOW="${CSI}1;33m"
|
||||
CBLUE="${CSI}1;34m"
|
||||
|
||||
|
||||
## Functions
|
||||
f_log() {
|
||||
LOG_TYPE=$1
|
||||
LOG_MESSAGE=$2
|
||||
|
||||
case "${LOG_TYPE}" in
|
||||
"INF")
|
||||
echo -e "${CBLUE}[NOTICE] $(date +%Y/%m/%d-%H:%M:%S) ${LOG_MESSAGE}${CEND}"
|
||||
;;
|
||||
"SUC")
|
||||
echo -e "${CGREEN}[SUCCESS] $(date +%Y/%m/%d-%H:%M:%S) ${LOG_MESSAGE}${CEND}"
|
||||
;;
|
||||
"WRN")
|
||||
echo -e "${CYELLOW}[WARNING] $(date +%Y/%m/%d-%H:%M:%S) ${LOG_MESSAGE}${CEND}"
|
||||
;;
|
||||
"ERR")
|
||||
echo -e "${CRED}[ERROR] $(date +%Y/%m/%d-%H:%M:%S) ${LOG_MESSAGE}${CEND}"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
f_check_certs() {
|
||||
LIST_DOMAINS=$(ls /etc/nginx/ssl/certificates | grep .crt | grep -v issuer | sed 's|.crt||g')
|
||||
|
||||
for domain in ${LIST_DOMAINS}; do
|
||||
CERTFILE=/etc/nginx/ssl/certificates/${domain}.crt
|
||||
KEYFILE=/etc/nginx/ssl/certificates/${domain}.key
|
||||
|
||||
SSL_ALGO="$(openssl x509 -text -in ${CERTFILE} | grep "Public Key Algorithm" | awk '{print $4}')"
|
||||
SSL_SIZE="$(openssl x509 -text -in ${CERTFILE} | grep "Public-Key" | sed 's/^.*(\(.*\) bit)$/\1/')"
|
||||
|
||||
if [ "${SSL_ALGO}" == "rsaEncryption" ]; then
|
||||
SSL_TYPE="rsa${SSL_SIZE}"
|
||||
elif [ "${SSL_ALGO}" == "id-ecPublicKey" ]; then
|
||||
SSL_TYPE="ec${SSL_SIZE}"
|
||||
fi
|
||||
|
||||
openssl x509 -checkend 864000 -noout -in "${CERTFILE}"
|
||||
if [ $? == 0 ]; then
|
||||
f_log INF "Certificate for ${domain} is good for another 10 days!"
|
||||
else
|
||||
f_log INF "Generate New Certificate for ${domain}"
|
||||
lego -a -m ssl@dryusdan.fr -d ${domain} --path /etc/nginx/ssl --webroot /var/www/letsencrypt/ -k ${SSL_TYPE} renew
|
||||
if [ -e ${CERTFILE} ]; then
|
||||
RELOAD_NGINX=1
|
||||
f_log INF "New Certificate for ${domain} generated"
|
||||
else
|
||||
f_log ERR "New Certificate for ${domain} not generated"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
f_check_certs
|
||||
|
||||
if [ ${RELOAD_NGINX} -eq 1 ]; then
|
||||
nginx -s reload
|
||||
fi
|
||||
|
34
files/etc/logrotate.d/nginx
Normal file
34
files/etc/logrotate.d/nginx
Normal file
|
@ -0,0 +1,34 @@
|
|||
/var/log/nginx/*.access.log {
|
||||
daily
|
||||
missingok
|
||||
rotate 365
|
||||
compress
|
||||
delaycompress
|
||||
notifempty
|
||||
create 0640 www-data adm
|
||||
sharedscripts
|
||||
olddir /var/log/archive-nginx
|
||||
prerotate
|
||||
endscript
|
||||
postrotate
|
||||
[ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
|
||||
endscript
|
||||
}
|
||||
|
||||
/var/log/nginx/*.error.log {
|
||||
daily
|
||||
missingok
|
||||
rotate 7
|
||||
compress
|
||||
delaycompress
|
||||
notifempty
|
||||
create 0640 www-data adm
|
||||
sharedscripts
|
||||
olddir /var/log/archive-nginx
|
||||
prerotate
|
||||
endscript
|
||||
postrotate
|
||||
[ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
|
||||
endscript
|
||||
}
|
||||
|
294
files/etc/nginx/conf.d/blacklist
Normal file
294
files/etc/nginx/conf.d/blacklist
Normal file
|
@ -0,0 +1,294 @@
|
|||
|
||||
deny 37.230.213.0/24; # 2018-05-22 spam campaign
|
||||
deny 95.181.218.128/25; # 2018-05-22 spam campaign
|
||||
deny 185.101.68.0/25; # 2018-05-22 spam campaign
|
||||
deny 185.101.69.0/25; # 2018-05-22 spam campaign
|
||||
deny 46.243.173.0/25; # 2018-05-22 spam campaign
|
||||
deny 5.62.152.0/25; # 2018-05-22 spam campaign
|
||||
deny 5.62.152.128/26; # 2018-05-22 spam campaign
|
||||
deny 5.62.152.192/27; # 2018-05-22 spam campaign
|
||||
deny 5.62.152.224/28; # 2018-05-22 spam campaign
|
||||
deny 5.62.152.240/29; # 2018-05-22 spam campaign
|
||||
deny 5.62.152.248/30; # 2018-05-22 spam campaign
|
||||
deny 5.62.152.252/31; # 2018-05-22 spam campaign
|
||||
deny 5.62.152.254/32; # 2018-05-22 spam campaign
|
||||
deny 178.57.65.128/25; # 2018-05-22 spam campaign
|
||||
deny 178.57.68.0/25; # 2018-05-22 spam campaign
|
||||
deny 185.101.71.0/24; # 2018-05-22 spam campaign
|
||||
deny 95.181.219.0/25; # 2018-05-22 spam campaign
|
||||
deny 5.8.38.0/24; # 2018-05-22 spam campaign
|
||||
deny 37.9.40.0/24; # 2018-05-22 spam campaign
|
||||
deny 5.62.159.0/24; # 2018-05-22 spam campaign
|
||||
deny 5.189.205.0/25; # 2018-05-22 spam campaign
|
||||
deny 37.230.212.0/24; # 2018-05-22 spam campaign
|
||||
deny 5.189.204.0/25; # 2018-05-22 spam campaign
|
||||
deny 178.57.66.128/25; # 2018-05-22 spam campaign
|
||||
deny 185.101.70.0/24; # 2018-05-22 spam campaign
|
||||
deny 178.57.68.128/25; # 2018-05-22 spam campaign
|
||||
deny 5.62.154.0/25; # 2018-05-22 spam campaign
|
||||
deny 178.57.65.0/25; # 2018-05-22 spam campaign
|
||||
deny 185.101.69.128/25; # 2018-05-22 spam campaign
|
||||
deny 5.62.157.0/24; # 2018-05-22 spam campaign
|
||||
deny 5.62.156.0/24; # 2018-05-22 spam campaign
|
||||
deny 5.62.158.0/24; # 2018-05-22 spam campaign
|
||||
deny 95.181.218.0/25; # 2018-05-22 spam campaign
|
||||
deny 5.62.154.128/25; # 2018-05-22 spam campaign
|
||||
deny 5.189.201.128/25; # 2018-05-22 spam campaign
|
||||
deny 185.13.32.0/25; # 2018-05-22 spam campaign
|
||||
deny 37.9.41.0/24; # 2018-05-22 spam campaign
|
||||
deny 5.189.202.0/25; # 2018-05-22 spam campaign
|
||||
deny 5.189.207.0/25; # 2018-05-22 spam campaign
|
||||
deny 5.62.153.0/24; # 2018-05-22 spam campaign
|
||||
deny 141.101.201.0/25; # 2018-05-22 spam campaign
|
||||
deny 178.57.66.0/25; # 2018-05-22 spam campaign
|
||||
deny 95.181.217.128/25; # 2018-05-22 spam campaign
|
||||
deny 5.189.202.128/25; # 2018-05-22 spam campaign
|
||||
deny 95.181.217.0/25; # 2018-05-22 spam campaign
|
||||
deny 37.18.42.128/25; # 2018-05-22 spam campaign
|
||||
deny 188.68.1.0/25; # 2018-05-22 spam campaign
|
||||
deny 188.68.1.128/26; # 2018-05-22 spam campaign
|
||||
deny 188.68.1.192/27; # 2018-05-22 spam campaign
|
||||
deny 188.68.1.224/28; # 2018-05-22 spam campaign
|
||||
deny 188.68.1.240/29; # 2018-05-22 spam campaign
|
||||
deny 188.68.1.248/30; # 2018-05-22 spam campaign
|
||||
deny 188.68.1.252/31; # 2018-05-22 spam campaign
|
||||
deny 188.68.1.254/32; # 2018-05-22 spam campaign
|
||||
deny 91.243.93.0/24; # 2018-05-22 spam campaign
|
||||
deny 146.185.203.0/25; # 2018-05-22 spam campaign
|
||||
deny 46.243.173.128/25; # 2018-05-22 spam campaign
|
||||
deny 146.185.201.128/25; # 2018-05-22 spam campaign
|
||||
deny 188.72.126.0/25; # 2018-05-22 spam campaign
|
||||
deny 141.101.201.128/25; # 2018-05-22 spam campaign
|
||||
deny 178.57.67.128/25; # 2018-05-22 spam campaign
|
||||
deny 79.110.25.0/25; # 2018-05-22 spam campaign
|
||||
deny 188.72.96.0/25; # 2018-05-22 spam campaign
|
||||
deny 91.243.91.0/25; # 2018-05-22 spam campaign
|
||||
deny 37.9.47.0/24; # 2018-05-22 spam campaign
|
||||
deny 5.8.37.128/25; # 2018-05-22 spam campaign
|
||||
deny 146.185.202.0/25; # 2018-05-22 spam campaign
|
||||
deny 91.204.15.128/25; # 2018-05-22 spam campaign
|
||||
deny 5.8.39.128/25; # 2018-05-22 spam campaign
|
||||
deny 146.185.201.0/25; # 2018-05-22 spam campaign
|
||||
deny 185.89.100.0/25; # 2018-05-22 spam campaign
|
||||
deny 185.14.195.0/25; # 2018-05-22 spam campaign
|
||||
deny 91.204.15.0/25; # 2018-05-22 spam campaign
|
||||
deny 46.161.63.128/25; # 2018-05-22 spam campaign
|
||||
deny 5.101.218.0/25; # 2018-05-22 spam campaign
|
||||
deny 46.161.62.128/25; # 2018-05-22 spam campaign
|
||||
deny 93.179.88.0/25; # 2018-05-22 spam campaign
|
||||
deny 5.101.216.128/25; # 2018-05-22 spam campaign
|
||||
deny 185.14.194.128/25; # 2018-05-22 spam campaign
|
||||
deny 185.89.101.128/25; # 2018-05-22 spam campaign
|
||||
deny 146.185.200.128/25; # 2018-05-22 spam campaign
|
||||
deny 5.101.216.0/25; # 2018-05-22 spam campaign
|
||||
deny 185.89.101.0/25; # 2018-05-22 spam campaign
|
||||
deny 5.8.36.128/25; # 2018-05-22 spam campaign
|
||||
deny 146.185.203.128/25; # 2018-05-22 spam campaign
|
||||
deny 5.8.37.0/25; # 2018-05-22 spam campaign
|
||||
deny 185.2.32.128/25; # 2018-05-22 spam campaign
|
||||
deny 91.243.90.0/25; # 2018-05-22 spam campaign
|
||||
deny 5.62.155.0/25; # 2018-05-22 spam campaign
|
||||
deny 5.62.155.128/26; # 2018-05-22 spam campaign
|
||||
deny 5.62.155.192/27; # 2018-05-22 spam campaign
|
||||
deny 5.62.155.224/28; # 2018-05-22 spam campaign
|
||||
deny 5.62.155.240/29; # 2018-05-22 spam campaign
|
||||
deny 5.62.155.248/30; # 2018-05-22 spam campaign
|
||||
deny 5.62.155.252/31; # 2018-05-22 spam campaign
|
||||
deny 5.62.155.254/32; # 2018-05-22 spam campaign
|
||||
deny 95.181.219.128/25; # 2018-05-22 spam campaign
|
||||
deny 95.181.216.0/25; # 2018-05-22 spam campaign
|
||||
deny 37.18.42.0/25; # 2018-05-22 spam campaign
|
||||
deny 5.8.36.0/25; # 2018-05-22 spam campaign
|
||||
deny 146.185.202.128/25; # 2018-05-22 spam campaign
|
||||
deny 188.72.126.128/25; # 2018-05-22 spam campaign
|
||||
deny 5.8.39.0/25; # 2018-05-22 spam campaign
|
||||
deny 91.204.14.128/25; # 2018-05-22 spam campaign
|
||||
deny 91.243.91.128/25; # 2018-05-22 spam campaign
|
||||
deny 91.243.90.128/25; # 2018-05-22 spam campaign
|
||||
deny 37.9.46.0/24; # 2018-05-22 spam campaign
|
||||
deny 193.93.195.0/24; # 2018-05-22 spam campaign
|
||||
deny 185.106.104.0/23; # 2018-05-22 spam campaign
|
||||
deny 91.200.80.128/25; # 2018-05-22 spam campaign
|
||||
deny 185.46.85.0/25; # 2018-05-22 spam campaign
|
||||
deny 185.50.250.0/24; # 2018-05-22 spam campaign
|
||||
deny 79.110.18.0/24; # 2018-05-22 spam campaign
|
||||
deny 46.161.57.0/25; # 2018-05-22 spam campaign
|
||||
deny 185.2.32.0/25; # 2018-05-22 spam campaign
|
||||
deny 91.200.81.128/25; # 2018-05-22 spam campaign
|
||||
deny 185.14.195.128/25; # 2018-05-22 spam campaign
|
||||
deny 91.200.80.0/25; # 2018-05-22 spam campaign
|
||||
deny 46.148.112.0/24; # 2018-05-22 spam campaign
|
||||
deny 5.101.218.128/25; # 2018-05-22 spam campaign
|
||||
deny 79.110.28.128/25; # 2018-05-22 spam campaign
|
||||
deny 185.71.0.0/24; # 2018-05-22 spam campaign
|
||||
deny 193.93.192.0/24; # 2018-05-22 spam campaign
|
||||
deny 185.71.3.0/24; # 2018-05-22 spam campaign
|
||||
deny 185.71.1.0/24; # 2018-05-22 spam campaign
|
||||
deny 37.9.44.0/24; # 2018-05-22 spam campaign
|
||||
deny 185.71.2.0/24; # 2018-05-22 spam campaign
|
||||
deny 93.179.90.0/25; # 2018-05-22 spam campaign
|
||||
deny 185.46.86.128/25; # 2018-05-22 spam campaign
|
||||
deny 188.68.3.0/24; # 2018-05-22 spam campaign
|
||||
deny 91.200.83.0/25; # 2018-05-22 spam campaign
|
||||
deny 193.9.158.0/25; # 2018-05-22 spam campaign
|
||||
deny 46.148.127.0/24; # 2018-05-22 spam campaign
|
||||
deny 91.200.82.0/25; # 2018-05-22 spam campaign
|
||||
deny 185.46.85.128/25; # 2018-05-22 spam campaign
|
||||
deny 5.189.200.0/25; # 2018-05-22 spam campaign
|
||||
deny 185.14.194.0/25; # 2018-05-22 spam campaign
|
||||
deny 91.243.89.0/24; # 2018-05-22 spam campaign
|
||||
deny 46.161.62.0/25; # 2018-05-22 spam campaign
|
||||
deny 185.14.193.0/24; # 2018-05-22 spam campaign
|
||||
deny 185.14.192.0/24; # 2018-05-22 spam campaign
|
||||
deny 193.9.158.128/25; # 2018-05-22 spam campaign
|
||||
deny 79.110.19.0/24; # 2018-05-22 spam campaign
|
||||
deny 37.9.45.0/24; # 2018-05-22 spam campaign
|
||||
deny 178.159.107.0/24; # 2018-05-22 spam campaign
|
||||
deny 91.200.81.0/25; # 2018-05-22 spam campaign
|
||||
deny 91.204.14.0/25; # 2018-05-22 spam campaign
|
||||
deny 91.243.94.0/24; # 2018-05-22 spam campaign
|
||||
deny 5.189.206.0/25; # 2018-05-22 spam campaign
|
||||
deny 79.110.17.0/24; # 2018-05-22 spam campaign
|
||||
deny 188.72.96.128/25; # 2018-05-22 spam campaign
|
||||
deny 79.110.28.0/25; # 2018-05-22 spam campaign
|
||||
deny 91.243.92.0/24; # 2018-05-22 spam campaign
|
||||
deny 185.50.251.0/24; # 2018-05-22 spam campaign
|
||||
deny 146.185.205.128/25; # 2018-05-22 spam campaign
|
||||
deny 178.57.67.0/25; # 2018-05-22 spam campaign
|
||||
deny 185.89.100.128/25; # 2018-05-22 spam campaign
|
||||
deny 146.185.204.0/25; # 2018-05-22 spam campaign
|
||||
deny 79.110.25.0/24; # 2018-05-22 spam campaign
|
||||
deny 5.101.217.128/25; # 2018-05-22 spam campaign
|
||||
deny 185.13.33.0/24; # 2018-05-22 spam campaign
|
||||
deny 95.85.68.0/24; # 2018-05-22 spam campaign
|
||||
deny 95.85.69.0/24; # 2018-05-22 spam campaign
|
||||
deny 185.251.22.0/23; # 2018-05-22 spam campaign
|
||||
deny 185.251.182.0/23; # 2018-05-22 spam campaign
|
||||
deny 46.161.60.0/25; # 2018-05-22 spam campaign
|
||||
deny 5.101.220.0/25; # 2018-05-22 spam campaign
|
||||
deny 5.189.203.0/25; # 2018-05-22 spam campaign
|
||||
deny 193.93.194.0/24; # 2018-05-22 spam campaign
|
||||
deny 5.101.219.128/25; # 2018-05-22 spam campaign
|
||||
deny 46.161.57.128/25; # 2018-05-22 spam campaign
|
||||
deny 5.101.222.0/25; # 2018-05-22 spam campaign
|
||||
deny 193.93.193.0/24; # 2018-05-22 spam campaign
|
||||
deny 146.185.200.0/25; # 2018-05-22 spam campaign
|
||||
deny 5.189.201.0/25; # 2018-05-22 spam campaign
|
||||
deny 5.101.221.0/25; # 2018-05-22 spam campaign
|
||||
deny 141.101.132.128/25; # 2018-05-22 spam campaign
|
||||
deny 146.185.205.0/25; # 2018-05-22 spam campaign
|
||||
deny 5.189.200.128/25; # 2018-05-22 spam campaign
|
||||
deny 5.101.221.128/25; # 2018-05-22 spam campaign
|
||||
deny 5.101.222.128/25; # 2018-05-22 spam campaign
|
||||
deny 5.101.219.0/25; # 2018-05-22 spam campaign
|
||||
deny 5.101.220.128/25; # 2018-05-22 spam campaign
|
||||
deny 185.250.42.0/23; # 2018-05-22 spam campaign
|
||||
deny 5.8.46.128/25; # 2018-05-22 spam campaign
|
||||
deny 5.189.206.128/25; # 2018-05-22 spam campaign
|
||||
deny 95.85.71.0/24; # 2018-05-22 spam campaign
|
||||
deny 185.252.186.0/23; # 2018-05-22 spam campaign
|
||||
deny 188.72.127.128/25; # 2018-05-22 spam campaign
|
||||
deny 185.251.14.0/23; # 2018-05-22 spam campaign
|
||||
deny 185.251.70.0/23; # 2018-05-22 spam campaign
|
||||
deny 5.101.217.0/25; # 2018-05-22 spam campaign
|
||||
deny 185.46.86.0/25; # 2018-05-22 spam campaign
|
||||
deny 146.185.204.128/25; # 2018-05-22 spam campaign
|
||||
deny 141.101.132.0/25; # 2018-05-22 spam campaign
|
||||
deny 188.72.127.0/25; # 2018-05-22 spam campaign
|
||||
deny 146.185.206.0/25; # 2018-05-22 spam campaign
|
||||
deny 185.46.84.128/25; # 2018-05-22 spam campaign
|
||||
deny 5.189.207.128/25; # 2018-05-22 spam campaign
|
||||
deny 5.8.46.0/25; # 2018-05-22 spam campaign
|
||||
deny 95.85.70.0/24; # 2018-05-22 spam campaign
|
||||
deny 5.189.205.128/25; # 2018-05-22 spam campaign
|
||||
deny 146.185.206.128/25; # 2018-05-22 spam campaign
|
||||
deny 46.161.63.0/25; # 2018-05-22 spam campaign
|
||||
deny 188.68.0.0/22; # 2018-05-22 spam campaign
|
||||
deny 5.62.152.0/22; # 2018-05-22 spam campaign
|
||||
deny 178.57.65.0/24; # 2018-05-22 spam campaign
|
||||
deny 178.57.66.0/23; # 2018-05-22 spam campaign
|
||||
deny 178.57.68.0/24; # 2018-05-22 spam campaign
|
||||
deny 188.72.96.0/24; # 2018-05-22 spam campaign
|
||||
deny 188.72.126.0/24; # 2018-05-22 spam campaign
|
||||
deny 141.101.132.0/24; # 2018-05-22 spam campaign
|
||||
deny 141.101.201.0/24; # 2018-05-22 spam campaign
|
||||
deny 146.185.200.0/24; # 2018-05-22 spam campaign
|
||||
deny 146.185.201.0/24; # 2018-05-22 spam campaign
|
||||
deny 146.185.202.0/24; # 2018-05-22 spam campaign
|
||||
deny 146.185.203.0/24; # 2018-05-22 spam campaign
|
||||
deny 146.185.204.0/24; # 2018-05-22 spam campaign
|
||||
deny 146.185.205.0/24; # 2018-05-22 spam campaign
|
||||
deny 146.185.206.0/24; # 2018-05-22 spam campaign
|
||||
deny 178.159.97.0/24; # 2018-05-22 spam campaign
|
||||
deny 178.57.65.0/24; # 2018-05-22 spam campaign
|
||||
deny 178.57.66.0/24; # 2018-05-22 spam campaign
|
||||
deny 178.57.67.0/24; # 2018-05-22 spam campaign
|
||||
deny 178.57.68.0/24; # 2018-05-22 spam campaign
|
||||
deny 179.61.200.0/23; # 2018-05-22 spam campaign
|
||||
deny 181.214.37.0/24; # 2018-05-22 spam campaign
|
||||
deny 185.101.68.0/24; # 2018-05-22 spam campaign
|
||||
deny 185.101.71.0/24; # 2018-05-22 spam campaign
|
||||
deny 185.14.192.0/24; # 2018-05-22 spam campaign
|
||||
deny 185.14.193.0/24; # 2018-05-22 spam campaign
|
