Skip to content

Instantly share code, notes, and snippets.

@leevigraham
Last active April 8, 2018 01:49
Show Gist options
  • Save leevigraham/f8359b89058e958155df4c4262cea75d to your computer and use it in GitHub Desktop.
Save leevigraham/f8359b89058e958155df4c4262cea75d to your computer and use it in GitHub Desktop.
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDS+kbMSBrBoGMGc9CvAiR/Yh+1Pu0/pxax48dw1LR1eR6YoUedBICNEsh8115zn4B1strZK6ZslxFByWYXLJSQhB5JQn/rJDGceWtmPLRpsxoqU6KdB7Qs5qmzSOeDNnmx62VTn8UB2ej+dA2NcnwFeAhvfEV1K4xOK5TkpsVZgzXeV7W2wJLHqoGylbSReIpbeaaq75ZAy7BBKYHmfeGgcpX8Za6IQ9oZZPpyI9k/ScRD5lzHJsAfxRhUrEawuqWH3rvALJbTwnl64luH/doXu+s1Yn6T3mnlF4oUbDYw0RskzQcWZGHgrkUU1IH2eSsDTnAh9Whrk+RR8mNxzixTrBNwO/1R+TKEFBjIvlnH1EKYFK6CAPGqycf5nf4hNNYHenIJBoLRybL5uTEk1NCbzllXKYYyKeBBWmS3a5PnK44VzklKnEqn5GaiuYHwEjS2cObg04DP/V/3UtjLeleXsM5VYtESXqw9DZmEFqDOKUpuLUcM9O5w2VxhxQRATmvCT/h4cXaEnpIFVcBQsnEaAXxFzeELyGEl36i3F2Zz0sJ2nkt82ha/iNasPxGbYUKm/aVTG8G88ewPxJY+fb5lgtw80ge0OEZb2hvpVfCygFuml48KiXD08BKVdHfN7jW+Pc16upWkr/yHCsb1zx/FNDaHFcXtAjZRfgmamCCzzQ== leevi+buildkite@newism.com.au
DOMAIN.buildbox.newism.com.au,
www.DOMAIN.buildbox.newism.com.au,
dev.DOMAIN.buildbox.newism.com.au,
stage.DOMAIN.buildbox.newism.com.au,
master.DOMAIN.buildbox.newism.com.au
# Sample NGINX conf for wildcard domains / pipeline in FORGE
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/DOMAIN.buildbox.newism.com.au/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ~^(?<branch>.+)?.DOMAIN.buildbox.newism.com.au
DOMAIN.buildbox.newism.com.au
;
set $newRelicAppName "DOMAIN";
# Set the root of the site to the standard public directory
# This is where the placeholder file will live
set $root /home/forge/DOMAIN.buildbox.newism.com.au/public;
if ($branch = "") {
set $branch index;
}
# If there is a branch and the
if (-d /home/forge/DOMAIN.buildbox.newism.com.au/$branch) {
set $root /home/forge/DOMAIN.buildbox.newism.com.au/$branch/current/public;
}
# If the branch matches a pipeline stage use the build path
if (-d /var/lib/buildkite-agent/builds/buildbox-vultr-forge-1/newism/$branch) {
set $root /var/lib/buildkite-agent/builds/buildbox-vultr-forge-1/newism/$branch/public;
}
root $root;
add_header X-branch "$branch";
add_header X-root "$root";
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/DOMAIN.buildbox.newism.com.au/175889/server.crt;
ssl_certificate_key /etc/nginx/ssl/DOMAIN.buildbox.newism.com.au/175889/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/DOMAIN.buildbox.newism.com.au/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
# location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/DOMAIN.buildbox.newism.com.au-error.log error;
error_page 404 /index.php;
# Built-in filename-based cache busting
# This will route all requests for /css/style.20120716.css to /css/style.css
# Read also this: github.com/h5bp/html5-boilerplate/wiki/cachebusting
# This is not included by default, because it'd be better if you use the build
# script to manage the file names.
location ~* (.+)\.(?:\d+)\.(js|css|png|jpg|jpeg|gif)$ {
try_files $uri $1.$2;
}
location ~ \.php$ {
fastcgi_param PHP_VALUE "newrelic.appname=$newRelicAppName [$branch]";
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/DOMAIN.buildbox.newism.com.au/after/*;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment