-
-
Save prefork/5091029 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
sudo aptitude remove nginx-light nginx nginx-common nginx-full | |
sudo apt-get install python-software-properties software-properties-common | |
sudo add-apt-repository ppa:chris-lea/nginx-devel | |
sudo aptitude update | |
sudo apt-get install nginx-light |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user www-data; | |
worker_processes 4; | |
pid /run/nginx.pid; | |
events { | |
worker_connections 2048; | |
} | |
http { | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay on; | |
keepalive_timeout 65; | |
types_hash_max_size 2048; | |
server_tokens off; | |
server_names_hash_bucket_size 128; | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
access_log /var/log/nginx/access.log; | |
error_log /var/log/nginx/error.log; | |
gzip on; | |
gzip_disable "msie6"; | |
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 30m; | |
############################################################################### | |
# mike.tig.as main | |
############################################################################### | |
server { | |
listen 443 ssl spdy; | |
server_name mike.tig.as; | |
add_header "X-If-You-Are-Reading-This" "you are too close"; | |
add_header "X-Colophon" "https://mike.tig.as/colophon/"; | |
add_header "Strict-Transport-Security" "max-age=86400"; | |
ssl on; | |
ssl_certificate /home/mtigas/ssl-201008/mike.tig.as.cert; | |
ssl_certificate_key /home/mtigas/ssl-201008/mike.tig.as-nopass.key; | |
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; | |
# prevent BEAST attack (TLS 1.2 ciphers or RC4), prefer "perfect forward secrecy" (ECDHE ciphers) | |
# basically a list of TLSv1.2 ECDHE ciphers, then ECDHE-*-RC4-*:ECDH-*-RC4-*:RC4-SHA for BEAST-safe (since they're supported everywhere) | |
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:RC4-SHA; | |
ssl_prefer_server_ciphers on; | |
root /home/mtigas/mike.tig.as/html; | |
index index.html index.htm; | |
# things moved around | |
rewrite ^/200([5-9])/(.*)$ /blog/200$1/$2 permanent; | |
rewrite ^/oldblog/(.*)$ /blog/$1 permanent; | |
rewrite ^/feed/rss/$ /feeds/blog/ permanent; | |
rewrite ^/feed/blog/rss/$ /feeds/blog/ permanent; | |
rewrite ^/feed/atom/$ /feeds/blog/ permanent; | |
rewrite ^/feed/blog/atom/$ /feeds/blog/ permanent; | |
rewrite ^/feeds/rss/$ /feeds/blog/ permanent; | |
rewrite ^/feeds/blog/rss/$ /feeds/blog/ permanent; | |
rewrite ^/feeds/atom/$ /feeds/blog/ permanent; | |
rewrite ^/feeds/blog/atom/$ /feeds/blog/ permanent; | |
rewrite ^/feed/$ /feeds/blog/ permanent; | |
rewrite ^/web-dev/$ /portfolio/ permanent; | |
rewrite ^/work/$ /portfolio/ permanent; | |
rewrite ^/about/colophon/$ /colophon/ permanent; | |
rewrite ^/projects/$ /portfolio/ permanent; | |
# old photo galleries with inbound links from blogs/other sites | |
rewrite ^/blog/photography/xmas2008/$ http://www.photoreflect.com/pr3/thumbpage.aspx?e=4360019 permanent; | |
rewrite ^/photography/xmas2008/$ http://www.photoreflect.com/pr3/thumbpage.aspx?e=4360019 permanent; | |
rewrite ^/photo/xmas2008/$ http://www.photoreflect.com/pr3/thumbpage.aspx?e=4360019 permanent; | |
rewrite ^/blog/photo/xmas2008/$ http://www.photoreflect.com/pr3/thumbpage.aspx?e=4360019 permanent; | |
rewrite ^/photography/07moyo/$ http://www.flickr.com/photos/madmannova/sets/72157604764220024/ permanent; | |
rewrite ^/photo/07moyo/$ http://www.flickr.com/photos/madmannova/sets/72157604764220024/ permanent; | |