||||
deny 185.14.195.0/24; # 2018-05-22 spam campaign
|
||||
deny 185.2.32.0/24; # 2018-05-22 spam campaign
|
||||
deny 185.46.84.0/22; # 2018-05-22 spam campaign
|
||||
deny 185.50.250.0/24; # 2018-05-22 spam campaign
|
||||
deny 185.50.251.0/24; # 2018-05-22 spam campaign
|
||||
deny 185.71.0.0/22; # 2018-05-22 spam campaign
|
||||
deny 188.68.0.0/24; # 2018-05-22 spam campaign
|
||||
deny 188.68.1.0/24; # 2018-05-22 spam campaign
|
||||
deny 188.68.3.0/24; # 2018-05-22 spam campaign
|
||||
deny 188.72.126.0/24; # 2018-05-22 spam campaign
|
||||
deny 188.72.127.0/24; # 2018-05-22 spam campaign
|
||||
deny 188.72.96.0/24; # 2018-05-22 spam campaign
|
||||
deny 191.101.24.0/24; # 2018-05-22 spam campaign
|
||||
deny 191.101.54.0/23; # 2018-05-22 spam campaign
|
||||
deny 193.105.171.0/24; # 2018-05-22 spam campaign
|
||||
deny 193.9.158.0/24; # 2018-05-22 spam campaign
|
||||
deny 193.93.192.0/24; # 2018-05-22 spam campaign
|
||||
deny 193.93.195.0/24; # 2018-05-22 spam campaign
|
||||
deny 37.9.42.0/24; # 2018-05-22 spam campaign
|
||||
deny 46.148.112.0/24; # 2018-05-22 spam campaign
|
||||
deny 46.148.120.0/24; # 2018-05-22 spam campaign
|
||||
deny 46.148.127.0/24; # 2018-05-22 spam campaign
|
||||
deny 46.161.56.0/24; # 2018-05-22 spam campaign
|
||||
deny 46.161.57.0/24; # 2018-05-22 spam campaign
|
||||
deny 46.161.58.0/24; # 2018-05-22 spam campaign
|
||||
deny 46.161.59.0/24; # 2018-05-22 spam campaign
|
||||
deny 46.161.60.0/24; # 2018-05-22 spam campaign
|
||||
deny 46.161.61.0/24; # 2018-05-22 spam campaign
|
||||
deny 46.161.62.0/24; # 2018-05-22 spam campaign
|
||||
deny 46.161.63.0/24; # 2018-05-22 spam campaign
|
||||
deny 46.243.173.0/24; # 2018-05-22 spam campaign
|
||||
deny 5.188.216.0/24; # 2018-05-22 spam campaign
|
||||
deny 79.110.17.0/24; # 2018-05-22 spam campaign
|
||||
deny 79.110.18.0/24; # 2018-05-22 spam campaign
|
||||
deny 79.110.19.0/24; # 2018-05-22 spam campaign
|
||||
deny 79.110.22.0/24; # 2018-05-22 spam campaign
|
||||
deny 79.110.25.0/24; # 2018-05-22 spam campaign
|
||||
deny 79.133.107.0/24; # 2018-05-22 spam campaign
|
||||
deny 91.200.164.0/22; # 2018-05-22 spam campaign
|
||||
deny 91.200.80.0/24; # 2018-05-22 spam campaign
|
||||
deny 91.200.81.0/24; # 2018-05-22 spam campaign
|
||||
deny 91.200.82.0/24; # 2018-05-22 spam campaign
|
||||
deny 91.200.83.0/24; # 2018-05-22 spam campaign
|
||||
deny 91.216.3.0/24; # 2018-05-22 spam campaign
|
||||
deny 91.243.90.0/24; # 2018-05-22 spam campaign
|
||||
deny 91.243.91.0/24; # 2018-05-22 spam campaign
|
||||
deny 91.243.93.0/24; # 2018-05-22 spam campaign
|
||||
deny 93.179.88.0/24; # 2018-05-22 spam campaign
|
||||
deny 93.179.89.0/24; # 2018-05-22 spam campaign
|
||||
deny 93.179.90.0/24; # 2018-05-22 spam campaign
|
||||
deny 93.179.91.0/24; # 2018-05-22 spam campaign
|
||||
deny 95.181.176.0/24; # 2018-05-22 spam campaign
|
||||
deny 95.181.177.0/24; # 2018-05-22 spam campaign
|
||||
deny 95.181.182.0/24; # 2018-05-22 spam campaign
|
||||
deny 95.181.183.0/24; # 2018-05-22 spam campaign
|
||||
deny 95.181.216.0/24; # 2018-05-22 spam campaign
|
||||
deny 95.181.217.0/24; # 2018-05-22 spam campaign
|
||||
deny 95.181.219.0/24; # 2018-05-22 spam campaign
|
||||
deny 95.85.80.0/24; # 2018-05-22 spam campaign
|
||||
deny 95.85.81.0/24; # 2018-05-22 spam campaign
|
||||
deny 191.96.164.0/24; # 2018-05-22 spam campaign
|
||||
deny 5.8.45.0/24; # 2018-05-22 spam campaign
|
3
files/etc/nginx/conf.d/headers.conf
Normal file
3
files/etc/nginx/conf.d/headers.conf
Normal file
|
@ -0,0 +1,3 @@
|
|||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
1
files/etc/nginx/conf.d/hsts.conf
Normal file
1
files/etc/nginx/conf.d/hsts.conf
Normal file
|
@ -0,0 +1 @@
|
|||
add_header Strict-Transport-Security "max-age=31536000";
|
4
files/etc/nginx/conf.d/ocsp.conf
Normal file
4
files/etc/nginx/conf.d/ocsp.conf
Normal file
|
@ -0,0 +1,4 @@
|
|||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
resolver 10.10.10.9 10.10.11.8 valid=300s;
|
||||
resolver_timeout 5s;
|
29
files/etc/nginx/conf.d/proxy.conf
Normal file
29
files/etc/nginx/conf.d/proxy.conf
Normal file
|
@ -0,0 +1,29 @@
|
|||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Remote-Port $remote_port;
|
||||
proxy_set_header Proxy "";
|
||||
proxy_pass_header Server;
|
||||
proxy_redirect off;
|
||||
proxy_intercept_errors on;
|
||||
|
||||
#proxy_buffering on;
|
||||
#proxy_buffer_size 1k;
|
||||
#proxy_buffers 16 8k;
|
||||
|
||||
#client_body_timeout 30;
|
||||
#client_header_timeout 10;
|
||||
#keepalive_timeout 30;
|
||||
#send_timeout 60;
|
||||
#keepalive_requests 100;
|
||||
|
||||
#sendfile on;
|
||||
#tcp_nopush on;
|
||||
#tcp_nodelay on;
|
||||
|
||||
error_page 502 /errors/502.html;
|
||||
error_page 502 /errors/502.html;
|
11
files/etc/nginx/conf.d/ssl.conf
Normal file
11
files/etc/nginx/conf.d/ssl.conf
Normal file
|
@ -0,0 +1,11 @@
|
|||
ssl_dhparam /etc/nginx/ssl/private/dhparam.pem;
|
||||
|
||||
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
|
||||
ssl_ecdh_curve X25519:P-521:P-384:P-256;
|
||||
ssl_ciphers "EECDH+CHACHA20:EECDH+AESGCM";
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
ssl_session_cache shared:SSL:20m;
|
||||
ssl_session_timeout 15m;
|
||||
ssl_session_tickets off;
|
||||
|
1
files/etc/nginx/conf.d/ssl_letsencrypt.conf
Normal file
1
files/etc/nginx/conf.d/ssl_letsencrypt.conf
Normal file
|
@ -0,0 +1 @@
|
|||
ssl_trusted_certificate /etc/nginx/ssl/private/letsencrypt-certs.pem;
|
26
files/etc/nginx/conf/fastcgi.conf
Normal file
26
files/etc/nginx/conf/fastcgi.conf
Normal file
|
@ -0,0 +1,26 @@
|
|||
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param DOCUMENT_URI $document_uri;
|
||||
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param REQUEST_SCHEME $scheme;
|
||||
fastcgi_param HTTPS $https if_not_empty;
|
||||
|
||||
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
||||
|
||||
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
fastcgi_param REMOTE_PORT $remote_port;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
||||
fastcgi_param REDIRECT_STATUS 200;
|
26
files/etc/nginx/conf/fastcgi.conf.default
Normal file
26
files/etc/nginx/conf/fastcgi.conf.default
Normal file
|
@ -0,0 +1,26 @@
|
|||
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param DOCUMENT_URI $document_uri;
|
||||
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param REQUEST_SCHEME $scheme;
|
||||
fastcgi_param HTTPS $https if_not_empty;
|
||||
|
||||
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
||||
|
||||
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
fastcgi_param REMOTE_PORT $remote_port;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
||||
fastcgi_param REDIRECT_STATUS 200;
|
25
files/etc/nginx/conf/fastcgi_params
Normal file
25
files/etc/nginx/conf/fastcgi_params
Normal file
|
@ -0,0 +1,25 @@
|
|||
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param DOCUMENT_URI $document_uri;
|
||||
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param REQUEST_SCHEME $scheme;
|
||||
fastcgi_param HTTPS $https if_not_empty;
|
||||
|
||||
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
||||
|
||||
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
fastcgi_param REMOTE_PORT $remote_port;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
||||
fastcgi_param REDIRECT_STATUS 200;
|
25
files/etc/nginx/conf/fastcgi_params.default
Normal file
25
files/etc/nginx/conf/fastcgi_params.default
Normal file
|
@ -0,0 +1,25 @@
|
|||
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param DOCUMENT_URI $document_uri;
|
||||
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param REQUEST_SCHEME $scheme;
|
||||
fastcgi_param HTTPS $https if_not_empty;
|
||||
|
||||
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
||||
|
||||
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
fastcgi_param REMOTE_PORT $remote_port;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
||||
fastcgi_param REDIRECT_STATUS 200;
|
109
files/etc/nginx/conf/koi-utf
Normal file
109
files/etc/nginx/conf/koi-utf
Normal file
|
@ -0,0 +1,109 @@
|
|||
|
||||
# This map is not a full koi8-r <> utf8 map: it does not contain
|
||||
# box-drawing and some other characters. Besides this map contains
|
||||
# several koi8-u and Byelorussian letters which are not in koi8-r.
|
||||
# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
|
||||
# map instead.
|
||||
|
||||
charset_map koi8-r utf-8 {
|
||||
|
||||
80 E282AC ; # euro
|
||||
|
||||
95 E280A2 ; # bullet
|
||||
|
||||
9A C2A0 ; #
|
||||
|
||||
9E C2B7 ; # ·
|
||||
|
||||
A3 D191 ; # small yo
|
||||
A4 D194 ; # small Ukrainian ye
|
||||
|
||||
A6 D196 ; # small Ukrainian i
|
||||
A7 D197 ; # small Ukrainian yi
|
||||
|
||||
AD D291 ; # small Ukrainian soft g
|
||||
AE D19E ; # small Byelorussian short u
|
||||
|
||||
B0 C2B0 ; # °
|
||||
|
||||
B3 D081 ; # capital YO
|
||||
B4 D084 ; # capital Ukrainian YE
|
||||
|
||||
B6 D086 ; # capital Ukrainian I
|
||||
B7 D087 ; # capital Ukrainian YI
|
||||
|
||||
B9 E28496 ; # numero sign
|
||||
|
||||
BD D290 ; # capital Ukrainian soft G
|
||||
BE D18E ; # capital Byelorussian short U
|
||||
|
||||
BF C2A9 ; # (C)
|
||||
|
||||
C0 D18E ; # small yu
|
||||
C1 D0B0 ; # small a
|
||||
C2 D0B1 ; # small b
|
||||
C3 D186 ; # small ts
|
||||
C4 D0B4 ; # small d
|
||||
C5 D0B5 ; # small ye
|
||||
C6 D184 ; # small f
|
||||
C7 D0B3 ; # small g
|
||||
C8 D185 ; # small kh
|
||||
C9 D0B8 ; # small i
|
||||
CA D0B9 ; # small j
|
||||
CB D0BA ; # small k
|
||||
CC D0BB ; # small l
|
||||
CD D0BC ; # small m
|
||||
CE D0BD ; # small n
|
||||
CF D0BE ; # small o
|
||||
|
||||
D0 D0BF ; # small p
|
||||
D1 D18F ; # small ya
|
||||
D2 D180 ; # small r
|
||||
D3 D181 ; # small s
|
||||
D4 D182 ; # small t
|
||||
D5 D183 ; # small u
|
||||
D6 D0B6 ; # small zh
|
||||
D7 D0B2 ; # small v
|
||||
D8 D18C ; # small soft sign
|
||||
D9 D18B ; # small y
|
||||
DA D0B7 ; # small z
|
||||
DB D188 ; # small sh
|
||||
DC D18D ; # small e
|
||||
DD D189 ; # small shch
|
||||
DE D187 ; # small ch
|
||||
DF D18A ; # small hard sign
|
||||
|
||||
E0 D0AE ; # capital YU
|
||||
E1 D090 ; # capital A
|
||||
E2 D091 ; # capital B
|
||||
E3 D0A6 ; # capital TS
|
||||
E4 D094 ; # capital D
|
||||
E5 D095 ; # capital YE
|
||||
E6 D0A4 ; # capital F
|
||||
E7 D093 ; # capital G
|
||||
E8 D0A5 ; # capital KH
|
||||
E9 D098 ; # capital I
|
||||
EA D099 ; # capital J
|
||||
EB D09A ; # capital K
|
||||
EC D09B ; # capital L
|
||||
ED D09C ; # capital M
|
||||
EE D09D ; # capital N
|
||||
EF D09E ; # capital O
|
||||
|
||||
F0 D09F ; # capital P
|
||||
F1 D0AF ; # capital YA
|
||||
F2 D0A0 ; # capital R
|
||||
F3 D0A1 ; # capital S
|
||||
F4 D0A2 ; # capital T
|
||||
F5 D0A3 ; # capital U
|
||||
F6 D096 ; # capital ZH
|
||||
F7 D092 ; # capital V
|
||||
F8 D0AC ; # capital soft sign
|
||||
F9 D0AB ; # capital Y
|
||||
FA D097 ; # capital Z
|
||||
FB D0A8 ; # capital SH
|
||||
FC D0AD ; # capital E
|
||||
FD D0A9 ; # capital SHCH
|
||||
FE D0A7 ; # capital CH
|
||||
FF D0AA ; # capital hard sign
|
||||
}
|
103
files/etc/nginx/conf/koi-win
Normal file
103
files/etc/nginx/conf/koi-win
Normal file
|
@ -0,0 +1,103 @@
|
|||
|
||||
charset_map koi8-r windows-1251 {
|
||||
|
||||
80 88 ; # euro
|
||||
|
||||
95 95 ; # bullet
|
||||
|
||||
9A A0 ; #
|
||||
|
||||
9E B7 ; # ·
|
||||
|
||||
A3 B8 ; # small yo
|
||||
A4 BA ; # small Ukrainian ye
|
||||
|
||||
A6 B3 ; # small Ukrainian i
|
||||
A7 BF ; # small Ukrainian yi
|
||||
|
||||
AD B4 ; # small Ukrainian soft g
|
||||
AE A2 ; # small Byelorussian short u
|
||||
|
||||
B0 B0 ; # °
|
||||
|
||||
B3 A8 ; # capital YO
|
||||
B4 AA ; # capital Ukrainian YE
|
||||
|
||||
B6 B2 ; # capital Ukrainian I
|
||||
B7 AF ; # capital Ukrainian YI
|
||||
|
||||
B9 B9 ; # numero sign
|
||||
|
||||
BD A5 ; # capital Ukrainian soft G
|
||||
BE A1 ; # capital Byelorussian short U
|
||||
|
||||
BF A9 ; # (C)
|
||||
|
||||
C0 FE ; # small yu
|
||||
C1 E0 ; # small a
|
||||
C2 E1 ; # small b
|
||||
C3 F6 ; # small ts
|
||||
C4 E4 ; # small d
|
||||
C5 E5 ; # small ye
|
||||
C6 F4 ; # small f
|
||||
C7 E3 ; # small g
|
||||
C8 F5 ; # small kh
|
||||
C9 E8 ; # small i
|
||||
CA E9 ; # small j
|
||||
CB EA ; # small k
|
||||
CC EB ; # small l
|
||||
CD EC ; # small m
|
||||
CE ED ; # small n
|
||||
CF EE ; # small o
|
||||
|
||||
D0 EF ; # small p
|
||||
D1 FF ; # small ya
|
||||
D2 F0 ; # small r
|
||||
D3 F1 ; # small s
|
||||
D4 F2 ; # small t
|
||||
D5 F3 ; # small u
|
||||
D6 E6 ; # small zh
|
||||
D7 E2 ; # small v
|
||||
D8 FC ; # small soft sign
|
||||
D9 FB ; # small y
|
||||
DA E7 ; # small z
|
||||
DB F8 ; # small sh
|
||||
DC FD ; # small e
|
||||
DD F9 ; # small shch
|
||||
DE F7 ; # small ch
|
||||
DF FA ; # small hard sign
|
||||
|
||||
E0 DE ; # capital YU
|
||||
E1 C0 ; # capital A
|
||||
E2 C1 ; # capital B
|
||||
E3 D6 ; # capital TS
|
||||
E4 C4 ; # capital D
|
||||
E5 C5 ; # capital YE
|
||||
E6 D4 ; # capital F
|
||||
E7 C3 ; # capital G
|
||||
E8 D5 ; # capital KH
|
||||
E9 C8 ; # capital I
|
||||
EA C9 ; # capital J
|
||||
EB CA ; # capital K
|
||||
EC CB ; # capital L
|
||||
ED CC ; # capital M
|
||||
EE CD ; # capital N
|
||||
EF CE ; # capital O
|
||||
|
||||
F0 CF ; # capital P
|
||||
F1 DF ; # capital YA
|
||||
F2 D0 ; # capital R
|
||||
F3 D1 ; # capital S
|
||||
F4 D2 ; # capital T
|
||||
F5 D3 ; # capital U
|
||||
F6 C6 ; # capital ZH
|
||||
F7 C2 ; # capital V
|
||||
F8 DC ; # capital soft sign
|
||||
F9 DB ; # capital Y
|
||||
FA C7 ; # capital Z
|
||||
FB D8 ; # capital SH
|
||||
FC DD ; # capital E
|
||||
FD D9 ; # capital SHCH
|
||||
FE D7 ; # capital CH
|
||||
FF DA ; # capital hard sign
|
||||
}
|
97
files/etc/nginx/conf/mime.types
Normal file
97
files/etc/nginx/conf/mime.types
Normal file
|
@ -0,0 +1,97 @@
|
|||
|
||||
types {
|
||||
text/html html htm shtml;
|
||||
text/css css;
|
||||
text/xml xml;
|
||||
image/gif gif;
|
||||
image/jpeg jpeg jpg;
|
||||
application/javascript js;
|
||||
application/atom+xml atom;
|
||||
application/rss+xml rss;
|
||||
|
||||
text/mathml mml;
|
||||
text/plain txt;
|
||||
text/vnd.sun.j2me.app-descriptor jad;
|
||||
text/vnd.wap.wml wml;
|
||||
text/x-component htc;
|
||||
|
||||
image/png png;
|
||||
image/svg+xml svg svgz;
|
||||
image/tiff tif tiff;
|
||||
image/vnd.wap.wbmp wbmp;
|
||||
image/webp webp;
|
||||
image/x-icon ico;
|
||||
image/x-jng jng;
|
||||
image/x-ms-bmp bmp;
|
||||
|
||||
font/woff woff;
|
||||
font/woff2 woff2;
|
||||
|
||||
application/java-archive jar war ear;
|
||||
application/json json;
|
||||
application/mac-binhex40 hqx;
|
||||
application/msword doc;
|
||||
application/pdf pdf;
|
||||
application/postscript ps eps ai;
|
||||
application/rtf rtf;
|
||||
application/vnd.apple.mpegurl m3u8;
|
||||
application/vnd.google-earth.kml+xml kml;
|
||||
application/vnd.google-earth.kmz kmz;
|
||||
application/vnd.ms-excel xls;
|
||||
application/vnd.ms-fontobject eot;
|
||||
application/vnd.ms-powerpoint ppt;
|
||||
application/vnd.oasis.opendocument.graphics odg;
|
||||
application/vnd.oasis.opendocument.presentation odp;
|
||||
application/vnd.oasis.opendocument.spreadsheet ods;
|
||||
application/vnd.oasis.opendocument.text odt;
|
||||
application/vnd.openxmlformats-officedocument.presentationml.presentation
|
||||
pptx;
|
||||
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
|
||||
xlsx;
|
||||
application/vnd.openxmlformats-officedocument.wordprocessingml.document
|
||||
docx;
|
||||
application/vnd.wap.wmlc wmlc;
|
||||
application/x-7z-compressed 7z;
|
||||
application/x-cocoa cco;
|
||||
application/x-java-archive-diff jardiff;
|
||||
application/x-java-jnlp-file jnlp;
|
||||
application/x-makeself run;
|
||||
application/x-perl pl pm;
|
||||
application/x-pilot prc pdb;
|
||||
application/x-rar-compressed rar;
|
||||
application/x-redhat-package-manager rpm;
|
||||
application/x-sea sea;
|
||||
application/x-shockwave-flash swf;
|
||||
application/x-stuffit sit;
|
||||
application/x-tcl tcl tk;
|
||||
application/x-x509-ca-cert der pem crt;
|
||||
application/x-xpinstall xpi;
|
||||
application/xhtml+xml xhtml;
|
||||
application/xspf+xml xspf;
|
||||
application/zip zip;
|
||||
|
||||
application/octet-stream bin exe dll;
|
||||
application/octet-stream deb;
|
||||
application/octet-stream dmg;
|
||||
application/octet-stream iso img;
|
||||
application/octet-stream msi msp msm;
|
||||
|
||||
audio/midi mid midi kar;
|
||||
audio/mpeg mp3;
|
||||
audio/ogg ogg;
|
||||
audio/x-m4a m4a;
|
||||
audio/x-realaudio ra;
|
||||
|
||||
video/3gpp 3gpp 3gp;
|
||||
video/mp2t ts;
|
||||
video/mp4 mp4;
|
||||
video/mpeg mpeg mpg;
|
||||
video/quicktime mov;
|
||||
video/webm webm;
|
||||
video/x-flv flv;
|
||||
video/x-m4v m4v;
|
||||
video/x-mng mng;
|
||||
video/x-ms-asf asx asf;
|
||||
video/x-ms-wmv wmv;
|
||||
video/x-msvideo avi;
|
||||
}
|
97
files/etc/nginx/conf/mime.types.default
Normal file
97
files/etc/nginx/conf/mime.types.default
Normal file
|
@ -0,0 +1,97 @@
|
|||
|
||||
types {
|
||||
text/html html htm shtml;
|
||||
text/css css;
|
||||
text/xml xml;
|
||||
image/gif gif;
|
||||
image/jpeg jpeg jpg;
|
||||
application/javascript js;
|
||||
application/atom+xml atom;
|
||||
application/rss+xml rss;
|
||||
|
||||
text/mathml mml;
|
||||
text/plain txt;
|
||||
text/vnd.sun.j2me.app-descriptor jad;
|
||||
text/vnd.wap.wml wml;
|
||||
text/x-component htc;
|
||||
|
||||
image/png png;
|
||||
image/svg+xml svg svgz;
|
||||
image/tiff tif tiff;
|
||||
image/vnd.wap.wbmp wbmp;
|
||||
image/webp webp;
|
||||
image/x-icon ico;
|
||||
image/x-jng jng;
|
||||
image/x-ms-bmp bmp;
|
||||
|
||||
font/woff woff;
|
||||
font/woff2 woff2;
|
||||
|
||||
application/java-archive jar war ear;
|
||||
application/json json;
|
||||
application/mac-binhex40 hqx;
|
||||
application/msword doc;
|
||||
application/pdf pdf;
|
||||
application/postscript ps eps ai;
|
||||
application/rtf rtf;
|
||||
application/vnd.apple.mpegurl m3u8;
|
||||
application/vnd.google-earth.kml+xml kml;
|
||||
application/vnd.google-earth.kmz kmz;
|
||||
application/vnd.ms-excel xls;
|
||||
application/vnd.ms-fontobject eot;
|
||||
application/vnd.ms-powerpoint ppt;
|
||||
application/vnd.oasis.opendocument.graphics odg;
|
||||
application/vnd.oasis.opendocument.presentation odp;
|
||||
application/vnd.oasis.opendocument.spreadsheet ods;
|
||||
application/vnd.oasis.opendocument.text odt;
|
||||
application/vnd.openxmlformats-officedocument.presentationml.presentation
|
||||
pptx;
|
||||
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
|
||||
xlsx;
|
||||
application/vnd.openxmlformats-officedocument.wordprocessingml.document
|
||||
docx;
|
||||
application/vnd.wap.wmlc wmlc;
|
||||
application/x-7z-compressed 7z;
|
||||
application/x-cocoa cco;
|
||||
application/x-java-archive-diff jardiff;
|
||||
application/x-java-jnlp-file jnlp;
|
||||
application/x-makeself run;
|
||||
application/x-perl pl pm;
|
||||
application/x-pilot prc pdb;
|
||||
application/x-rar-compressed rar;
|
||||
application/x-redhat-package-manager rpm;
|
||||
application/x-sea sea;
|
||||
application/x-shockwave-flash swf;
|
||||
application/x-stuffit sit;
|
||||
application/x-tcl tcl tk;
|
||||
application/x-x509-ca-cert der pem crt;
|
||||
application/x-xpinstall xpi;
|
||||
application/xhtml+xml xhtml;
|
||||
application/xspf+xml xspf;
|
||||
application/zip zip;
|
||||
|
||||
application/octet-stream bin exe dll;
|
||||
application/octet-stream deb;
|
||||
application/octet-stream dmg;
|
||||
application/octet-stream iso img;
|
||||
application/octet-stream msi msp msm;
|
||||
|
||||
audio/midi mid midi kar;
|
||||
audio/mpeg mp3;
|
||||
audio/ogg ogg;
|
||||
audio/x-m4a m4a;
|
||||
audio/x-realaudio ra;
|
||||
|
||||
video/3gpp 3gpp 3gp;
|
||||
video/mp2t ts;
|
||||
video/mp4 mp4;
|
||||
video/mpeg mpeg mpg;
|
||||
video/quicktime mov;
|
||||
video/webm webm;
|
||||
video/x-flv flv;
|
||||
video/x-m4v m4v;
|
||||
video/x-mng mng;
|
||||
video/x-ms-asf asx asf;
|
||||
video/x-ms-wmv wmv;
|
||||
video/x-msvideo avi;
|
||||
}
|
117
files/etc/nginx/conf/nginx.conf.default
Normal file
117
files/etc/nginx/conf/nginx.conf.default
Normal file
|
@ -0,0 +1,117 @@
|
|||
|
||||
#user nobody;
|
||||
worker_processes 1;
|
||||
|
||||
#error_log logs/error.log;
|
||||
#error_log logs/error.log notice;
|
||||
#error_log logs/error.log info;
|
||||
|
||||
#pid logs/nginx.pid;
|
||||
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
|
||||
http {
|
||||
include mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
# '$status $body_bytes_sent "$http_referer" '
|
||||
# '"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
#access_log logs/access.log main;
|
||||
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
|
||||
#keepalive_timeout 0;
|
||||
keepalive_timeout 65;
|
||||
|
||||
#gzip on;
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name localhost;
|
||||
|
||||
#charset koi8-r;
|
||||
|
||||
#access_log logs/host.access.log main;
|
||||
|
||||
location / {
|
||||
root html;
|
||||
index index.html index.htm;
|
||||
}
|
||||
|
||||
#error_page 404 /404.html;
|
||||
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root html;
|
||||
}
|
||||
|
||||
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
|
||||
#
|
||||
#location ~ \.php$ {
|
||||
# proxy_pass http://127.0.0.1;
|
||||
#}
|
||||
|
||||
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||
#
|
||||
#location ~ \.php$ {
|
||||
# root html;
|
||||
# fastcgi_pass 127.0.0.1:9000;
|
||||
# fastcgi_index index.php;
|
||||
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
|
||||
# include fastcgi_params;
|
||||
#}
|
||||
|
||||
# deny access to .htaccess files, if Apache's document root
|
||||
# concurs with nginx's one
|
||||
#
|
||||
#location ~ /\.ht {
|
||||
# deny all;
|
||||
#}
|
||||
}
|
||||
|
||||
|
||||
# another virtual host using mix of IP-, name-, and port-based configuration
|
||||
#
|
||||
#server {
|
||||
# listen 8000;
|
||||
# listen somename:8080;
|
||||
# server_name somename alias another.alias;
|
||||
|
||||
# location / {
|
||||
# root html;
|
||||
# index index.html index.htm;
|
||||
# }
|
||||
#}
|
||||
|
||||
|
||||
# HTTPS server
|
||||
#
|
||||
#server {
|
||||
# listen 443 ssl;
|
||||
# server_name localhost;
|
||||
|
||||
# ssl_certificate cert.pem;
|
||||
# ssl_certificate_key cert.key;
|
||||
|
||||
# ssl_session_cache shared:SSL:1m;
|
||||
# ssl_session_timeout 5m;
|
||||
|
||||
# ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
# ssl_prefer_server_ciphers on;
|
||||
|
||||
# location / {
|
||||
# root html;
|
||||
# index index.html index.htm;
|
||||
# }
|
||||
#}
|
||||
|
||||
}
|
17
files/etc/nginx/conf/scgi_params
Normal file
17
files/etc/nginx/conf/scgi_params
Normal file
|
@ -0,0 +1,17 @@
|
|||
|
||||
scgi_param REQUEST_METHOD $request_method;
|
||||
scgi_param REQUEST_URI $request_uri;
|
||||
scgi_param QUERY_STRING $query_string;
|
||||
scgi_param CONTENT_TYPE $content_type;
|
||||
|
||||
scgi_param DOCUMENT_URI $document_uri;
|
||||
scgi_param DOCUMENT_ROOT $document_root;
|
||||
scgi_param SCGI 1;
|
||||
scgi_param SERVER_PROTOCOL $server_protocol;
|
||||
scgi_param REQUEST_SCHEME $scheme;
|
||||
scgi_param HTTPS $https if_not_empty;
|
||||
|
||||
scgi_param REMOTE_ADDR $remote_addr;
|
||||
scgi_param REMOTE_PORT $remote_port;
|
||||
scgi_param SERVER_PORT $server_port;
|
||||
scgi_param SERVER_NAME $server_name;
|
17
files/etc/nginx/conf/scgi_params.default
Normal file
17
files/etc/nginx/conf/scgi_params.default
Normal file
|
@ -0,0 +1,17 @@
|
|||
|
||||
scgi_param REQUEST_METHOD $request_method;
|
||||
scgi_param REQUEST_URI $request_uri;
|
||||
scgi_param QUERY_STRING $query_string;
|
||||
scgi_param CONTENT_TYPE $content_type;
|
||||
|
||||
scgi_param DOCUMENT_URI $document_uri;
|
||||
scgi_param DOCUMENT_ROOT $document_root;
|
||||
scgi_param SCGI 1;
|
||||
scgi_param SERVER_PROTOCOL $server_protocol;
|
||||
scgi_param REQUEST_SCHEME $scheme;
|
||||
scgi_param HTTPS $https if_not_empty;
|
||||
|
||||
scgi_param REMOTE_ADDR $remote_addr;
|
||||
scgi_param REMOTE_PORT $remote_port;
|
||||
scgi_param SERVER_PORT $server_port;
|
||||
scgi_param SERVER_NAME $server_name;
|
17
files/etc/nginx/conf/uwsgi_params
Normal file
17
files/etc/nginx/conf/uwsgi_params
Normal file
|
@ -0,0 +1,17 @@
|
|||
|
||||
uwsgi_param QUERY_STRING $query_string;
|
||||
uwsgi_param REQUEST_METHOD $request_method;
|
||||
uwsgi_param CONTENT_TYPE $content_type;
|
||||
uwsgi_param CONTENT_LENGTH $content_length;
|
||||
|
||||
uwsgi_param REQUEST_URI $request_uri;
|
||||
uwsgi_param PATH_INFO $document_uri;
|
||||
uwsgi_param DOCUMENT_ROOT $document_root;
|
||||
uwsgi_param SERVER_PROTOCOL $server_protocol;
|
||||
uwsgi_param REQUEST_SCHEME $scheme;
|
||||
uwsgi_param HTTPS $https if_not_empty;
|
||||
|
||||
uwsgi_param REMOTE_ADDR $remote_addr;
|
||||
uwsgi_param REMOTE_PORT $remote_port;
|
||||
uwsgi_param SERVER_PORT $server_port;
|
||||
uwsgi_param SERVER_NAME $server_name;
|
17
files/etc/nginx/conf/uwsgi_params.default
Normal file
17
files/etc/nginx/conf/uwsgi_params.default
Normal file
|
@ -0,0 +1,17 @@
|
|||
|
||||
uwsgi_param QUERY_STRING $query_string;
|
||||
uwsgi_param REQUEST_METHOD $request_method;
|
||||
uwsgi_param CONTENT_TYPE $content_type;
|
||||
uwsgi_param CONTENT_LENGTH $content_length;
|
||||
|
||||
uwsgi_param REQUEST_URI $request_uri;
|
||||
uwsgi_param PATH_INFO $document_uri;
|
||||
uwsgi_param DOCUMENT_ROOT $document_root;
|
||||
uwsgi_param SERVER_PROTOCOL $server_protocol;
|
||||
uwsgi_param REQUEST_SCHEME $scheme;
|
||||
uwsgi_param HTTPS $https if_not_empty;
|
||||
|
||||
uwsgi_param REMOTE_ADDR $remote_addr;
|
||||
uwsgi_param REMOTE_PORT $remote_port;
|
||||
uwsgi_param SERVER_PORT $server_port;
|
||||
uwsgi_param SERVER_NAME $server_name;
|
126
files/etc/nginx/conf/win-utf
Normal file
126
files/etc/nginx/conf/win-utf
Normal file
|
@ -0,0 +1,126 @@
|
|||
|
||||
# This map is not a full windows-1251 <> utf8 map: it does not
|
||||
# contain Serbian and Macedonian letters. If you need a full map,
|
||||
# use contrib/unicode2nginx/win-utf map instead.
|
||||
|
||||
charset_map windows-1251 utf-8 {
|
||||
|
||||
82 E2809A ; # single low-9 quotation mark
|
||||
|
||||
84 E2809E ; # double low-9 quotation mark
|
||||
85 E280A6 ; # ellipsis
|
||||
86 E280A0 ; # dagger
|
||||
87 E280A1 ; # double dagger
|
||||
88 E282AC ; # euro
|
||||
89 E280B0 ; # per mille
|
||||
|
||||
91 E28098 ; # left single quotation mark
|
||||
92 E28099 ; # right single quotation mark
|
||||
93 E2809C ; # left double quotation mark
|
||||
94 E2809D ; # right double quotation mark
|
||||
95 E280A2 ; # bullet
|
||||
96 E28093 ; # en dash
|
||||
97 E28094 ; # em dash
|
||||
|
||||
99 E284A2 ; # trade mark sign
|
||||
|
||||
A0 C2A0 ; #
|
||||
A1 D18E ; # capital Byelorussian short U
|
||||
A2 D19E ; # small Byelorussian short u
|
||||
|
||||
A4 C2A4 ; # currency sign
|
||||
A5 D290 ; # capital Ukrainian soft G
|
||||
A6 C2A6 ; # borken bar
|
||||
A7 C2A7 ; # section sign
|
||||
A8 D081 ; # capital YO
|
||||
A9 C2A9 ; # (C)
|
||||
AA D084 ; # capital Ukrainian YE
|
||||
AB C2AB ; # left-pointing double angle quotation mark
|
||||
AC C2AC ; # not sign
|
||||
AD C2AD ; # soft hypen
|
||||
AE C2AE ; # (R)
|
||||
AF D087 ; # capital Ukrainian YI
|
||||
|
||||
B0 C2B0 ; # °
|
||||
B1 C2B1 ; # plus-minus sign
|
||||
B2 D086 ; # capital Ukrainian I
|
||||
B3 D196 ; # small Ukrainian i
|
||||
B4 D291 ; # small Ukrainian soft g
|
||||
B5 C2B5 ; # micro sign
|
||||
B6 C2B6 ; # pilcrow sign
|
||||
B7 C2B7 ; # ·
|
||||
B8 D191 ; # small yo
|
||||
B9 E28496 ; # numero sign
|
||||
BA D194 ; # small Ukrainian ye
|
||||
BB C2BB ; # right-pointing double angle quotation mark
|
||||
|
||||
BF D197 ; # small Ukrainian yi
|
||||
|
||||
C0 D090 ; # capital A
|
||||
C1 D091 ; # capital B
|
||||
C2 D092 ; # capital V
|
||||
C3 D093 ; # capital G
|
||||
C4 D094 ; # capital D
|
||||
C5 D095 ; # capital YE
|
||||
C6 D096 ; # capital ZH
|
||||
C7 D097 ; # capital Z
|
||||
C8 D098 ; # capital I
|
||||
C9 D099 ; # capital J
|
||||
CA D09A ; # capital K
|
||||
CB D09B ; # capital L
|
||||
CC D09C ; # capital M
|
||||
CD D09D ; # capital N
|
||||
CE D09E ; # capital O
|
||||
CF D09F ; # capital P
|
||||
|
||||
D0 D0A0 ; # capital R
|
||||
D1 D0A1 ; # capital S
|
||||
D2 D0A2 ; # capital T
|
||||
D3 D0A3 ; # capital U
|
||||
D4 D0A4 ; # capital F
|
||||
D5 D0A5 ; # capital KH
|
||||
D6 D0A6 ; # capital TS
|
||||
D7 D0A7 ; # capital CH
|
||||
D8 D0A8 ; # capital SH
|
||||
D9 D0A9 ; # capital SHCH
|
||||
DA D0AA ; # capital hard sign
|
||||
DB D0AB ; # capital Y
|
||||
DC D0AC ; # capital soft sign
|
||||
DD D0AD ; # capital E
|
||||
DE D0AE ; # capital YU
|
||||
DF D0AF ; # capital YA
|
||||
|
||||
E0 D0B0 ; # small a
|
||||
E1 D0B1 ; # small b
|
||||
E2 D0B2 ; # small v
|
||||
E3 D0B3 ; # small g
|
||||
E4 D0B4 ; # small d
|
||||
E5 D0B5 ; # small ye
|
||||
E6 D0B6 ; # small zh
|
||||
E7 D0B7 ; # small z
|
||||
E8 D0B8 ; # small i
|
||||
E9 D0B9 ; # small j
|
||||
EA D0BA ; # small k
|
||||
EB D0BB ; # small l
|
||||
EC D0BC ; # small m
|
||||
ED D0BD ; # small n
|
||||
EE D0BE ; # small o
|
||||
EF D0BF ; # small p
|
||||
|
||||
F0 D180 ; # small r
|
||||
F1 D181 ; # small s
|
||||
F2 D182 ; # small t
|
||||
F3 D183 ; # small u
|
||||
F4 D184 ; # small f
|
||||
F5 D185 ; # small kh
|
||||
F6 D186 ; # small ts
|
||||
F7 D187 ; # small ch
|
||||
F8 D188 ; # small sh
|
||||
F9 D189 ; # small shch
|
||||
FA D18A ; # small hard sign
|
||||
FB D18B ; # small y
|
||||
FC D18C ; # small soft sign
|
||||
FD D18D ; # small e
|
||||
FE D18E ; # small yu
|
||||
FF D18F ; # small ya
|
||||
}
|
21
files/etc/nginx/html/50x.html
Normal file
21
files/etc/nginx/html/50x.html
Normal file
|
@ -0,0 +1,21 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>Error</title>
|
||||
<style>
|
||||
body {
|
||||
width: 35em;
|
||||
margin: 0 auto;
|
||||
font-family: Tahoma, Verdana, Arial, sans-serif;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>An error occurred.</h1>
|
||||
<p>Sorry, the page you are looking for is currently unavailable.<br/>
|
||||
Please try again later.</p>
|
||||
<p>If you are the system administrator of this resource then you should check
|
||||
the error log for details.</p>
|
||||
<p><em>Faithfully yours, nginx.</em></p>
|
||||
</body>
|
||||
</html>
|
25
files/etc/nginx/html/index.html
Normal file
25
files/etc/nginx/html/index.html
Normal file
|
@ -0,0 +1,25 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>Welcome to nginx!</title>
|
||||
<style>
|
||||
body {
|
||||
width: 35em;
|
||||
margin: 0 auto;
|
||||
font-family: Tahoma, Verdana, Arial, sans-serif;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Welcome to nginx!</h1>
|
||||
<p>If you see this page, the nginx web server is successfully installed and
|
||||
working. Further configuration is required.</p>
|
||||
|
||||
<p>For online documentation and support please refer to
|
||||
<a href="http://nginx.org/">nginx.org</a>.<br/>
|
||||
Commercial support is available at
|
||||
<a href="http://nginx.com/">nginx.com</a>.</p>
|
||||
|
||||
<p><em>Thank you for using nginx.</em></p>
|
||||
</body>
|
||||
</html>
|
28
files/etc/nginx/sites-available/default
Normal file
28
files/etc/nginx/sites-available/default
Normal file
|
@ -0,0 +1,28 @@
|
|||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
|
||||
root /var/www/html;
|
||||
server_name _ default;
|
||||
|
||||
access_log off;
|
||||
error_log off;
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
root /var/www/letsencrypt/;
|
||||
allow all;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
listen 127.0.0.1:8080;
|
||||
listen [::1]:8080;
|
||||
|
||||
stub_status on;
|
||||
|
||||
location /stub_status {
|
||||
stub_status;
|
||||
}
|
||||
}
|
1
files/etc/nginx/sites-enabled/default
Symbolic link
1
files/etc/nginx/sites-enabled/default
Symbolic link
|
@ -0,0 +1 @@
|
|||
../sites-available/default
|
29
files/etc/systemd/system/nginx.service
Normal file
29
files/etc/systemd/system/nginx.service
Normal file
|
@ -0,0 +1,29 @@
|
|||
# Stop dance for nginx
|
||||
# =======================
|
||||
#
|
||||
# ExecStop sends SIGSTOP (graceful stop) to the nginx process.
|
||||
# If, after 5s (--retry QUIT/5) nginx is still running, systemd takes control
|
||||
# and sends SIGTERM (fast shutdown) to the main process.
|
||||
# After another 5s (TimeoutStopSec=5), and if nginx is alive, systemd sends
|
||||
# SIGKILL to all the remaining processes in the process group (KillMode=mixed).
|
||||
#
|
||||
# nginx signals reference doc:
|
||||
# http://nginx.org/en/docs/control.html
|
||||
#
|
||||
[Unit]
|
||||
Description=A high performance web server and a reverse proxy server
|
||||
Documentation=man:nginx(8)
|
||||
After=network.target nss-lookup.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
PIDFile=/run/nginx.pid
|
||||
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/conf/nginx.conf -q -g 'daemon on; master_process on;'
|
||||
ExecStart=/usr/sbin/nginx -c /etc/nginx/conf/nginx.conf -g 'daemon on; master_process on;'
|
||||
ExecReload=/usr/sbin/nginx -c /etc/nginx/conf/nginx.conf -g 'daemon on; master_process on;' -s reload
|
||||
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
|
||||
TimeoutStopSec=5
|
||||
KillMode=mixed
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
1181
files/html/errors/502.html
Normal file
1181
files/html/errors/502.html
Normal file
File diff suppressed because it is too large
Load diff
1181
files/html/errors/503.html
Normal file
1181
files/html/errors/503.html
Normal file
File diff suppressed because it is too large
Load diff
1182
files/html/index.html
Normal file
1182
files/html/index.html
Normal file
File diff suppressed because it is too large
Load diff
52
tasks/configure-vhost.yml
Normal file
52
tasks/configure-vhost.yml
Normal file
|
@ -0,0 +1,52 @@
|
|||
---
|
||||
- name: Ensure nginx is started
|
||||
service:
|
||||
name: nginx
|
||||
state: started
|
||||
enabled: true
|
||||
ignore_errors: true
|
||||
register: nginx_started
|
||||
|
||||
- name: Nginx started failed | Delete file for repair nginx
|
||||
file:
|
||||
state: absent
|
||||
path: "/etc/nginx/sites-enabled/"
|
||||
when: nginx_started is failed
|
||||
|
||||
- name: Nginx started failed | recreate folder for repair nginx
|
||||
file:
|
||||
state: directory
|
||||
path: "/etc/nginx/sites-enabled/"
|
||||
when: nginx_started is failed
|
||||
|
||||
- name: Nginx started failed | create default link for repair nginx
|
||||
file:
|
||||
src: "/etc/nginx/sites-available/default"
|
||||
dest: "/etc/nginx/sites-enabled/default"
|
||||
state: link
|
||||
when: nginx_started is failed
|
||||
|
||||
- name: Nginx started failed | Restart Nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: started
|
||||
when: nginx_started is failed
|
||||
|
||||
- name: "Create certificate for {{ item.name }}"
|
||||
shell: "certbot certonly --non-interactive --webroot --email {{ letsencrypt_email }} --agree-tos --webroot-path=/var/www/letsencrypt -d {{ item.name }} --rsa-key-size 4096;"
|
||||
when:
|
||||
- item.ssl
|
||||
- item.useLetsencrypt
|
||||
- item.state = "present"
|
||||
loop: nginx_vhost
|
||||
|
||||
- name: "Add Vhost {{ item.name }}"
|
||||
template:
|
||||
src: "vhost/{{ item.template }}.j2"
|
||||
dest: "/etc/nginx/sites-available/{{ item.name }}"
|
||||
notify:
|
||||
- reload nginx
|
||||
when:
|
||||
- item.state = "present"
|
||||
loop: nginx_vhost
|
||||
|
39
tasks/install-Debian-letsencrypt.yml
Normal file
39
tasks/install-Debian-letsencrypt.yml
Normal file
|
@ -0,0 +1,39 @@
|
|||
---
|
||||
- name: Install Nginx and dependencies
|
||||
apt:
|
||||
pkg: "{{item}}"
|
||||
state: latest
|
||||
update_cache: yes
|
||||
with_items:
|
||||
- certbot
|
||||
|
||||
- name: Get let's encrypt cert
|
||||
command: "curl https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.pem -o /etc/nginx/ssl/private/letsencrypt-certs.pem"
|
||||
|
||||
- name: Creates a cron file under /etc/cron.d
|
||||
cron:
|
||||
name: cerbot-renew
|
||||
weekday: 1
|
||||
minute: 30
|
||||
hour: 2
|
||||
user: root
|
||||
job: "certbot renew >> /var/log/le-renew.log && curl -fsS --retry 3 --resolve cron.drycat.fr:443:10.10.10.1 https://cron.drycat.fr/ping/{{ nginx_certs_renew_cron }} > /dev/null"
|
||||
|
||||
- name: Creates a cron file under /etc/cron.d
|
||||
cron:
|
||||
name: Reload server
|
||||
weekday: 1
|
||||
minute: 50
|
||||
hour: 2
|
||||
user: root
|
||||
job: "/bin/systemctl reload nginx && curl -fsS --retry 3 --resolve cron.drycat.fr:443:10.10.10.1 https://cron.drycat.fr/ping/{{ nginx_le_reload }} > /dev/null"
|
||||
|
||||
- name: "Add Dryusdan's configuration"
|
||||
copy:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0640'
|
||||
loop:
|
||||
- { 'src': 'etc/nginx/conf.d/ssl_letsencrypt.conf', 'dest':'/etc/nginx/conf.d/ssl_letsencrypt.conf' }
|
16
tasks/install-Debian-prometheus.yml
Normal file
16
tasks/install-Debian-prometheus.yml
Normal file
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
- name: Install Prometheus-nginx-exporter on Debian 10
|
||||
apt:
|
||||
pkg: "{{item}}"
|
||||
state: latest
|
||||
update_cache: yes
|
||||
with_items:
|
||||
- prometheus-nginx-exporter
|
||||
- libnginx-mod-rtmp
|
||||
when: ansible_distribution == 'Debian' and ansible_distribution_version == '10'
|
||||
|
||||
- name: import discovery file to server
|
||||
template:
|
||||
src: sd_file.yml.j2
|
||||
dest: "{{ prometheus_sd_directory }}/nginx_{{ ansible_nodename }}.yml"
|
||||
delegate_to: "{{ prometheus_server }}"
|
138
tasks/install-Debian.yml
Normal file
138
tasks/install-Debian.yml
Normal file
|
@ -0,0 +1,138 @@
|
|||
---
|
||||
- name: Nginx already installed ?
|
||||
shell: dpkg-query -W 'nginx-full'
|
||||
ignore_errors: true
|
||||
register: nginx
|
||||
|
||||
- name: update apt-cache
|
||||
apt: update_cache=yes
|
||||
when: nginx is failed
|
||||
|
||||
- name: Update repositories cache and install package
|
||||
apt: pkg=apt-transport-https state=latest update_cache=yes
|
||||
|
||||
- name: Install Nginx and dependencies
|
||||
apt:
|
||||
pkg: "{{item}}"
|
||||
state: latest
|
||||
update_cache: yes
|
||||
with_items:
|
||||
- nginx-full
|
||||
- libnginx-mod-http-headers-more-filter
|
||||
- libnginx-mod-http-cache-purge
|
||||
- libnginx-mod-http-uploadprogress
|
||||
- libnginx-mod-stream
|
||||
- python
|
||||
- python-dev
|
||||
- gcc
|
||||
- dialog
|
||||
- libaugeas0
|
||||
- augeas-lenses
|
||||
- libssl-dev
|
||||
- libffi-dev
|
||||
- ca-certificates
|
||||
- python-pip
|
||||
- python-virtualenv
|
||||
- git
|
||||
- libpython-dev
|
||||
- zlib1g-dev
|
||||
|
||||
- name: Creates directory
|
||||
file:
|
||||
path: /etc/nginx/ssl/private
|
||||
state: directory
|
||||
when: nginx is failed
|
||||
|
||||
- name: Generate dhparam 4096
|
||||
openssl_dhparam:
|
||||
path: /etc/nginx/ssl/private/dhparam.pem
|
||||
size: 4096
|
||||
when: nginx is failed
|
||||
|
||||
- name: Create folder
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
loop:
|
||||
- /var/www/letsencrypt
|
||||
- /var/log/archive-nginx
|
||||
- /etc/nginx/conf
|
||||
- /etc/nginx/html
|
||||
- /etc/nginx/ssl
|
||||
- /etc/nginx/modules-available
|
||||
- /etc/nginx/modules-enabled
|
||||
- /etc/nginx/ssl/private/
|
||||
- /var/www/html/
|
||||
- /var/www/html/errors
|
||||
|
||||
- name: Remove official default configuration
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
loop:
|
||||
- /etc/logrotate.d/nginx
|
||||
- /etc/nginx/sites-available/default
|
||||
- /etc/nginx/fastcgi.conf
|
||||
- /etc/nginx/koi-utf
|
||||
- /etc/nginx/koi-win
|
||||
- /etc/nginx/mime.types
|
||||
- /etc/nginx/nginx.conf
|
||||
- /etc/nginx/proxy_params
|
||||
- /etc/nginx/scgi_params
|
||||
- /etc/nginx/snippets
|
||||
- /etc/nginx/uwsgi_params
|
||||
- /etc/nginx/win-utf
|
||||
|
||||
- name: "Add Dryusdan's configuration"
|
||||
copy:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0640'
|
||||
loop:
|
||||
- { 'src': 'etc/logrotate.d/nginx', 'dest':'/etc/logrotate.d/nginx' }
|
||||
- { 'src': 'etc/systemd/system/nginx.service', 'dest':'/etc/systemd/system/nginx.service' }
|
||||
- { 'src': 'etc/nginx/sites-enabled/default', 'dest': '/etc/nginx/sites-enabled/default' }
|
||||
- { 'src': 'etc/nginx/html/index.html', 'dest': '/etc/nginx/html/index.html' }
|
||||
- { 'src': 'etc/nginx/html/50x.html', 'dest': '/etc/nginx/html/50x.html' }
|
||||
- { 'src': 'etc/nginx/conf.d/blacklist', 'dest': '/etc/nginx/conf.d/blacklist' }
|
||||
- { 'src': 'etc/nginx/conf.d/headers.conf', 'dest': '/etc/nginx/conf.d/headers.conf' }
|
||||
- { 'src': 'etc/nginx/conf.d/hsts.conf', 'dest': '/etc/nginx/conf.d/hsts.conf' }
|
||||
- { 'src': 'etc/nginx/conf.d/ocsp.conf', 'dest': '/etc/nginx/conf.d/ocsp.conf' }
|
||||
- { 'src': 'etc/nginx/conf.d/proxy.conf', 'dest': '/etc/nginx/conf.d/proxy.conf' }
|
||||
- { 'src': 'etc/nginx/conf.d/ssl.conf', 'dest': '/etc/nginx/conf.d/ssl.conf' }
|
||||
- { 'src': 'etc/nginx/conf/fastcgi.conf', 'dest': '/etc/nginx/conf/fastcgi.conf' }
|
||||
- { 'src': 'etc/nginx/conf/fastcgi_params', 'dest': '/etc/nginx/conf/fastcgi_params' }
|
||||
- { 'src': 'etc/nginx/conf/koi-utf', 'dest': '/etc/nginx/conf/koi-utf' }
|
||||
- { 'src': 'etc/nginx/conf/koi-win', 'dest': '/etc/nginx/conf/koi-win' }
|
||||
- { 'src': 'etc/nginx/conf/mime.types', 'dest': '/etc/nginx/conf/mime.types' }
|
||||
- { 'src': 'etc/nginx/conf/scgi_params', 'dest': '/etc/nginx/conf/scgi_params' }
|
||||
- { 'src': 'etc/nginx/conf/uwsgi_params', 'dest': '/etc/nginx/conf/uwsgi_params' }
|
||||
- { 'src': 'etc/nginx/conf/win-utf', 'dest': '/etc/nginx/conf/win-utf' }
|
||||
- { 'src': 'html/index.html', 'dest': '/var/www/html/index.html' }
|
||||
|
||||
|
||||
- name: Add Nginx.conf
|
||||
template:
|
||||
src: nginx.conf.j2
|
||||
dest: /etc/nginx/conf/nginx.conf
|
||||
mode: 0644
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: "Add errors html file"
|
||||
copy:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: www-data
|
||||
group: www-data
|
||||
mode: '0640'
|
||||
loop:
|
||||
- { 'src': 'html/errors/502.html', 'dest': '/var/www/html/errors/502.html' }
|
||||
- { 'src': 'html/errors/503.html', 'dest': '/var/www/html/errors/503.html' }
|
||||
|
||||
- name: reload systemd
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
|
30
tasks/main.yml
Normal file
30
tasks/main.yml
Normal file
|
@ -0,0 +1,30 @@
|
|||
---
|
||||
- include_tasks: install-Debian.yml
|
||||
when: ansible_os_family == 'Debian'
|
||||
tags:
|
||||
- install
|
||||
- reconfigure
|
||||
|
||||
- include_tasks: install-Debian-letsencrypt.yml
|
||||
when: ansible_os_family == 'Debian'
|
||||
tags:
|
||||
- letsencrypt
|
||||
|
||||
- include_tasks: install-Debian-prometheus.yml
|
||||
when: ansible_os_family == 'Debian'
|
||||
tags:
|
||||
- prometheus
|
||||
|
||||
- include_tasks: configure-vhost.yml
|
||||
tags:
|
||||
- vhost
|
||||
|
||||
- include_tasks: remove-vhost.yml
|
||||
tags:
|
||||
- resign
|
||||
|
||||
- include_tasks: uninstall-nginx-Debian.yml
|
||||
when: ansible_os_family == 'Debian'
|
||||
tags:
|
||||
- uninstall
|
||||
|
25
tasks/remove-vhost.yml
Normal file
25
tasks/remove-vhost.yml
Normal file
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
- name: "Remove symlink {{ item.name }}"
|
||||
file:
|
||||
state: absent
|
||||
path: "/etc/nginx/sites-enabled/{{ item.name }}"
|
||||
when:
|
||||
- item.state = "absent"
|
||||
loop: nginx_vhost
|
||||
|
||||
- name: "Remove website conf {{ item.name }}"
|
||||
file:
|
||||
state: absent
|
||||
path: "/etc/nginx/sites-available/{{ item.name }}"
|
||||
when:
|
||||
- item.state = "absent"
|
||||
loop: nginx_vhost
|
||||
|
||||
- name: "Revoke Let's Encrypt cert for {{ item.name }}"
|
||||
shell: "certbot revoke --delete-after-revoke --cert-path /etc/letsencrypt/live/{{ item.name }}/cert.pem"
|
||||
when:
|
||||
- item.ssl == "On"
|
||||
- item.useLetsencrypt == "yes"
|
||||
- item.state = "absent"
|
||||
loop: nginx_vhost
|
||||
|
35
tasks/uninstall-nginx-Debian.yml
Normal file
35
tasks/uninstall-nginx-Debian.yml
Normal file
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
- name: "Remove Nginx"
|
||||
apt:
|
||||
pkg: "{{item}}"
|
||||
state: latest
|
||||
update_cache: yes
|
||||
with_items:
|
||||
- nginx-full
|
||||
- libnginx-mod-http-headers-more-filter
|
||||
- libnginx-mod-http-cache-purge
|
||||
- libnginx-mod-http-uploadprogress
|
||||
- libnginx-mod-stream
|
||||
- python
|
||||
- python-dev
|
||||
- gcc
|
||||
- dialog
|
||||
- libaugeas0
|
||||
- augeas-lenses
|
||||
- libssl-dev
|
||||
- libffi-dev
|
||||
- ca-certificates
|
||||
- python-pip
|
||||
- python-virtualenv
|
||||
- git
|
||||
- libpython-dev
|
||||
- zlib1g-dev
|
||||
|
||||
- name: "Remove directory"
|
||||
file:
|
||||
state: directory
|
||||
path: "{{ item }}"
|
||||
with_items:
|
||||
- "/etc/nginx"
|
||||
- "/var/cache/nginx"
|
||||
- "/var/log/nginx"
|
124
templates/nginx.conf.j2
Normal file
124
templates/nginx.conf.j2
Normal file
|
@ -0,0 +1,124 @@
|
|||
user www-data;
|
||||
worker_processes 4;
|
||||
pid /run/nginx.pid;
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
worker_rlimit_nofile 8704;
|
||||
|
||||
events {
|
||||
worker_connections 8192;
|
||||
multi_accept on;
|
||||
}
|
||||
|
||||
http {
|
||||
|
||||
##
|
||||
# Basic Settings
|
||||
##
|
||||
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_disable msie6;
|
||||
keepalive_requests 100;
|
||||
keepalive_timeout 65;
|
||||
types_hash_max_size 2048;
|
||||
server_tokens off;
|
||||
#server_names_hash_max_size 2048;
|
||||
|
||||
proxy_headers_hash_max_size 2048;
|
||||
proxy_max_temp_file_size {{ nginx_proxy_map_temp_file_size | default("2048m")}};
|
||||
proxy_headers_hash_bucket_size 256;
|
||||
|
||||
# server_names_hash_bucket_size 64;
|
||||
# server_name_in_redirect off;
|
||||
|
||||
include /etc/nginx/conf/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
##
|
||||
# Logging Settings
|
||||
##
|
||||
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
#more_set_headers 'Server: secret';
|
||||
|
||||
aio threads;
|
||||
aio_write on;
|
||||
|
||||
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
|
||||
limit_conn limit_per_ip 128;
|
||||
limit_req_zone $binary_remote_addr zone=allips:10m rate=150r/s;
|
||||
limit_req zone=allips burst=150 nodelay;
|
||||
|
||||
gzip on;
|
||||
gzip_comp_level 6;
|
||||
gzip_min_length 512;
|
||||
gzip_buffers 4 8k;
|
||||
gzip_proxied any;
|
||||
gzip_vary on;
|
||||
gzip_disable "msie6";
|
||||
gzip_types
|
||||
text/css
|
||||
text/javascript
|
||||
text/xml
|
||||
text/plain
|
||||
text/x-component
|
||||
application/javascript
|
||||
application/x-javascript
|
||||
application/json
|
||||
application/xml
|
||||
application/rss+xml
|
||||
application/vnd.ms-fontobject
|
||||
font/truetype
|
||||
font/opentype
|
||||
image/svg+xml;
|
||||
|
||||
# brotli on;
|
||||
# brotli_static on;
|
||||
# brotli_buffers 16 8k;
|
||||
# brotli_comp_level 6;
|
||||
# brotli_types
|
||||
# text/css
|
||||
# text/javascript
|
||||
# text/xml
|
||||
# text/plain
|
||||
# text/x-component
|
||||
# application/javascript
|
||||
# application/x-javascript
|
||||
# application/json
|
||||
# application/xml
|
||||
# application/rss+xml
|
||||
# application/vnd.ms-fontobject
|
||||
# font/truetype
|
||||
# font/opentype
|
||||
# image/svg+xml;
|
||||
|
||||
##
|
||||
# Virtual Host Configs
|
||||
##
|
||||
#include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
||||
|
||||
#mail {
|
||||
# # See sample authentication script at:
|
||||
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
|
||||
#
|
||||
# # auth_http localhost/auth.php;
|
||||
# # pop3_capabilities "TOP" "USER";
|
||||
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
|
||||
#
|
||||
# server {
|
||||
# listen localhost:110;
|
||||
# protocol pop3;
|
||||
# proxy on;
|
||||
# }
|
||||
#
|
||||
# server {
|
||||
# listen localhost:143;
|
||||
# protocol imap;
|
||||
# proxy on;
|
||||
# }
|
||||
#}
|
2
templates/sd_file.yml.j2
Normal file
2
templates/sd_file.yml.j2
Normal file
|
@ -0,0 +1,2 @@
|
|||
- targets:
|
||||
- "{{ ansible_nodename }}:{{ prometheus_exporter_listen_port }}"
|
16
templates/vhosts/partials/header.j2
Normal file
16
templates/vhosts/partials/header.j2
Normal file
|
@ -0,0 +1,16 @@
|
|||
listen {{ item.listen }} {% if item.ssl is defined and item.ssl = true %} ssl http2 {%endif%};
|
||||
{%if item.ipv6 is defined and item.ipv6 = true %}
|
||||
listen [::]:{{ item.listen }} {% if item.ssl is defined and item.ssl = true %} ssl http2 {%endif%};
|
||||
{%endif %}
|
||||
server_name {{ item.key }};
|
||||
|
||||
|
||||
|
||||
|
||||
client_max_body_size {{ client_max_body_size|default('2M') }}
|
||||
|
||||
{% if item.include_conf is defined %}
|
||||
{% for conf in item.include_conf %}
|
||||
include /etc/nginx/conf.d/{{ conf }};
|
||||
{% endfor %}
|
||||
{% endif %}
|
6
templates/vhosts/partials/letsencrypt-webroot.j2
Normal file
6
templates/vhosts/partials/letsencrypt-webroot.j2
Normal file
|
@ -0,0 +1,6 @@
|
|||
{%if item.letsencrypt is defined and item.letsencrypt = true %}
|
||||
location /.well-known/acme-challenge {
|
||||
root /var/www/letsencrypt/;
|
||||
allow all;
|
||||
}
|
||||
{% endif %}
|
9
templates/vhosts/partials/logoff-favicon-robots.txt.j2
Normal file
9
templates/vhosts/partials/logoff-favicon-robots.txt.j2
Normal file
|
@ -0,0 +1,9 @@
|
|||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log /dev/null;
|
||||
}
|
||||
location = /favicon.ico {
|
||||
log_not_found off;
|
||||
access_log /dev/null;
|
||||
}
|
6
templates/vhosts/partials/map.j2
Normal file
6
templates/vhosts/partials/map.j2
Normal file
|
@ -0,0 +1,6 @@
|
|||
{% if item.map is defined %}
|
||||
map {{ item.map.string }} {{ item.map.variable }} {
|
||||
{{ item.map.parameters|ident(4) }}
|
||||
}
|
||||
{% endif %}
|
||||
|
25
templates/vhosts/partials/ssl.j2
Normal file
25
templates/vhosts/partials/ssl.j2
Normal file
|
@ -0,0 +1,25 @@
|
|||
{% if item.ssl is defined and item.ssl = true %}
|
||||
|
||||
{% if item.letsencrypt is defined and item.letsencrypt = true %}
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{{ item.server_name }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ item.server_name/privkey.pem;
|
||||
|
||||
{% else %}
|
||||
|
||||
ssl_certificate {{ item.ssl_certificate }};
|
||||
ssl_certificate_key {{ item.ssl_certificate_key }};
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% if item.letsencrypt is defined and item.letsencrypt = true %}
|
||||
|
||||
include /etc/nginx/conf.d/ssl_letsencrypt.conf;
|
||||
|
||||
{% endif %}
|
||||
|
||||
include /etc/nginx/conf.d/ssl.conf;
|
||||
include /etc/nginx/conf.d/hsts.conf;
|
||||
include /etc/nginx/conf.d/ocsp.conf;
|
||||
|
||||
{% endif %}
|
7
templates/vhosts/partials/upstream.j2
Normal file
7
templates/vhosts/partials/upstream.j2
Normal file
|
@ -0,0 +1,7 @@
|
|||
{% if item.upstream is defined %}
|
||||
upstream {{ item.upstream.name }} {
|
||||
{% for server in item.upstream.server %}
|
||||
server {{ server }}
|
||||
{% endfor %}
|
||||
}
|
||||
{% endif %}
|
46
templates/vhosts/php.j2
Normal file
46
templates/vhosts/php.j2
Normal file
|
@ -0,0 +1,46 @@
|
|||
{% include 'partials/map.j2' %}
|
||||
{% include 'partials/upstream.j2' %}
|
||||
|
||||
server {
|
||||
{% include 'partials/header.j2' %}
|
||||
|
||||
|
||||
root {{ item.root|default('/var/www/html');
|
||||
index {{ item.index|default('index.html index.htm')}};
|
||||
|
||||
access_log /var/log/nginx/{{ item.server_name }}.access.log buffer=20m flush=5m;
|
||||
error_log /var/log/nginx/{{ item.server_name }}.error.log warn;
|
||||
|
||||
{% include 'partials/ssl.j2' %}
|
||||
|
||||
{% if item.extra_parameters is defined %}
|
||||
{{ item.extra_parameters|indent(4) }}
|
||||
{% endif %}
|
||||
|
||||
{% if item.cache is defined and item.cache = true %}
|
||||
open_file_cache max=2000 inactive=5m;
|
||||
open_file_cache_valid 2m;
|
||||
open_file_cache_min_uses 2;
|
||||
open_file_cache_errors on;
|
||||
{% endif %}
|
||||
|
||||
{% include 'partials/letsencrypt-webroot.j2' %}
|
||||
{% include 'partials/logoff-favicon-robots.txt.j2' %}
|
||||
|
||||
{% if item.location is defined %}
|
||||
{{ item.location|indent(4) }}
|
||||
{% endif %}
|
||||
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
fastcgi_pass unix:/run/php/{{ item.key }}.sock;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
{%if item.fastcgi_param is defined %}
|
||||
{%for param in item.fastcgi_param %}
|
||||
fastcgi_param {{ param.name }} {{ param.value }};
|
||||
{%endfor %}
|
||||
{%endif%}
|
||||
include fastcgi_params;
|
||||
}
|
||||
}
|
35
templates/vhosts/proxy.j2
Normal file
35
templates/vhosts/proxy.j2
Normal file
|
@ -0,0 +1,35 @@
|
|||
{% include 'partials/map.j2' %}
|
||||
{% include 'partials/upstream.j2' %}
|
||||
|
||||
server {
|
||||
{% include 'partials/header.j2' %}
|
||||
|
||||
access_log /var/log/nginx/{{ item.server_name }}.access.log;
|
||||
error_log /var/log/nginx/{{ item.server_name }}.error.log;
|
||||
|
||||
include /etc/nginx/conf.d/proxy.conf;
|
||||
|
||||
{% if item.extra_parameters is defined %}
|
||||
{{ item.extra_parameters|indent(4) }}
|
||||
{% endif %}
|
||||
|
||||
{% include 'partials/letsencrypt-webroot.j2' %}
|
||||
{% include 'partials/logoff-favicon-robots.txt.j2' %}
|
||||
|
||||
location /errors/ {
|
||||
alias /var/www/html/errors/;
|
||||
internal;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass {{ item.proxy }};
|
||||
}
|
||||
|
||||
{% if item.location is defined %}
|
||||
{{ item.location|indent(4) }}
|
||||
{% endif %}
|
||||
|
||||
{% if item.extra_parameters is defined %}
|
||||
{{ item.extra_parameters|indent(4) }}
|
||||
{% endif %}
|
||||
}
|
16
templates/vhosts/redirect.j2
Normal file
16
templates/vhosts/redirect.j2
Normal file
|
@ -0,0 +1,16 @@
|
|||
{% include 'partials/map.j2' %}
|
||||
{% include 'partials/upstream.j2' %}
|
||||
server {
|
||||
{% include 'partials/header.j2' %}
|
||||
access_log /dev/null;
|
||||
error_log /dev/null;
|
||||
|
||||
{% include 'partials/letsencrypt-webroot.j2' %}
|
||||
|
||||
location / {
|
||||
return {{ item.return_code|default('301') }} {{ item.return }};
|
||||
}
|
||||
{% if item.extra_parameters is defined %}
|
||||
{{ item.extra_parameters|indent(4) }}
|
||||
{% endif %}
|
||||
}
|
Loading…
Reference in a new issue