Created
March 11, 2016 16:25
-
-
Save illdefined/eae3ee7a6f2a609e9548 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Response headers | |
setenv.add-response-header += ( | |
"Cache-Control" => "public, max-age=" + cache + ", must-revalidate", | |
"Content-Security-Policy" => "default-src 'self' 'unsafe-inline'; frame-ancestors 'none'", | |
"Public-Key-Pins" => "pin-sha256=\"lmZryp05LrsRtSU5dHdM0QfH0KVzNz86+XAfxZ01tVQ=\"; pin-sha256=\"NXFv8A3rKecZBRTVOGphhD6xYs0MmlUg7orKRw2lKzY=\"; max-age=604800", | |
"Strict-Transport-Security" => "max-age=15552000; includeSubDomains; preload" | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server.modules = ( | |
"mod_compress", | |
"mod_setenv", | |
"mod_access", | |
"mod_redirect", | |
"mod_userdir", | |
"mod_fastcgi" | |
) | |
server.username = "www-data" | |
server.groupname = "www-data" | |
server.tag = "" | |
server.name = "nyantec.com" | |
server.event-handler = "linux-sysepoll" | |
server.network-backend = "linux-sendfile" | |
server.max-workers = 4 | |
server.max-fds = 8192 | |
server.max-connections = 4096 | |
server.stat-cache-engine = "fam" | |
server.document-root = "/srv/nyantec.com/" | |
index-file.names = ( "index.html", "index.atom", "index.php" ) | |
server.dir-listing = "disable" | |
# IPv4 HTTP | |
server.bind = "0.0.0.0" | |
server.port = 80 | |
# IPv6 HTTP | |
$SERVER["socket"] == "[::]:80" { } | |
# IPv4 HTTPS | |
$SERVER["socket"] == "0.0.0.0:443" { | |
include "nyantec/tls.conf" | |
} | |
# IPv6 HTTPS | |
$SERVER["socket"] == "[::]:443" { | |
include "nyantec/tls.conf" | |
} | |
# Compression | |
compress.cache-dir = "/var/cache/lighttpd/compress/" | |
compress.filetype = ( | |
"application/atom+xml; charset=utf-8", | |
"application/ecmascript; charset=utf-8", | |
"application/javascript; charset=utf-8", | |
"application/json; charset=utf-8", | |
"application/xhtml+xml; charset=utf-8", | |
"application/xml; charset=utf-8", | |
"image/svg+xml; charset=utf-8", | |
"text/css; charset=utf-8", | |
"text/html; charset=utf-8", | |
"text/plain; charset=utf-8", | |
) | |
$HTTP["host"] == "nyantec.com" { | |
# Extract language from Accept-Language header | |
$HTTP["language"] =~ "^de" { | |
var.language = "de" | |
include "nyantec/url.conf" | |
} | |
else $HTTP["language"] =~ ".*" { | |
var.language = "en" | |
include "nyantec/url.conf" | |
} | |
} | |
else $HTTP["host"] == "dav.nyantec.com" { | |
server.document-root = "/srv/dav.nyantec.com/html/" | |
include "baikal/tls.conf" | |
include "baikal/url.conf" | |
} | |
else $HTTP["host"] == "lolnein.com" { | |
server.document-root = "/srv/lolnein.com/" | |
$HTTP["url"] =~ "^/comics/" { | |
var.cache = 86400 | |
include "lolnein/headers.conf" | |
} | |
else $HTTP["url"] =~ ".*" { | |
var.cache = 3600 | |
include "lolnein/headers.conf" | |
} | |
} | |
else $HTTP["host"] == "blog.lolnein.com" { | |
server.document-root = "/srv/blog.lolnein.com/" | |
$HTTP["url"] =~ ".*" { | |
var.cache = 3600 | |
include "lolnein/headers.conf" | |
} | |
} | |
else $HTTP["host"] == "www.lolnein.com" { | |
url.redirect-code = 301 | |
url.redirect = ( "(.*)" => "http://lolnein.com$1" ) | |
} | |
# Redirect to canonical host | |
else $HTTP["host"] != "nyantec.com" { | |
url.redirect-code = 301 | |
url.redirect = ( "(.*)" => "https://nyantec.com$1" ) | |
} | |
userdir.path = "public_html" | |
userdir.include-user = ( "mvs" ) | |
include "mime.conf" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mimetype.assign = ( | |
".atom" => "application/atom+xml; charset=utf-8", | |
".html" => "text/html; charset=utf-8", | |
".js" => "application/javascript; charset=utf-8", | |
".svg" => "image/svg+xml; charset=utf-8", | |
".pdf" => "application/pdf", | |
".sig" => "application/pgp-signature", | |
".gif" => "image/gif", | |
".jpg" => "image/jpeg", | |
".jpeg" => "image/jpeg", | |
".png" => "image/png", | |
".css" => "text/css; charset=utf-8", | |
".asc" => "text/plain; charset=utf-8", | |
".txt" => "text/plain; charset=utf-8", | |
".patch" => "text/plain; charset=utf-8", | |
".ttf" => "application/x-font-ttf", | |
".woff" => "application/font-woff", | |
".wav" => "audio/wav", | |
"" => "application/octet-stream", | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ssl.engine = "enable" | |
ssl.pemfile = "/var/ssl/nyantec.com.pem" | |
ssl.ca-file = "/var/ssl/startssl.pem" | |
ssl.dh-file = "/var/ssl/dhparam.pem" | |
ssl.ec-curve = "secp384r1" | |
ssl.use-sslv3 = "disable" | |
ssl.cipher-list = "AES128+EECDH:AES128+EDH:!TLSv1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Redirect / based on language | |
$HTTP["url"] == "/" { | |
var.cache = 3600 | |
include "nyantec/headers.conf" | |
url.redirect-code = 301 | |
url.redirect = ( ".*" => "https://nyantec.com/" + language + "/" ) | |
} | |
# Assets and founts (cache twelve weeks) | |
else $HTTP["url"] =~ "^/(assets|founts)/" { | |
var.cache = 7257600 | |
include "nyantec/headers.conf" | |
} | |
# Everything else (cache one day) | |
else $HTTP["url"] =~ ".*" { | |
var.cache = 3600 | |
include "nyantec/headers.conf" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment