From ea91c1e2d868ce9b3e91b9abc9a74d3e84261335 Mon Sep 17 00:00:00 2001
From: Paweł Dybiec <pawel@dybiec.info>
Date: Tue, 9 Mar 2021 23:05:47 +0000
Subject: Migration to a new server, moved nginx out of docker

---
 nginx/conf.d/cgit.conf | 23 ++++++++++++++++++
 nginx/nginx.conf       | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 88 insertions(+)
 create mode 100644 nginx/conf.d/cgit.conf
 create mode 100644 nginx/nginx.conf

(limited to 'nginx')

diff --git a/nginx/conf.d/cgit.conf b/nginx/conf.d/cgit.conf
new file mode 100644
index 0000000..651a0eb
--- /dev/null
+++ b/nginx/conf.d/cgit.conf
@@ -0,0 +1,23 @@
+server {
+        listen          80;
+        server_name     git.dybiec.info;
+        return          301 https://$server_name$request_uri;
+}
+
+server {
+        listen 443 ssl http2;
+        server_name git.dybiec.info;
+        location ~* ^.+(cgit.(css|png)|favicon.ico|robots.txt) {
+                root /usr/share/cgit/;
+        }
+        location / {
+                try_files $uri @cgit;
+        }
+        location @cgit {
+                gzip off;
+                include uwsgi_params;
+                uwsgi_modifier1 9;
+                uwsgi_pass unix:/run/uwsgi/cgit.sock;
+        }
+
+  }
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
new file mode 100644
index 0000000..0857b7e
--- /dev/null
+++ b/nginx/nginx.conf
@@ -0,0 +1,65 @@
+user www-data;
+worker_processes  4;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '[$time_local] $remote_addr - $remote_user "$request" '
+                      '$status "$http_referer" '
+                      '"$http_user_agent" "$server_name"';
+
+    access_log  /var/log/nginx/access.log  main;
+    ssl_certificate	/root/dybiec.info/fullchain.pem;
+    ssl_certificate_key /root/dybiec.info/privkey.pem;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    ssl_session_cache shared:SSL:40m;
+    ssl_session_timeout 1h;
+
+    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;
+
+
+    sendfile        on;
+    tcp_nopush     on;
+
+    etag	on;
+
+    keepalive_timeout  65;
+
+    gzip  on;
+    gzip_proxied any;
+    gzip_types
+        text/css
+        text/javascript
+        text/xml
+        text/plain
+        application/javascript
+        application/x-javascript
+        application/json;
+
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+    server {
+	listen 80;
+	allow 127.0.0.1;
+	allow 172.0.0.0/8;
+	deny all;
+    }
+    include /etc/nginx/conf.d/*.conf;
+
+    error_page 500 501 502 503 504 /50x.html;
+    
+}
+
-- 
cgit 1.4.1