# old content pages (temp redir in case I bring these back) | |
rewrite ^/blog/photography/$ http://www.flickr.com/photos/madmannova/ redirect; | |
rewrite ^/photography/$ http://www.flickr.com/photos/madmannova/ redirect; | |
rewrite ^/photo/ http://www.flickr.com/photos/madmannova/ redirect; | |
rewrite ^/blog/photo/ http://www.flickr.com/photos/madmannova/ redirect; | |
# renamed/moved blog posts (popular enough -- with incoming links -- to warrant redir) | |
rewrite ^/blog/2008/03/15/project-chanology/$ /blog/2008/03/15/project-chanology-2/ permanent; | |
rewrite ^/blog/2006/10/29/world-series-2006-wrap/$ /blog/2006/10/29/and-the-folks-went-crazy/ permanent; | |
rewrite ^/blog/2008/02/10/project-chanology/$ /blog/2008/02/10/anonymous-protests-church-of-scientology/ permanent; | |
rewrite ^/2008/03/15/project-chanology/$ /blog/2008/03/15/project-chanology-2/ permanent; | |
rewrite ^/2008/02/10/project-chanology/$ /blog/2008/02/10/anonymous-protests-church-of-scientology/ permanent; | |
rewrite ^/2006/10/29/world-series-2006-wrap/$ /blog/2006/10/29/and-the-folks-went-crazy/ permanent; | |
rewrite ^/blog/2008/07/23/blogmaking-django-newforms-admin/comment-page- /blog/2008/07/23/blogmaking-django-newforms-admin/ permanent; | |
# popular comment redir URLs that somehow ended up in Google | |
rewrite ^/comments/cr/13/433/$ /blog/2008/07/23/blogmaking-django-newforms-admin/ permanent; | |
rewrite ^/comments/cr/13/449/$ /blog/2009/05/11/eulogy-on-a-student-center/ permanent; | |
rewrite ^/comments/cr/13/463/$ /blog/2009/07/18/high-fidelity/ permanent; | |
rewrite ^/comments/cr/13/470/$ /blog/2009/09/06/im-kind-of-a-big-deal/ permanent; | |
# 2002-2004 era hand-edited blog (samuke.net, early miketigas.com) | |
rewrite ^/blog_old/2002-2003.php$ /blog/2002/ permanent; | |
rewrite ^/blog_old/2003oct-2003nov.php$ /blog/2003/ permanent; | |
rewrite ^/blog_old/2003dec.php$ /blog/2003/12/ permanent; | |
rewrite ^/blog_old/2004jan.php$ /blog/2004/01/ permanent; | |
rewrite ^/blog_old/2004feb.php$ /blog/2004/02/ permanent; | |
# shhhh | |
rewrite ^/sghsfghs$ http://www.youtube.com/watch?v=oHg5SJYRHA0 redirect; | |
rewrite ^/sghsfghs/$ http://www.youtube.com/watch?v=oHg5SJYRHA0 redirect; | |
} | |
############################################################################### | |
# server redirects | |
############################################################################### | |
server { | |
listen 80 default_server; | |
server_name tig.as yu8.in; | |
rewrite ^/(.*) https://mike.tig.as/$1 redirect; | |
} | |
server { | |
listen 80; | |
server_name mike.tig.as; | |
rewrite ^/(.*) https://mike.tig.as/$1 permanent; | |
add_header Strict-Transport-Security max-age=86400; | |
} | |
server { | |
listen 80; | |
server_name v3.mike.tig.as old.miketigas.com www.miketigas.com miketigas.com www.mike.tig.as 2.mike.tig.as; | |
rewrite ^/(.*) https://mike.tig.as/$1 permanent; | |
} | |
server { | |
listen 80; | |
server_name onionbrowser.com www.onionbrowser.com; | |
rewrite ^/(.*) https://mike.tig.as/onionbrowser/$1 permanent; | |
} | |
server { | |
listen 80; | |
server_name nationbrowse.com www.nationbrowse.com; | |
rewrite ^/(.*) https://mike.tig.as/blog/2010/02/22/nationbrowse/ permanent; | |
} | |
server { | |
listen 80; | |
server_name gheat_demo.nationbrowse.com gheat.miketigas.com; | |
rewrite ^/(.*) https://github.com/mtigas/django-gheat redirect; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment