SandwichChef/Example nginx config

## Example nginx config
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    client_max_body_size 100M;

    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
	}

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    #include /etc/nginx/conf.d/*.conf;

	 upstream app_server {
    # fail_timeout=0 means we always retry an upstream even if it failed
    # to return a good HTTP response

    # for UNIX domain socket setups
    server unix:/var/ScrumStubs/ScrumStubs.sock fail_timeout=0;
    server unix:/var/ScrumStubs/daphne.sock fail_timeout=0;

    # for a TCP configuration
    # server 192.168.0.7:8000 fail_timeout=0;
  }

    server {
    listen 80;
    client_max_body_size 4G;
    server_name rorans.foxears.life;
    return 301 https://$host$request_uri;
}
    server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name rorans.foxears.life;
    auth_basic "Private Property";
    auth_basic_user_file /etc/nginx/.htpasswd;
    ssl_certificate /etc/nginx/ssl/certificate.crt;
    ssl_certificate_key /etc/nginx/ssl/private.key;
    location / {
    root /data/;
    autoindex on;
    }
}
    server {
    listen 80;
    server_name foxears.life;
    return 301 https://$host$request_uri;
}
    server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name foxears.life;
    ssl_certificate /etc/nginx/ssl/certificate.crt;
    ssl_certificate_key /etc/nginx/ssl/private.key;
    location /{
    root /var/www/foxears.life/;
    autoindex on;
    }
    location /joplin/ {
    auth_basic "Restricted area";
    auth_basic_user_file /etc/nginx/.htpasswd;
    #client_body_temp_path /data/client_temp;
    dav_methods PUT DELETE MKCOL COPY MOVE;
    #dav_ext_methods PROPFIND OPTIONS;
    create_full_put_path  on;
    dav_access            group:rw  all:r;
    }
}
    server {
    listen      80;
    server_name "";
    return      444;
}
    server {
    listen 443 ssl;
    listen [::]:443 ssl;
    ssl_certificate /etc/nginx/ssl/certificate.crt;
    ssl_certificate_key /etc/nginx/ssl/private.key;
    server_name matrix.foxears.life;
    location = /favicon.ico { access_log off; log_not_found off; }
    location / {
	#auth_basic "Staging";
	#auth_basic_user_file /etc/nginx/.htpasswd;
        #proxy_set_header Host $http_host;
        #proxy_set_header X-Real-IP $remote_addr;
        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_pass http://localhost:8008;
    }
    location /_matrix {
    proxy_pass http://localhost:8008;
    proxy_set_header X-Forwarded-For $remote_addr;
                        }
    location /.well-known/acme-challenge {
    proxy_pass http://localhost:8009;
}
}
#    server {
#    listen 8448 ssl default_server;
#    listen [::]:8448 ssl default_server;
#    ssl_certificate /etc/nginx/ssl/certificate.crt;
#    ssl_certificate_key /etc/nginx/ssl/private.key;
#    server_name matrix.foxears.life;
#    location / {
#        proxy_pass http://localhost:8008;
#        proxy_set_header X-Forwarded-For $remote_addr;
#    }
#}

#    server {
#        listen       80 default_server;
#        listen       [::]:80 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}
	# For more information on configuration, see:
	# * Official English Documentation: http://nginx.org/en/docs/
	# * Official Russian Documentation: http://nginx.org/ru/docs/

	user nginx;
	worker_processes auto;
	error_log /var/log/nginx/error.log;
	pid /run/nginx.pid;

	# Load dynamic modules. See /usr/share/nginx/README.dynamic.
	include /usr/share/nginx/modules/*.conf;

	events {
	worker_connections 1024;
	}

	http {
	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	access_log /var/log/nginx/access.log main;

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	client_max_body_size 100M;

	map $http_upgrade $connection_upgrade {
	default upgrade;
	'' close;
	}

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	# Load modular configuration files from the /etc/nginx/conf.d directory.
	# See http://nginx.org/en/docs/ngx_core_module.html#include
	# for more information.
	#include /etc/nginx/conf.d/*.conf;

	upstream app_server {
	# fail_timeout=0 means we always retry an upstream even if it failed
	# to return a good HTTP response

	# for UNIX domain socket setups
	server unix:/var/ScrumStubs/ScrumStubs.sock fail_timeout=0;
	server unix:/var/ScrumStubs/daphne.sock fail_timeout=0;

	# for a TCP configuration
	# server 192.168.0.7:8000 fail_timeout=0;
	}

	server {
	listen 80;
	client_max_body_size 4G;
	server_name rorans.foxears.life;
	return 301 https://$host$request_uri;
	}
	server {
	listen 443 ssl;
	listen [::]:443 ssl;
	server_name rorans.foxears.life;
	auth_basic "Private Property";
	auth_basic_user_file /etc/nginx/.htpasswd;
	ssl_certificate /etc/nginx/ssl/certificate.crt;
	ssl_certificate_key /etc/nginx/ssl/private.key;
	location / {
	root /data/;
	autoindex on;
	}
	}
	server {
	listen 80;
	server_name foxears.life;
	return 301 https://$host$request_uri;
	}
	server {
	listen 443 ssl;
	listen [::]:443 ssl;
	server_name foxears.life;
	ssl_certificate /etc/nginx/ssl/certificate.crt;
	ssl_certificate_key /etc/nginx/ssl/private.key;
	location /{
	root /var/www/foxears.life/;
	autoindex on;
	}
	location /joplin/ {
	auth_basic "Restricted area";
	auth_basic_user_file /etc/nginx/.htpasswd;
	#client_body_temp_path /data/client_temp;
	dav_methods PUT DELETE MKCOL COPY MOVE;
	#dav_ext_methods PROPFIND OPTIONS;
	create_full_put_path on;
	dav_access group:rw all:r;
	}
	}
	server {
	listen 80;
	server_name "";
	return 444;
	}
	server {
	listen 443 ssl;
	listen [::]:443 ssl;
	ssl_certificate /etc/nginx/ssl/certificate.crt;
	ssl_certificate_key /etc/nginx/ssl/private.key;
	server_name matrix.foxears.life;
	location = /favicon.ico { access_log off; log_not_found off; }
	location / {
	#auth_basic "Staging";
	#auth_basic_user_file /etc/nginx/.htpasswd;
	#proxy_set_header Host $http_host;
	#proxy_set_header X-Real-IP $remote_addr;
	#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	#proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_pass http://localhost:8008;
	}
	location /_matrix {
	proxy_pass http://localhost:8008;
	proxy_set_header X-Forwarded-For $remote_addr;
	}
	location /.well-known/acme-challenge {
	proxy_pass http://localhost:8009;
	}
	}
	# server {
	# listen 8448 ssl default_server;
	# listen [::]:8448 ssl default_server;
	# ssl_certificate /etc/nginx/ssl/certificate.crt;
	# ssl_certificate_key /etc/nginx/ssl/private.key;
	# server_name matrix.foxears.life;
	# location / {
	# proxy_pass http://localhost:8008;
	# proxy_set_header X-Forwarded-For $remote_addr;
	# }
	#}

	# server {
	# listen 80 default_server;
	# listen [::]:80 default_server;
	# server_name _;
	# root /usr/share/nginx/html;
	#
	# # Load configuration files for the default server block.
	# include /etc/nginx/default.d/*.conf;
	#
	# location / {
	# }
	#
	# error_page 404 /404.html;
	# location = /40x.html {
	# }
	#
	# error_page 500 502 503 504 /50x.html;
	# location = /50x.html {
	# }
	# }

	# Settings for a TLS enabled server.
	#
	# server {
	# listen 443 ssl http2 default_server;
	# listen [::]:443 ssl http2 default_server;
	# server_name _;
	# root /usr/share/nginx/html;
	#
	# ssl_certificate "/etc/pki/nginx/server.crt";
	# ssl_certificate_key "/etc/pki/nginx/private/server.key";
	# ssl_session_cache shared:SSL:1m;
	# ssl_session_timeout 10m;
	# ssl_ciphers HIGH:!aNULL:!MD5;
	# ssl_prefer_server_ciphers on;
	#
	# # Load configuration files for the default server block.
	# include /etc/nginx/default.d/*.conf;
	#
	# location / {
	# }
	#
	# error_page 404 /404.html;
	# location = /40x.html {
	# }
	#
	# error_page 500 502 503 504 /50x.html;
	# location = /50x.html {
	# }
	# }

	}