Migration to a new server, moved nginx out of docker

author: Paweł Dybiec <pawel@dybiec.info> 2021-03-09 23:05:47 +0000
committer: Paweł Dybiec <pawel@dybiec.info> 2021-03-09 23:05:47 +0000
commit: ea91c1e2d868ce9b3e91b9abc9a74d3e84261335 (patch)
tree: 07b4c3c9a8afa77ea49255941a5691f464631173 /nginx
parent: Add missing stuff in headers, add new vpn client (diff)
2 files changed, 88 insertions, 0 deletions
diff --git a/nginx/conf.d/cgit.conf b/nginx/conf.d/cgit.conf
new file mode 100644
index 0000000..651a0eb
--- /dev/null
+++ b/nginx/conf.d/cgit.conf
@@ -0,0 +1,23 @@
+server {
+        listen          80;
+        server_name     git.dybiec.info;
+        return          301 https://$server_name$request_uri;
+}
+
+server {
+        listen 443 ssl http2;
+        server_name git.dybiec.info;
+        location ~* ^.+(cgit.(css|png)|favicon.ico|robots.txt) {
+                root /usr/share/cgit/;
+        }
+        location / {
+                try_files $uri @cgit;
+        }
+        location @cgit {
+                gzip off;
+                include uwsgi_params;
+                uwsgi_modifier1 9;
+                uwsgi_pass unix:/run/uwsgi/cgit.sock;
+        }
+
+  }
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
new file mode 100644
index 0000000..0857b7e
--- /dev/null
+++ b/nginx/nginx.conf
@@ -0,0 +1,65 @@
+user www-data;
+worker_processes  4;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '[$time_local] $remote_addr - $remote_user "$request" '
+                      '$status "$http_referer" '
+                      '"$http_user_agent" "$server_name"';
+
+    access_log  /var/log/nginx/access.log  main;
+    ssl_certificate	/root/dybiec.info/fullchain.pem;
+    ssl_certificate_key /root/dybiec.info/privkey.pem;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    ssl_session_cache shared:SSL:40m;
+    ssl_session_timeout 1h;
+
+    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;
+
+
+    sendfile        on;
+    tcp_nopush     on;
+
+    etag	on;
+
+    keepalive_timeout  65;
+
+    gzip  on;
+    gzip_proxied any;
+    gzip_types
+        text/css
+        text/javascript
+        text/xml
+        text/plain
+        application/javascript
+        application/x-javascript
+        application/json;
+
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+    server {
+	listen 80;
+	allow 127.0.0.1;
+	allow 172.0.0.0/8;
+	deny all;
+    }
+    include /etc/nginx/conf.d/*.conf;
+
+    error_page 500 501 502 503 504 /50x.html;
+    
+}
+
author	Paweł Dybiec <pawel@dybiec.info>	2021-03-09 23:05:47 +0000
committer	Paweł Dybiec <pawel@dybiec.info>	2021-03-09 23:05:47 +0000
commit	ea91c1e2d868ce9b3e91b9abc9a74d3e84261335 (patch)
tree	07b4c3c9a8afa77ea49255941a5691f464631173 /nginx
parent	Add missing stuff in headers, add new vpn client (diff)