Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add nginx base conf, and per site conf. Still needs proxying uploads …
…and SSL.
- Loading branch information
1 parent
ec635ba
commit d74702f
Showing
2 changed files
with
135 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
user [% wreUser %]; | ||
worker_processes 10; | ||
|
||
error_log [% wreRoot %]/var/logs/error.log; | ||
|
||
pid [% wreRoot %]/var/run/nginx.pid; | ||
|
||
events { | ||
worker_connections 1024; | ||
} | ||
|
||
http { | ||
include mime.types; | ||
default_type application/octet-stream; | ||
|
||
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | ||
'$status $body_bytes_sent "$http_referer" ' | ||
'"$http_user_agent" "$http_x_forwarded_for"'; | ||
|
||
sendfile on; | ||
|
||
keepalive_timeout 65; | ||
|
||
server_tokens off; | ||
|
||
gzip on; | ||
gzip_types text/plain text/css application/json application/json-rpc application/x-javascript text/xml application/xml application/xml+rss text/javascript; | ||
gzip_comp_level 9; | ||
|
||
location ^~ /extras/ { | ||
root [% webguiRoot %]/www/extras; | ||
expires 36000 | ||
} | ||
|
||
location ~ /.* { | ||
proxy_pass http://localhost:[% starmanPort %]; | ||
} | ||
|
||
server { | ||
listen [% modproxyPort %]; | ||
server_name localhost; | ||
client_max_body_size 20M; | ||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_set_header Host $host; | ||
|
||
} | ||
|
||
##Include per-server vhost configuration files. | ||
include [% wreRoot %]/etc/*.nginx | ||
|
||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
server { | ||
listen [% modproxyPort %]; | ||
server_name [% sitename %] [% domain %]; | ||
access_log [% domainRoot %]/[% sitename %]/logs/access.log combined | ||
|
||
# block IIS related attacks from getting to WebGUI | ||
location = /^scripts/ { | ||
return 400 | ||
} | ||
|
||
location = /^default.ida/ { | ||
return 400 | ||
} | ||
|
||
location = /_vti_bin/ { | ||
return 400 | ||
} | ||
|
||
location = /_mem_bin/ { | ||
return 400 | ||
} | ||
|
||
# leave static stuff (extras) to be served directly by modproxy (rule should be inherited from parent) | ||
#RewriteRule ^/extras/ - [L] | ||
|
||
# For speed we only pass on uploads if there is a .wgaccess file | ||
RewriteCond %{REQUEST_FILENAME} ^(.*/) | ||
RewriteCond %{DOCUMENT_ROOT}%1.wgaccess !-f | ||
RewriteRule ^/uploads/ - [L] | ||
|
||
# proxy webgui pages | ||
#ProxyPreserveHost On | ||
#RewriteRule ^/(.*) http://127.0.0.1:[% modperlPort %]/$1 [P] | ||
} | ||
|
||
# Uncomment the following lines to enable SSL for this host. Also, | ||
# change the 10.0.0.1 to the IP address you wish to bind the SSL host | ||
# to. | ||
|
||
#Listen 10.0.0.1:443 | ||
#<VirtualHost 10.0.0.1:443> | ||
# ServerName [% sitename %] | ||
# CustomLog [% domainRoot %]/[% sitename %]/logs/access.log combined | ||
# DocumentRoot [% domainRoot %]/[% sitename %]/public | ||
# | ||
# # let modperl know we're using SSL | ||
# RequestHeader add SSLPROXY "1" | ||
# | ||
# # turn on mod_rewrite | ||
# RewriteEngine On | ||
# RewriteLog "[% wreRoot %]/var/logs/modrewrite.log" | ||
# RewriteLogLevel 0 | ||
# | ||
# # block IIS related attacks from getting to WebGUI | ||
# RewriteRule ^/scripts/ - [L] | ||
# RewriteRule ^/default.ida - [L] | ||
# RewriteRule ^/_vti_bin - [L] | ||
# RewriteRule ^/_mem_bin - [L] | ||
# | ||
# # leave static stuff to be served directly by modproxy | ||
# RewriteRule ^/favicon.ico - [L] | ||
# RewriteRule ^/extras/ - [L] | ||
# | ||
# # For speed we only pass on uploads if there is a .wgaccess file | ||
# RewriteCond %{REQUEST_FILENAME} ^(.*/) | ||
# RewriteCond %{DOCUMENT_ROOT}%1.wgaccess !-f | ||
# RewriteRule ^/uploads/ - [L] | ||
# | ||
# # proxy webgui pages | ||
# ProxyPreserveHost On | ||
# RewriteRule ^/(.*) http://127.0.0.1:[% modperlPort %]/$1 [P] | ||
# | ||
# # enable SSL | ||
# SSLEngine on | ||
# SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL | ||
# SSLCertificateFile [% domainRoot %]/[% sitename %]/certs/server.crt | ||
# SSLCertificateKeyFile [% domainRoot %]/[% sitename %]/certs/server.key | ||
# SSLCACertificateFile [% domainRoot %]/[% sitename %]/certs/UTNAddTrustServerCA.crt | ||
# SetEnvIf User-Agent ".*MSIE.*" \ | ||
# nokeepalive ssl-unclean-shutdown \ | ||
# downgrade-1.0 force-response-1.0 | ||
#</VirtualHost> | ||
|