SSL configuration for nginx hosted servers.

perlDreamer · perlDreamer · commit 2a29bcbae436 · 2011-12-31T11:11:13.000-08:00
diff --git a/wre/var/setupfiles/nginx.template b/wre/var/setupfiles/nginx.template
@@ -3,6 +3,10 @@ server {
     server_name [% sitename %] [% domain %]; 
     access_log [% domainRoot %]/[% sitename %]/logs/access.log combined
 
+    client_max_body_size 20M;
+    proxy_set_header  X-Real-IP  $remote_addr;
+    proxy_set_header Host $host;
+
     # block IIS related attacks from getting to WebGUI
     location = /^scripts/ {
         return 400
@@ -20,14 +24,6 @@ server {
         return 400
     }
 
-    # leave static stuff (extras) to be served directly by modproxy (rule should be inherited from parent)
-    #RewriteRule ^/extras/ - [L]
-
-    # For speed we only pass on uploads if there is a .wgaccess file
-    RewriteCond %{REQUEST_FILENAME}             ^(.*/)
-    RewriteCond %{DOCUMENT_ROOT}%1.wgaccess     !-f
-    RewriteRule ^/uploads/                      - [L]
-
     # proxy webgui pages
     #ProxyPreserveHost On
     #RewriteRule ^/(.*) http://127.0.0.1:[% modperlPort %]/$1 [P]
@@ -37,47 +33,33 @@ server {
 # change the 10.0.0.1 to the IP address you wish to bind the SSL host
 # to.
 
-#Listen 10.0.0.1:443
-#<VirtualHost 10.0.0.1:443>
-#    ServerName [% sitename %]
-#    CustomLog [% domainRoot %]/[% sitename %]/logs/access.log combined
-#    DocumentRoot [% domainRoot %]/[% sitename %]/public
+#server {
+#    listen     443;
+#    server_name [% sitename %] [% domain %]; 
+#    access_log [% domainRoot %]/[% sitename %]/logs/access.log combined
 #
-#    # let modperl know we're using SSL
-#    RequestHeader add SSLPROXY "1"
-#
-#    # turn on mod_rewrite
-#    RewriteEngine On
-#    RewriteLog "[% wreRoot %]/var/logs/modrewrite.log"
-#    RewriteLogLevel 0
+#    client_max_body_size 20M;
+#    proxy_set_header  X-Real-IP  $remote_addr;
+#    proxy_set_header Host $host;
 #
 #    # block IIS related attacks from getting to WebGUI
-#    RewriteRule ^/scripts/ - [L]
-#    RewriteRule ^/default.ida - [L]
-#    RewriteRule ^/_vti_bin - [L]
-#    RewriteRule ^/_mem_bin - [L]
+#    location = /^scripts/ {
+#        return 400
+#    }
 #
-#    # leave static stuff to be served directly by modproxy
-#    RewriteRule ^/favicon.ico - [L]
-#    RewriteRule ^/extras/ - [L]
+#    location = /^default.ida/ {
+#        return 400
+#    }
 #
-#    # For speed we only pass on uploads if there is a .wgaccess file
-#    RewriteCond %{REQUEST_FILENAME}             ^(.*/) 
-#    RewriteCond %{DOCUMENT_ROOT}%1.wgaccess     !-f 
-#    RewriteRule ^/uploads/                      - [L] 
+#    location = /_vti_bin/ {
+#        return 400
+#    }
 #
-#    # proxy webgui pages
-#    ProxyPreserveHost On
-#    RewriteRule ^/(.*) http://127.0.0.1:[% modperlPort %]/$1 [P]
+#    location = /_mem_bin/ {
+#        return 400
+#    }
 #
-#    # enable SSL 
-#    SSLEngine on
-#    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-#    SSLCertificateFile [% domainRoot %]/[% sitename %]/certs/server.crt
-#    SSLCertificateKeyFile [% domainRoot %]/[% sitename %]/certs/server.key
-#    SSLCACertificateFile [% domainRoot %]/[% sitename %]/certs/UTNAddTrustServerCA.crt
-#    SetEnvIf User-Agent ".*MSIE.*" \
-#        nokeepalive ssl-unclean-shutdown \
-#        downgrade-1.0 force-response-1.0
-#</VirtualHost>
-
+#    ssl_certificate [% domainRoot %]/[% sitename %]/certs/server.crt
+#    ssl_certificate_key [% domainRoot %]/[% sitename %]/certs/server.key
+#
+#}
