Created
September 13, 2012 07:10
-
-
Save hfase01/3712515 to your computer and use it in GitHub Desktop.
my nginx vodo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
worker_processes 8; | |
pid /var/run/nginx.pid; | |
events { | |
worker_connections 4096; | |
} | |
http { | |
include mime.types; | |
default_type application/octet-stream; | |
sendfile on; | |
keepalive_timeout 65; | |
server_tokens off; | |
gzip on; | |
gzip_comp_level 6; | |
gzip_vary on; | |
gzip_proxied any; | |
gzip_buffers 32 8k; | |
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; | |
gzip_disable "MSIE [1-6]\.(?!.*SV1)"; | |
#### Upstream | |
### | |
## | |
# | |
upstream diaspora { | |
server unix:/home/diaspora/diaspora-hfase/tmp/sockets/diaspora.socket max_fails=3 fail_timeout=30s; | |
server unix:/home/hans/workspace/diaspora/tmp/sockets/diaspora.socket max_fails=3 fail_timeout=30s; | |
} | |
## | |
# | |
upstream gitlab { | |
server unix:/home/gitlab/gitlab/tmp/sockets/gitlab.socket; | |
} | |
## | |
# | |
upstream w44 { | |
server unix:/home/hans/workspace/travis-ci/tmp/sockets/travis.socket max_fails=3 fail_timeout=30s; | |
server unix:/home/w44/diaspora-w44/tmp/sockets/diaspora.socket max_fails=3 fail_timeout=30s; | |
server 0.0.0.0:3000 max_fails=3 fail_timeout=30s; ## script-server fail-back | |
} | |
## | |
# | |
upstream php { | |
server unix:/tmp/php.sock; | |
} | |
#### Diaspora | |
### | |
## | |
# | |
server { | |
listen 80; | |
server_name www.hfase.com hfase.com; | |
rewrite ^(.*) https://hfase.com$1 permanent; | |
} | |
server { | |
listen 443; | |
server_name www.hfase.com hfase.com; | |
root /home/diaspora/diaspora-hfase/public; | |
ssl on; | |
ssl_certificate /home/hans/ssl-certs+keys/hfase-ssl.crt; ## You will need to supply these files!!! | |
ssl_certificate_key /home/hans/ssl-certs+keys/hfase-ssl.key; ## You will need to supply these files!!! | |
# enable better ssl security if you like to mitigate BEAST and other exploits | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 5m; | |
#ssl_protocols TLSv1; | |
#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM; | |
#ssl_prefer_server_ciphers on; | |
add_header Strict-Transport-Security max-age=500; | |
#ssl_ecdh_curve secp521r1; | |
if ($host = 'www.hfase.com' ) { | |
rewrite ^/(.*)$ https://hfase.com/$1 permanent; | |
} | |
location /uploads { | |
rewrite ^/(.*)$ https://hfase.s3.amazonaws.com/$1 permanent; | |
} | |
location /assets { | |
rewrite ^/(.*)$ https://hfase-assets.s3.amazonaws.com/$1 permanent; | |
} | |
location / { | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_set_header X-Forwarded-Proto https; | |
proxy_redirect off; | |
client_max_body_size 4M; | |
client_body_buffer_size 128K; | |
if (-f $request_filename/index.html) { | |
rewrite (.*) $1/index.html break; | |
} | |
if (-f $request_filename.html) { | |
rewrite (.*) $1.html break; | |
} | |
if (!-f $request_filename) { | |
proxy_pass http://diaspora; | |
break; | |
} | |
} | |
error_page 500 503 504 /500.html; | |
location = /500.html { | |
root /home/diaspora/diaspora-hfase/public; | |
} | |
error_page 404 /404.html; | |
location = /404.html { | |
root /home/diaspora/diaspora-hfase/public; | |
} | |
error_page 502 /down.html; | |
location = /down.html { | |
root /home/diaspora/diaspora-hfase/public; | |
} | |
} | |
#### Webmin | |
### | |
## | |
# | |
server { | |
listen 80; | |
server_name admin.hfase.com; | |
rewrite ^(.*) https://admin.hfase.com$1 permanent; | |
} | |
server { | |
listen 443; | |
server_name admin.hfase.com; | |
ssl on; | |
ssl_certificate /home/hans/ssl-certs+keys/admin.hfase-ssl.crt; | |
ssl_certificate_key /home/hans/ssl-certs+keys/admin.hfase-ssl.key; | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 5m; | |
#ssl_protocols TLSv1; | |
#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM; | |
#ssl_prefer_server_ciphers on; | |
add_header Strict-Transport-Security max-age=500; | |
location / { | |
proxy_pass https://127.0.0.1:10000/; | |
# allow anyone in 192.168.1.0/24 | |
allow 192.168.1.0/24; | |
# drop rest of the world | |
deny all; | |
} | |
} | |
#### Wordpress | |
### | |
## | |
# | |
server { | |
listen 80; | |
server_name blog.hfase.com; | |
root /var/www/WP; | |
location / { | |
index index.php index.html index.htm; | |
try_files $uri $uri/ /index.php?q=$uri&$args; | |
} | |
# Pass the php scripts to fastcgi server specified in upstream declaration. | |
location ~ \.php$ { | |
fastcgi_pass php; | |
# Necessary for php. | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
# Unmodified fastcgi_params from nginx distribution. | |
include fastcgi_params; | |
} | |
# Deny access to version control system directories. | |
location ~ /\.svn|/\.git { | |
deny all; | |
internal; | |
} | |
} | |
#### Forum | |
### | |
## | |
# | |
server { | |
listen 80; | |
server_name forum.hfase.com; | |
root /var/www/icy_phoenix; | |
location / { | |
# phpbb uses index.htm | |
index index.php index.html index.htm; | |
} | |
# Deny access to internal phpbb files. | |
location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) { | |
deny all; | |
# deny was ignored before 0.8.40 for connections over IPv6. | |
# Use internal directive to prohibit access on older versions. | |
internal; | |
} | |
# Pass the php scripts to fastcgi server specified in upstream declaration. | |
location ~ \.php$ { | |
fastcgi_pass php; | |
# Necessary for php. | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
# Unmodified fastcgi_params from nginx distribution. | |
include fastcgi_params; | |
} | |
# Deny access to version control system directories. | |
location ~ /\.svn|/\.git { | |
deny all; | |
internal; | |
} | |
} | |
#### Piwik | |
### | |
## | |
# | |
server { | |
listen 80; | |
server_name piwik.hfase.com; | |
rewrite ^(.*) https://piwik.hfase.com$1 permanent; | |
} | |
server { | |
listen 443; | |
server_name piwik.hfase.com; | |
root /var/www/piwik; | |
ssl on; | |
ssl_certificate /home/hans/ssl-certs+keys/piwik-ssl.crt; ## You will need to supply these files!!! | |
ssl_certificate_key /home/hans/ssl-certs+keys/piwik-ssl.key; ## You will need to supply these files!!! | |
# enable better ssl security if you like to mitigate BEAST and other exploits | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 5m; | |
#ssl_protocols TLSv1; | |
#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM; | |
#ssl_prefer_server_ciphers on; | |
add_header Strict-Transport-Security max-age=500; | |
#ssl_ecdh_curve secp521r1; | |
location / { | |
index index.php index.html index.htm; | |
try_files $uri $uri/ /index.php?q=$uri&$args; | |
} | |
# Deny access to internal phpbb files. | |
location ~ /(config.ini\.php|global.ini\.php|includes|cache|files|store|images/avatars/upload) { | |
deny all; | |
# deny was ignored before 0.8.40 for connections over IPv6. | |
# Use internal directive to prohibit access on older versions. | |
internal; | |
} | |
# Pass the php scripts to fastcgi server specified in upstream declaration. | |
location ~ \.php$ { | |
fastcgi_pass php; | |
# Necessary for php. | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
# Unmodified fastcgi_params from nginx distribution. | |
include fastcgi_params; | |
} | |
# Deny access to version control system directories. | |
location ~ /\.svn|/\.git { | |
deny all; | |
internal; | |
} | |
} | |
#### w44 | |
### | |
## | |
# | |
server { | |
listen 80; | |
server_name w44.co; | |
rewrite ^(.*) https://w44.co$1 permanent; | |
} | |
server { | |
listen 443; | |
server_name w44.co; | |
root /home/w44/diaspora-w44/public; | |
ssl on; | |
ssl_certificate /home/hans/ssl-certs+keys/w44.crt; ## You will need to supply these files!!! | |
ssl_certificate_key /home/hans/ssl-certs+keys/w44.key; ## You will need to supply these files!!! | |
# enable better ssl security if you like to mitigate BEAST and other exploits | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 5m; | |
#ssl_protocols TLSv1; | |
#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM; | |
#ssl_prefer_server_ciphers on; | |
add_header Strict-Transport-Security max-age=500; | |
#ssl_ecdh_curve secp521r1; | |
if ($host = 'www.w44.co' ) { | |
rewrite ^/(.*)$ https://w44.co/$1 permanent; | |
} | |
location /uploads { | |
rewrite ^/(.*)$ https://w44.s3.amazonaws.com/$1 permanent; | |
} | |
location /assets { | |
rewrite ^/(.*)$ https://w44-assets.s3.amazonaws.com/$1 permanent; | |
} | |
location / { | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_set_header X-Forwarded-Proto https; | |
proxy_redirect off; | |
client_max_body_size 4M; | |
client_body_buffer_size 128K; | |
if (-f $request_filename/index.html) { | |
rewrite (.*) $1/index.html break; | |
} | |
if (-f $request_filename.html) { | |
rewrite (.*) $1.html break; | |
} | |
if (!-f $request_filename) { | |
proxy_pass http://w44; | |
break; | |
} | |
} | |
error_page 500 503 504 /500.html; | |
location = /500.html { | |
root /home/w44/diaspora-w44/public; | |
} | |
error_page 404 /404.html; | |
location = /404.html { | |
root /home/w44/diaspora-w44/public; | |
} | |
error_page 502 /down.html; | |
location = /down.html { | |
root /home/w44/diaspora-w44/public; | |
} | |
} | |
#### Gitlab | |
### | |
## | |
# | |
server { | |
listen 80; | |
server_name git.hfase.com; | |
rewrite ^(.*) https://git.hfase.com$1 permanent; | |
} | |
server { | |
listen 443; | |
server_name git.hfase.com; | |
root /home/gitlab/gitlab/public; | |
ssl on; | |
ssl_certificate /home/hans/ssl-certs+keys/git.hfase-ssl.crt; | |
ssl_certificate_key /home/hans/ssl-certs+keys/git.hfase-ssl.key; | |
# enable better ssl security if you like to mitigate BEAST and other exploits | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 5m; | |
#ssl_protocols TLSv1; | |
#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM; | |
#ssl_prefer_server_ciphers on; | |
add_header Strict-Transport-Security max-age=500; | |
#ssl_ecdh_curve secp521r1; | |
location /uploads/images { | |
expires 1d; | |
add_header Cache-Control public; | |
} | |
location /assets { | |
expires 1d; | |
add_header Cache-Control public; | |
} | |
location / { | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_set_header X-Forwarded-Proto https; | |
proxy_redirect off; | |
client_max_body_size 4M; | |
client_body_buffer_size 128K; | |
if (-f $request_filename/index.html) { | |
rewrite (.*) $1/index.html break; | |
} | |
if (-f $request_filename.html) { | |
rewrite (.*) $1.html break; | |
} | |
if (!-f $request_filename) { | |
proxy_pass http://gitlab; | |
break; | |
} | |
} | |
error_page 500 503 504 /500.html; | |
location = /500.html { | |
root /home/gitlab/gitlab/public; | |
} | |
error_page 404 /404.html; | |
location = /404.html { | |
root /home/gitlab/gitlab/public; | |
} | |
error_page 502 /down.html; | |
location = /down.html { | |
root /home/gitlab/gitlab/public; | |
} | |
} | |
#### Phpmyadmin | |
### | |
## | |
# | |
server { | |
listen 80; | |
server_name sql.hfase.com; | |
root /usr/share/phpmyadmin; | |
location / { | |
index index.php index.html index.htm; | |
try_files $uri $uri/ /index.php?q=$uri&$args; | |
# allow anyone in 192.168.1.0/24 | |
# allow 192.168.1.0/24; | |
# drop rest of the world | |
# deny all; | |
} | |
# Deny access to internal phpbb files. | |
location ~ /(wp-config\.php|wp-common\.php|includes|cache|files|store|images/avatars/upload) { | |
deny all; | |
# deny was ignored before 0.8.40 for connections over IPv6. | |
# Use internal directive to prohibit access on older versions. | |
internal; | |
} | |
# Pass the php scripts to fastcgi server specified in upstream declaration. | |
location ~ \.php$ { | |
fastcgi_pass php; | |
# Necessary for php. | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
# Unmodified fastcgi_params from nginx distribution. | |
include fastcgi_params; | |
} | |
# Deny access to version control system directories. | |
location ~ /\.svn|/\.git { | |
deny all; | |
internal; | |
} | |
} | |
#### Mirror | |
### | |
## | |
# | |
server { | |
listen 80; | |
server_name mirror.hfase.com; | |
root /var/www/mirror; | |
location / { | |
index index.html | |
index.php | |
/_h5ai/php/h5ai-index.php; | |
autoindex on; | |
} | |
location ~ \.php$ { | |
fastcgi_pass php; | |
# Necessary for php. | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
# Unmodified fastcgi_params from nginx distribution. | |
include fastcgi_params; | |
} | |
} | |
#### END | |
### | |
## | |
# | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment