hfase01/1337.sh

## 1337.sh
#!/bin/sh -e
set -o verbose
cd /etc/init.d
sudo rm -rf ./diaspora* ## WARNING! I need to change this to an IF condition to back up any files already there..
sudo wget https://raw.github.com/gist/2862098/diaspora
sudo chmod +x diaspora
sudo update-rc.d diaspora defaults
cd ~/
curl https://raw.github.com/gist/2862098/newD.sh | sh
cd /etc/nginx
sudo rm -rf ./nginx.conf* ## WARNING! I need to change this to an IF condition to back up any files already there..
sudo wget https://raw.github.com/gist/2862098/nginx.conf
exit -0

## diaspora
#! /bin/sh
### BEGIN INIT INFO
# Provides:          diaspora
# Required-Start:    $local_fs $remote_fs $network $syslog redis-server
# Required-Stop:     $local_fs $remote_fs $network $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: diaspora repository management
# Description:       diaspora repository management
### END INIT INFO

NAME=unicorn
DESC="Diaspora"
PID=/home/diaspora/diaspora/tmp/pids/unicorn.pid
START_RESQUE_PROCESS="RAILS_ENV=production QUEUE=* RAILS_ENV=production BACKGROUND=yes bundle exec rake resque:work"
START_DAEMON_PROCESS="RAILS_ENV=production bundle exec unicorn_rails -c config/unicorn.rb -D"


case "$1" in
  start)
        echo -n "Starting $DESC: "
		bash -lc "$START_DAEMON_PROCESS && $START_RESQUE_PROCESS"
        echo "Started $NAME."
        ;;
  stop)
        echo -n "Stopping $DESC: "
        kill -QUIT `cat $PID`
        kill -QUIT `cat $RESQUE_PID`
        echo "Stopped $NAME."
        ;;
  restart)
        echo -n "Restarting $DESC: "
        kill -USR2 `cat $PID`
        kill -USR2 `cat $RESQUE_PID`
        sleep 1
        kill -USR2 `cat $PID`
        kill -USR2 `cat $RESQUE_PID`
        sleep 1
        bash -lc "$START_DAEMON_PROCESS && $START_RESQUE_PROCESS"
        echo "Restarted $NAME."
        ;;
  *)
        echo "Usage: $NAME {start|stop|restart}" >&2
        exit 1
        ;;
esac

exit 0

## newD.sh
#!/bin/sh -e
set -o verbose
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install -y build-essential libxslt1.1 nginx libxslt1-dev libxml2 ruby-full mysql-server libmysqlclient-dev libmysql-ruby libssl-dev libopenssl-ruby libcurl4-openssl-dev imagemagick libmagickwand-dev git-core redis-server libffi-dev libffi-ruby rubygems libsqlite3-dev libpq-dev libreadline5 openjdk-7-jre
wget http://ftp.us.debian.org/debian/pool/main/r/rubygems/rubygems_1.8.15-1_all.deb -O rubygems.deb && sudo dpkg -i rubygems.deb
sudo adduser \
 --system \
 --shell /bin/sh \
 --gecos 'diaspora system user' \
 --group \
 --disabled-login \
 --home /home/diaspora \
 diaspora
sudo -H -u diaspora git clone https://github.com/diaspora/diaspora.git /home/diaspora/diaspora
cd /home/diaspora/
sudo git clone https://github.com/joyent/node.git ## Install Node.js from source
cd node
sudo git checkout v0.7.0
sudo ./configure sh
sudo make
sudo make install
sudo add-apt-repository ppa:chris-lea/redis-server ## Get the newest version of redis-server from PPA
cd /home/diaspora/
curl -L get.rvm.io | sudo bash -s stable ## Multi-user RVM
sudo gem install bundler --no-ri --no-rdoc
rvm install ruby-1.9.3-p125
rvm use ruby-1.9.3-p125@global
sudo usermod -a -G rvm diaspora
exit -0

## nginx.conf
worker_processes 8;
user  hans;
pid /var/run/nginx.pid;
events {
  worker_connections  2048;
}
http {
	include       mime.types;
	default_type  application/octet-stream;
	sendfile on;
	keepalive_timeout  65;
	server_tokens off;
	gzip              on;
	gzip_comp_level   3;
	gzip_vary on;
	gzip_proxied      any;
	gzip_buffers      16 4k;
	gzip_types        text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
	gzip_disable      "MSIE [1-6]\.(?!.*SV1)";

#### Upstream
###
##
#
		upstream diaspora {
			server unix:/home/hans/workspace/diaspora/tmp/sockets/diaspora.socket max_fails=3  fail_timeout=30s;
			server 127.0.0.1:3000 max_fails=3  fail_timeout=30s; ## script-server fail-back
		}
		upstream gitlab {
			server unix:/home/hans/workspace/diaspora/tmp/sockets/diaspora.socket max_fails=3  fail_timeout=30s;
			server 127.0.0.1:3000 max_fails=3  fail_timeout=30s; ## script-server fail-back
		}
		upstream w44 {
			server unix:/home/hans/workspace/w44/tmp/sockets/diaspora.socket max_fails=3  fail_timeout=30s;
			server unix:/home/hans/workspace/w44/tmp/thin.sock max_fails=3  fail_timeout=30s;
			server unix:/home/hans/workspace/w44/tmp/thin.0.sock max_fails=3  fail_timeout=30s;
			server unix:/home/hans/workspace/w44/tmp/thin.1.sock max_fails=3  fail_timeout=30s;
			server unix:/home/hans/workspace/w44/tmp/thin.2.sock max_fails=3  fail_timeout=30s;
			server unix:/home/hans/workspace/w44/tmp/thin.3.sock max_fails=3  fail_timeout=30s;
			server 0.0.0.0:85 max_fails=3  fail_timeout=30s; ## script-server fail-back
		}
#### Catch-all
###
##
#
#		server {
#		listen       80;
#		server_name  _; ## This is a catch-all. Any unhandled request will be re-directed.
#		rewrite      ^(.*) https://hfase.com$1 permanent;
#		}
#		server {
#		listen       443;
#		server_name  _; ## This is a catch-all. Any unhandled request will be re-directed.
#		rewrite      ^(.*) https://hfase.com$1 permanent;
#		ssl on;
#		ssl_certificate      /home/hans/ssl-certs+keys/hfase-ssl.crt; ## You will need to supply these files!!!
#		ssl_certificate_key  /home/hans/ssl-certs+keys/hfase-ssl.key; ## You will need to supply these files!!!
#		# enable better ssl security if you like to mitigate BEAST and other exploits
#		ssl_session_cache       shared:SSL:10m;
#		ssl_session_timeout     5m;
#		#ssl_protocols           TLSv1;
#		#ssl_ciphers             ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
#		#ssl_prefer_server_ciphers on;
#		add_header              Strict-Transport-Security max-age=500;
#		#ssl_ecdh_curve          secp521r1;
#		}
#### w44
###
##
#
		server {
  		listen   80;
		server_name  w44.co;
		rewrite      ^(.*) https://w44.co$1 permanent;
		}
		server {
		listen       443;
		server_name  w44.co;
		root         /home/hans/workspace/w44/public;
		ssl on;
		ssl_certificate      /home/hans/ssl-certs+keys/w44.crt; ## You will need to supply these files!!!
		ssl_certificate_key  /home/hans/ssl-certs+keys/w44.key; ## You will need to supply these files!!!
		# enable better ssl security if you like to mitigate BEAST and other exploits
		ssl_session_cache       shared:SSL:10m;
		ssl_session_timeout     5m;
		#ssl_protocols           TLSv1;
		#ssl_ciphers             ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
		#ssl_prefer_server_ciphers on;
		add_header              Strict-Transport-Security max-age=500;
		#ssl_ecdh_curve          secp521r1;
		location /uploads/images {
		expires 1d;
		add_header Cache-Control public;
		}
		location /assets {
		expires 1d;
		add_header Cache-Control public;
		}
		location / {
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header Host $http_host;
			proxy_set_header X-Forwarded-Proto https;
			proxy_redirect off;
			client_max_body_size 4M;
			client_body_buffer_size 128K;
			if (-f $request_filename/index.html) {
			rewrite (.*) $1/index.html break;
			}
			if (-f $request_filename.html) {
			rewrite (.*) $1.html break;
			}
			if (!-f $request_filename) {
				proxy_pass http://w44;
				break;
				}
			}
			error_page 500 503 504 /500.html;
			location = /500.html {
			root /home/hans/workspace/w44/public;
			}
			error_page 404 /404.html;
			location = /404.html {
			root /home/hans/workspace/w44/public;
			}
			error_page 502 /down.html;
			location = /down.html {
			root /home/hans/workspace/w44/public;
			}
		}
#### Webmin
###
##
#
		server {
  		listen   80;
		server_name  admin.hfase.com;
		rewrite      ^(.*) https://admin.hfase.com$1 permanent;
		}
		server {
		listen   443;
		server_name  admin.hfase.com;
		ssl on;
		ssl_certificate      /home/hans/ssl-certs+keys/admin.hfase-ssl.crt;
		ssl_certificate_key  /home/hans/ssl-certs+keys/admin.hfase-ssl.key;
		ssl_session_cache       shared:SSL:10m;
		ssl_session_timeout     5m;
		#ssl_protocols           TLSv1;
		#ssl_ciphers             ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
		#ssl_prefer_server_ciphers on;
		add_header              Strict-Transport-Security max-age=500;
		location / {
			proxy_pass https://127.0.0.1:10000/;
			}
		}
#### Diaspora
###
##
#
		server {
		listen       443;
		server_name  hfase.com;
		root         /home/hans/workspace/diaspora/public;
		ssl on;
		ssl_certificate      /home/hans/ssl-certs+keys/hfase-ssl.crt; ## You will need to supply these files!!!
		ssl_certificate_key  /home/hans/ssl-certs+keys/hfase-ssl.key; ## You will need to supply these files!!!
		# enable better ssl security if you like to mitigate BEAST and other exploits
		ssl_session_cache       shared:SSL:10m;
		ssl_session_timeout     5m;
		#ssl_protocols           TLSv1;
		#ssl_ciphers             ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
		#ssl_prefer_server_ciphers on;
		add_header              Strict-Transport-Security max-age=500;
		#ssl_ecdh_curve          secp521r1;
		location /uploads/images {
		expires 1d;
		add_header Cache-Control public;
		}
		location /assets {
		expires 1d;
		add_header Cache-Control public;
		}
		location / {
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header Host $http_host;
			proxy_set_header X-Forwarded-Proto https;
			proxy_redirect off;
			client_max_body_size 4M;
			client_body_buffer_size 128K;
			if (-f $request_filename/index.html) {
			rewrite (.*) $1/index.html break;
			}
			if (-f $request_filename.html) {
			rewrite (.*) $1.html break;
			}
			if (!-f $request_filename) {
				proxy_pass http://diaspora;
				break;
				}
			}
			error_page 500 503 504 /500.html;
			location = /500.html {
			root /home/hans/workspace/diaspora/public;
			}
			error_page 404 /404.html;
			location = /404.html {
			root /home/hans/workspace/diaspora/public;
			}
			error_page 502 /down.html;
			location = /down.html {
			root /home/hans/workspace/diaspora/public;
			}
		}
#### Gitlab
###
##
#
		server {
		listen       443;
		server_name  git.hfase.com;
		root         /home/gitlab/gitlab/public;
		ssl on;
		ssl_certificate      /home/hans/ssl-certs+keys/git.hfase-ssl.crt;
		ssl_certificate_key  /home/hans/ssl-certs+keys/git.hfase-ssl.key;
		# enable better ssl security if you like to mitigate BEAST and other exploits
		ssl_session_cache       shared:SSL:10m;
		ssl_session_timeout     5m;
		#ssl_protocols           TLSv1;
		#ssl_ciphers             ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
		#ssl_prefer_server_ciphers on;
		add_header              Strict-Transport-Security max-age=500;
		#ssl_ecdh_curve          secp521r1;
		location /uploads/images {
		expires 1d;
		add_header Cache-Control public;
		}
		location /assets {
		expires 1d;
		add_header Cache-Control public;
		}
		location / {
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header Host $http_host;
			proxy_set_header X-Forwarded-Proto https;
			proxy_redirect off;
			client_max_body_size 4M;
			client_body_buffer_size 128K;
			if (-f $request_filename/index.html) {
			rewrite (.*) $1/index.html break;
			}
			if (-f $request_filename.html) {
			rewrite (.*) $1.html break;
			}
			if (!-f $request_filename) {
				proxy_pass http://gitlab;
				break;
				}
			}
			error_page 500 503 504 /500.html;
			location = /500.html {
			root /home/gitlab/gitlab/public;
			}
			error_page 404 /404.html;
			location = /404.html {
			root /home/gitlab/gitlab/public;
			}
			error_page 502 /down.html;
			location = /down.html {
			root /home/gitlab/gitlab/public;
			}
		}
}
	#!/bin/sh -e
	set -o verbose
	cd /etc/init.d
	sudo rm -rf ./diaspora* ## WARNING! I need to change this to an IF condition to back up any files already there..
	sudo wget https://raw.github.com/gist/2862098/diaspora
	sudo chmod +x diaspora
	sudo update-rc.d diaspora defaults
	cd ~/
	curl https://raw.github.com/gist/2862098/newD.sh \| sh
	cd /etc/nginx
	sudo rm -rf ./nginx.conf* ## WARNING! I need to change this to an IF condition to back up any files already there..
	sudo wget https://raw.github.com/gist/2862098/nginx.conf
	exit -0
	#! /bin/sh
	### BEGIN INIT INFO
	# Provides: diaspora
	# Required-Start: $local_fs $remote_fs $network $syslog redis-server
	# Required-Stop: $local_fs $remote_fs $network $syslog
	# Default-Start: 2 3 4 5
	# Default-Stop: 0 1 6
	# Short-Description: diaspora repository management
	# Description: diaspora repository management
	### END INIT INFO

	NAME=unicorn
	DESC="Diaspora"
	PID=/home/diaspora/diaspora/tmp/pids/unicorn.pid
	START_RESQUE_PROCESS="RAILS_ENV=production QUEUE=* RAILS_ENV=production BACKGROUND=yes bundle exec rake resque:work"
	START_DAEMON_PROCESS="RAILS_ENV=production bundle exec unicorn_rails -c config/unicorn.rb -D"


	case "$1" in
	start)
	echo -n "Starting $DESC: "
	bash -lc "$START_DAEMON_PROCESS && $START_RESQUE_PROCESS"
	echo "Started $NAME."
	;;
	stop)
	echo -n "Stopping $DESC: "
	kill -QUIT `cat $PID`
	kill -QUIT `cat $RESQUE_PID`
	echo "Stopped $NAME."
	;;
	restart)
	echo -n "Restarting $DESC: "
	kill -USR2 `cat $PID`
	kill -USR2 `cat $RESQUE_PID`
	sleep 1
	kill -USR2 `cat $PID`
	kill -USR2 `cat $RESQUE_PID`
	sleep 1
	bash -lc "$START_DAEMON_PROCESS && $START_RESQUE_PROCESS"
	echo "Restarted $NAME."
	;;
	*)
	echo "Usage: $NAME {start\|stop\|restart}" >&2
	exit 1
	;;
	esac

	exit 0
	#!/bin/sh -e
	set -o verbose
	sudo apt-get update
	sudo apt-get upgrade
	sudo apt-get install -y build-essential libxslt1.1 nginx libxslt1-dev libxml2 ruby-full mysql-server libmysqlclient-dev libmysql-ruby libssl-dev libopenssl-ruby libcurl4-openssl-dev imagemagick libmagickwand-dev git-core redis-server libffi-dev libffi-ruby rubygems libsqlite3-dev libpq-dev libreadline5 openjdk-7-jre
	wget http://ftp.us.debian.org/debian/pool/main/r/rubygems/rubygems_1.8.15-1_all.deb -O rubygems.deb && sudo dpkg -i rubygems.deb
	sudo adduser \
	--system \
	--shell /bin/sh \
	--gecos 'diaspora system user' \
	--group \
	--disabled-login \
	--home /home/diaspora \
	diaspora
	sudo -H -u diaspora git clone https://github.com/diaspora/diaspora.git /home/diaspora/diaspora
	cd /home/diaspora/
	sudo git clone https://github.com/joyent/node.git ## Install Node.js from source
	cd node
	sudo git checkout v0.7.0
	sudo ./configure sh
	sudo make
	sudo make install
	sudo add-apt-repository ppa:chris-lea/redis-server ## Get the newest version of redis-server from PPA
	cd /home/diaspora/
	curl -L get.rvm.io \| sudo bash -s stable ## Multi-user RVM
	sudo gem install bundler --no-ri --no-rdoc
	rvm install ruby-1.9.3-p125
	rvm use ruby-1.9.3-p125@global
	sudo usermod -a -G rvm diaspora
	exit -0
	worker_processes 8;
	user hans;
	pid /var/run/nginx.pid;
	events {
	worker_connections 2048;
	}
	http {
	include mime.types;
	default_type application/octet-stream;
	sendfile on;
	keepalive_timeout 65;
	server_tokens off;
	gzip on;
	gzip_comp_level 3;
	gzip_vary on;
	gzip_proxied any;
	gzip_buffers 16 4k;
	gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
	gzip_disable "MSIE [1-6]\.(?!.*SV1)";

	#### Upstream
	###
	##
	#
	upstream diaspora {
	server unix:/home/hans/workspace/diaspora/tmp/sockets/diaspora.socket max_fails=3 fail_timeout=30s;
	server 127.0.0.1:3000 max_fails=3 fail_timeout=30s; ## script-server fail-back
	}
	upstream gitlab {
	server unix:/home/hans/workspace/diaspora/tmp/sockets/diaspora.socket max_fails=3 fail_timeout=30s;
	server 127.0.0.1:3000 max_fails=3 fail_timeout=30s; ## script-server fail-back
	}
	upstream w44 {
	server unix:/home/hans/workspace/w44/tmp/sockets/diaspora.socket max_fails=3 fail_timeout=30s;
	server unix:/home/hans/workspace/w44/tmp/thin.sock max_fails=3 fail_timeout=30s;
	server unix:/home/hans/workspace/w44/tmp/thin.0.sock max_fails=3 fail_timeout=30s;
	server unix:/home/hans/workspace/w44/tmp/thin.1.sock max_fails=3 fail_timeout=30s;
	server unix:/home/hans/workspace/w44/tmp/thin.2.sock max_fails=3 fail_timeout=30s;
	server unix:/home/hans/workspace/w44/tmp/thin.3.sock max_fails=3 fail_timeout=30s;
	server 0.0.0.0:85 max_fails=3 fail_timeout=30s; ## script-server fail-back
	}
	#### Catch-all
	###
	##
	#
	# server {
	# listen 80;
	# server_name _; ## This is a catch-all. Any unhandled request will be re-directed.
	# rewrite ^(.*) https://hfase.com$1 permanent;
	# }
	# server {
	# listen 443;
	# server_name _; ## This is a catch-all. Any unhandled request will be re-directed.
	# rewrite ^(.*) https://hfase.com$1 permanent;
	# ssl on;
	# ssl_certificate /home/hans/ssl-certs+keys/hfase-ssl.crt; ## You will need to supply these files!!!
	# ssl_certificate_key /home/hans/ssl-certs+keys/hfase-ssl.key; ## You will need to supply these files!!!
	# # enable better ssl security if you like to mitigate BEAST and other exploits
	# ssl_session_cache shared:SSL:10m;
	# ssl_session_timeout 5m;
	# #ssl_protocols TLSv1;
	# #ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
	# #ssl_prefer_server_ciphers on;
	# add_header Strict-Transport-Security max-age=500;
	# #ssl_ecdh_curve secp521r1;
	# }
	#### w44
	###
	##
	#
	server {
	listen 80;
	server_name w44.co;
	rewrite ^(.*) https://w44.co$1 permanent;
	}
	server {
	listen 443;
	server_name w44.co;
	root /home/hans/workspace/w44/public;
	ssl on;
	ssl_certificate /home/hans/ssl-certs+keys/w44.crt; ## You will need to supply these files!!!
	ssl_certificate_key /home/hans/ssl-certs+keys/w44.key; ## You will need to supply these files!!!
	# enable better ssl security if you like to mitigate BEAST and other exploits
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 5m;
	#ssl_protocols TLSv1;
	#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
	#ssl_prefer_server_ciphers on;
	add_header Strict-Transport-Security max-age=500;
	#ssl_ecdh_curve secp521r1;
	location /uploads/images {
	expires 1d;
	add_header Cache-Control public;
	}
	location /assets {
	expires 1d;
	add_header Cache-Control public;
	}
	location / {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_set_header X-Forwarded-Proto https;
	proxy_redirect off;
	client_max_body_size 4M;
	client_body_buffer_size 128K;
	if (-f $request_filename/index.html) {
	rewrite (.*) $1/index.html break;
	}
	if (-f $request_filename.html) {
	rewrite (.*) $1.html break;
	}
	if (!-f $request_filename) {
	proxy_pass http://w44;
	break;
	}
	}
	error_page 500 503 504 /500.html;
	location = /500.html {
	root /home/hans/workspace/w44/public;
	}
	error_page 404 /404.html;
	location = /404.html {
	root /home/hans/workspace/w44/public;
	}
	error_page 502 /down.html;
	location = /down.html {
	root /home/hans/workspace/w44/public;
	}
	}
	#### Webmin
	###
	##
	#
	server {
	listen 80;
	server_name admin.hfase.com;
	rewrite ^(.*) https://admin.hfase.com$1 permanent;
	}
	server {
	listen 443;
	server_name admin.hfase.com;
	ssl on;
	ssl_certificate /home/hans/ssl-certs+keys/admin.hfase-ssl.crt;
	ssl_certificate_key /home/hans/ssl-certs+keys/admin.hfase-ssl.key;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 5m;
	#ssl_protocols TLSv1;
	#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
	#ssl_prefer_server_ciphers on;
	add_header Strict-Transport-Security max-age=500;
	location / {
	proxy_pass https://127.0.0.1:10000/;
	}
	}
	#### Diaspora
	###
	##
	#
	server {
	listen 443;
	server_name hfase.com;
	root /home/hans/workspace/diaspora/public;
	ssl on;
	ssl_certificate /home/hans/ssl-certs+keys/hfase-ssl.crt; ## You will need to supply these files!!!
	ssl_certificate_key /home/hans/ssl-certs+keys/hfase-ssl.key; ## You will need to supply these files!!!
	# enable better ssl security if you like to mitigate BEAST and other exploits
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 5m;
	#ssl_protocols TLSv1;
	#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
	#ssl_prefer_server_ciphers on;
	add_header Strict-Transport-Security max-age=500;
	#ssl_ecdh_curve secp521r1;
	location /uploads/images {
	expires 1d;
	add_header Cache-Control public;
	}
	location /assets {
	expires 1d;
	add_header Cache-Control public;
	}
	location / {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_set_header X-Forwarded-Proto https;
	proxy_redirect off;
	client_max_body_size 4M;
	client_body_buffer_size 128K;
	if (-f $request_filename/index.html) {
	rewrite (.*) $1/index.html break;
	}
	if (-f $request_filename.html) {
	rewrite (.*) $1.html break;
	}
	if (!-f $request_filename) {
	proxy_pass http://diaspora;
	break;
	}
	}
	error_page 500 503 504 /500.html;
	location = /500.html {
	root /home/hans/workspace/diaspora/public;
	}
	error_page 404 /404.html;
	location = /404.html {
	root /home/hans/workspace/diaspora/public;
	}
	error_page 502 /down.html;
	location = /down.html {
	root /home/hans/workspace/diaspora/public;
	}
	}
	#### Gitlab
	###
	##
	#
	server {
	listen 443;
	server_name git.hfase.com;
	root /home/gitlab/gitlab/public;
	ssl on;
	ssl_certificate /home/hans/ssl-certs+keys/git.hfase-ssl.crt;
	ssl_certificate_key /home/hans/ssl-certs+keys/git.hfase-ssl.key;
	# enable better ssl security if you like to mitigate BEAST and other exploits
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 5m;
	#ssl_protocols TLSv1;
	#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
	#ssl_prefer_server_ciphers on;
	add_header Strict-Transport-Security max-age=500;
	#ssl_ecdh_curve secp521r1;
	location /uploads/images {
	expires 1d;
	add_header Cache-Control public;
	}
	location /assets {
	expires 1d;
	add_header Cache-Control public;
	}
	location / {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_set_header X-Forwarded-Proto https;
	proxy_redirect off;
	client_max_body_size 4M;
	client_body_buffer_size 128K;
	if (-f $request_filename/index.html) {
	rewrite (.*) $1/index.html break;
	}
	if (-f $request_filename.html) {
	rewrite (.*) $1.html break;
	}
	if (!-f $request_filename) {
	proxy_pass http://gitlab;
	break;
	}
	}
	error_page 500 503 504 /500.html;
	location = /500.html {
	root /home/gitlab/gitlab/public;
	}
	error_page 404 /404.html;
	location = /404.html {
	root /home/gitlab/gitlab/public;
	}
	error_page 502 /down.html;
	location = /down.html {
	root /home/gitlab/gitlab/public;
	}
	}
	}