diff --git a/doc/nginx/sites-available-haproxy/authentic.conf b/doc/nginx/sites-available-haproxy/authentic.conf index c3599e5..d420aa2 100644 --- a/doc/nginx/sites-available-haproxy/authentic.conf +++ b/doc/nginx/sites-available-haproxy/authentic.conf @@ -7,31 +7,5 @@ server { access_log /var/log/nginx/authentic2-multitenant-access.log combined_full; error_log /var/log/nginx/authentic2-multitenant-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/authentic2-multitenant/tenants/$host/static/$1 - /var/lib/authentic2-multitenant/tenants/$host/theme/static/$1 - /var/lib/authentic2-multitenant/collectstatic/$1 - =404; - } - - location ~ ^/media/(.+)$ { - alias /var/lib/authentic2-multitenant/tenants/$host/media/$1; - } - - location /robots.txt { - alias /var/lib/authentic2-multitenant/www/robots.txt; - } - - location / { - add_header 'Access-Control-Allow-Origin' '*'; - proxy_pass http://unix:/var/run/authentic2-multitenant/authentic2-multitenant.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - } + include snippets/publik-authentic2-multitenant.conf; } diff --git a/doc/nginx/sites-available-haproxy/bijoe.conf b/doc/nginx/sites-available-haproxy/bijoe.conf index cadaef7..b19e021 100644 --- a/doc/nginx/sites-available-haproxy/bijoe.conf +++ b/doc/nginx/sites-available-haproxy/bijoe.conf @@ -6,30 +6,5 @@ server { access_log /var/log/nginx/bijoe-access.log combined_full; error_log /var/log/nginx/bijoe-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/bijoe/tenants/$host/static/$1 - /var/lib/bijoe/tenants/$host/theme/static/$1 - /var/lib/bijoe/collectstatic/$1 - =404; - } - - location ~ ^/media/(.+)$ { - alias /var/lib/bijoe/tenants/$host/media/$1; - } - - location /robots.txt { - alias /var/lib/bijoe/www/robots.txt; - } - - location / { - proxy_pass http://unix:/var/run/bijoe/bijoe.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - } + include snippets/publik-bijoe.conf; } diff --git a/doc/nginx/sites-available-haproxy/chrono.conf b/doc/nginx/sites-available-haproxy/chrono.conf index fc3c958..f1dc9a8 100644 --- a/doc/nginx/sites-available-haproxy/chrono.conf +++ b/doc/nginx/sites-available-haproxy/chrono.conf @@ -6,30 +6,5 @@ server { access_log /var/log/nginx/chrono-access.log combined_full; error_log /var/log/nginx/chrono-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/chrono/tenants/$host/static/$1 - /var/lib/chrono/tenants/$host/theme/static/$1 - /var/lib/chrono/collectstatic/$1 - =404; - } - - location ~ ^/media/(.+)$ { - alias /var/lib/chrono/tenants/$host/media/$1; - } - - location /robots.txt { - alias /var/lib/chrono/www/robots.txt; - } - - location / { - proxy_pass http://unix:/var/run/chrono/chrono.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - } + include snippets/publik-chrono.conf; } diff --git a/doc/nginx/sites-available-haproxy/combo.conf b/doc/nginx/sites-available-haproxy/combo.conf index b95736b..43ee250 100644 --- a/doc/nginx/sites-available-haproxy/combo.conf +++ b/doc/nginx/sites-available-haproxy/combo.conf @@ -6,31 +6,5 @@ server { access_log /var/log/nginx/combo-access.log combined_full; error_log /var/log/nginx/combo-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/combo/tenants/$host/static/$1 - /var/lib/combo/tenants/$host/theme/static/$1 - /var/lib/combo/collectstatic/$1 - =404; - add_header 'Access-Control-Allow-Origin' '*'; - } - - location ~ ^/media/(.+)$ { - alias /var/lib/combo/tenants/$host/media/$1; - } - - location /robots.txt { - alias /var/lib/combo/www/robots.txt; - } - - location / { - proxy_pass http://unix:/var/run/combo/combo.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - } + include snippets/publik-combo.conf; } diff --git a/doc/nginx/sites-available-haproxy/corbo.conf b/doc/nginx/sites-available-haproxy/corbo.conf index 5929499..7905b83 100644 --- a/doc/nginx/sites-available-haproxy/corbo.conf +++ b/doc/nginx/sites-available-haproxy/corbo.conf @@ -6,30 +6,5 @@ server { access_log /var/log/nginx/corbo-access.log combined_full; error_log /var/log/nginx/corbo-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/corbo/tenants/$host/static/$1 - /var/lib/corbo/tenants/$host/theme/static/$1 - /var/lib/corbo/collectstatic/$1 - =404; - } - - location ~ ^/media/(.+)$ { - alias /var/lib/corbo/tenants/$host/media/$1; - } - - location /robots.txt { - alias /var/lib/corbo/www/robots.txt; - } - - location / { - proxy_pass http://unix:/var/run/corbo/corbo.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - } + include snippets/publik-corbo.conf; } diff --git a/doc/nginx/sites-available-haproxy/fargo.conf b/doc/nginx/sites-available-haproxy/fargo.conf index 65f636e..63fb769 100644 --- a/doc/nginx/sites-available-haproxy/fargo.conf +++ b/doc/nginx/sites-available-haproxy/fargo.conf @@ -6,26 +6,5 @@ server { access_log /var/log/nginx/fargo-access.log combined_full; error_log /var/log/nginx/fargo-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/fargo/tenants/$host/static/$1 - /var/lib/fargo/tenants/$host/theme/static/$1 - /var/lib/fargo/collectstatic/$1 - =404; - } - - location /robots.txt { - alias /var/lib/fargo/www/robots.txt; - } - - location / { - proxy_pass http://unix:/var/run/fargo/fargo.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - } + include snippets/publik-fargo.conf; } diff --git a/doc/nginx/sites-available-haproxy/hobo.conf b/doc/nginx/sites-available-haproxy/hobo.conf index 94db225..a641f46 100644 --- a/doc/nginx/sites-available-haproxy/hobo.conf +++ b/doc/nginx/sites-available-haproxy/hobo.conf @@ -6,30 +6,5 @@ server { access_log /var/log/nginx/hobo-access.log combined_full; error_log /var/log/nginx/hobo-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/hobo/tenants/$host/static/$1 - /var/lib/hobo/tenants/$host/theme/static/$1 - /var/lib/hobo/collectstatic/$1 - =404; - } - - location ~ ^/media/(.+)$ { - alias /var/lib/hobo/tenants/$host/media/$1; - } - - location /robots.txt { - alias /var/lib/hobo/www/robots.txt; - } - - location / { - proxy_pass http://unix:/var/run/hobo/hobo.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - } + include snippets/publik-hobo.conf; } diff --git a/doc/nginx/sites-available-haproxy/mandayejs.conf b/doc/nginx/sites-available-haproxy/mandayejs.conf index afc19ab..437c3e6 100644 --- a/doc/nginx/sites-available-haproxy/mandayejs.conf +++ b/doc/nginx/sites-available-haproxy/mandayejs.conf @@ -6,30 +6,5 @@ server { access_log /var/log/nginx/mandayejs-access.log combined_full; error_log /var/log/nginx/mandayejs-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/mandayejs/tenants/$host/static/$1 - /var/lib/mandayejs/tenants/$host/theme/static/$1 - /var/lib/mandayejs/collectstatic/$1 - =404; - } - - location ~ ^/media/(.+)$ { - alias /var/lib/mandayejs/tenants/$host/media/$1; - } - - location /robots.txt { - alias /var/lib/mandayejs/www/robots.txt; - } - - location / { - proxy_pass http://unix:/var/run/mandayejs/mandayejs.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - } + include snippets/publik-mandayejs.conf; } diff --git a/doc/nginx/sites-available-haproxy/passerelle.conf b/doc/nginx/sites-available-haproxy/passerelle.conf index 231eb4a..2d71976 100644 --- a/doc/nginx/sites-available-haproxy/passerelle.conf +++ b/doc/nginx/sites-available-haproxy/passerelle.conf @@ -6,26 +6,5 @@ server { access_log /var/log/nginx/passerelle-access.log combined_full; error_log /var/log/nginx/passerelle-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/passerelle/tenants/$host/static/$1 - /var/lib/passerelle/tenants/$host/theme/static/$1 - /var/lib/passerelle/collectstatic/$1 - =404; - } - - location /robots.txt { - alias /var/lib/passerelle/www/robots.txt; - } - - location / { - proxy_pass http://unix:/var/run/passerelle/passerelle.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - } + include snippets/publik-passerelle.conf; } diff --git a/doc/nginx/sites-available-haproxy/wcs.conf b/doc/nginx/sites-available-haproxy/wcs.conf index 752afc5..bfe81cc 100644 --- a/doc/nginx/sites-available-haproxy/wcs.conf +++ b/doc/nginx/sites-available-haproxy/wcs.conf @@ -6,31 +6,5 @@ server { access_log /var/log/nginx/wcs-access.log combined_full; error_log /var/log/nginx/wcs-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/wcs/$host/static/$1 - /var/lib/wcs/$host/theme/static/$1 - /var/lib/wcs/collectstatic/$1 - =404; - } - - location ~ ^/media/(.+)$ { - alias /var/lib/wcs/$host/media/$1; - } - - location /robots.txt { - alias /var/lib/wcs/www/robots.txt; - } - - location / { - add_header 'Access-Control-Allow-Origin' '*'; - proxy_pass http://unix:/var/run/wcs/wcs.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - } + include snippets/publik-wcs.conf; } diff --git a/doc/nginx/sites-available-haproxy/welco.conf b/doc/nginx/sites-available-haproxy/welco.conf index 3d155ea..7eccade 100644 --- a/doc/nginx/sites-available-haproxy/welco.conf +++ b/doc/nginx/sites-available-haproxy/welco.conf @@ -7,30 +7,5 @@ server { access_log /var/log/nginx/welco-access.log combined_full; error_log /var/log/nginx/welco-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/welco/tenants/$host/static/$1 - /var/lib/welco/tenants/$host/theme/static/$1 - /var/lib/welco/collectstatic/$1 - =404; - } - - location ~ ^/media/(.+)$ { - alias /var/lib/welco/tenants/$host/media/$1; - } - - location /robots.txt { - alias /var/lib/welco/www/robots.txt; - } - - location / { - proxy_pass http://unix:/var/run/welco/welco.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - } + include snippets/publik-welco.conf; } diff --git a/doc/nginx/sites-available/authentic.conf b/doc/nginx/sites-available/authentic.conf index 35f8339..4c55c6d 100644 --- a/doc/nginx/sites-available/authentic.conf +++ b/doc/nginx/sites-available/authentic.conf @@ -3,47 +3,12 @@ server { listen [::]:443 ssl http2; server_name ~^connexion ~^login ~^authent; - include snippets/publik-ssl.conf; - access_log /var/log/nginx/authentic2-multitenant-access.log combined_full; error_log /var/log/nginx/authentic2-multitenant-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/authentic2-multitenant/tenants/$host/static/$1 - /var/lib/authentic2-multitenant/tenants/$host/theme/static/$1 - /var/lib/authentic2-multitenant/collectstatic/$1 - =404; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - add_header 'Access-Control-Allow-Origin' '*'; - include snippets/gzip-statics.conf; - } + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; - location ~ ^/media/(.+)$ { - alias /var/lib/authentic2-multitenant/tenants/$host/media/$1; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - } - - location /robots.txt { - alias /var/lib/authentic2-multitenant/www/robots.txt; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - } - - location / { - proxy_pass http://unix:/var/run/authentic2-multitenant/authentic2-multitenant.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - } + include snippets/publik-openssl.conf; + include snippets/publik-authentic.conf; } diff --git a/doc/nginx/sites-available/bijoe.conf b/doc/nginx/sites-available/bijoe.conf index 6e7874e..d7dce9f 100644 --- a/doc/nginx/sites-available/bijoe.conf +++ b/doc/nginx/sites-available/bijoe.conf @@ -3,44 +3,12 @@ server { listen [::]:443 ssl http2; server_name ~^statistique ~^bijoe; - include snippets/publik-ssl.conf; - access_log /var/log/nginx/bijoe-access.log combined_full; error_log /var/log/nginx/bijoe-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/bijoe/tenants/$host/static/$1 - /var/lib/bijoe/tenants/$host/theme/static/$1 - /var/lib/bijoe/collectstatic/$1 - =404; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - add_header 'Access-Control-Allow-Origin' '*'; - include snippets/gzip-statics.conf; - } + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; - location ~ ^/media/(.+)$ { - alias /var/lib/bijoe/tenants/$host/media/$1; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - } - - location /robots.txt { - alias /var/lib/bijoe/www/robots.txt; - } - - location / { - proxy_pass http://unix:/var/run/bijoe/bijoe.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - } + include snippets/publik-openssl.conf; + include snippets/publik-bijoe.conf; } diff --git a/doc/nginx/sites-available/chrono.conf b/doc/nginx/sites-available/chrono.conf index 3a14f52..b0e23b2 100644 --- a/doc/nginx/sites-available/chrono.conf +++ b/doc/nginx/sites-available/chrono.conf @@ -3,44 +3,12 @@ server { listen [::]:443 ssl http2; server_name ~^agenda ~^chrono; - include snippets/publik-ssl.conf; - access_log /var/log/nginx/chrono-access.log combined_full; error_log /var/log/nginx/chrono-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/chrono/tenants/$host/static/$1 - /var/lib/chrono/tenants/$host/theme/static/$1 - /var/lib/chrono/collectstatic/$1 - =404; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - add_header 'Access-Control-Allow-Origin' '*'; - include snippets/gzip-statics.conf; - } + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; - location ~ ^/media/(.+)$ { - alias /var/lib/chrono/tenants/$host/media/$1; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - } - - location /robots.txt { - alias /var/lib/chrono/www/robots.txt; - } - - location / { - proxy_pass http://unix:/var/run/chrono/chrono.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - } + include snippets/publik-openssl.conf; + include snippets/publik-chrono.conf; } diff --git a/doc/nginx/sites-available/combo.conf b/doc/nginx/sites-available/combo.conf index e7c554f..fe2f2b9 100644 --- a/doc/nginx/sites-available/combo.conf +++ b/doc/nginx/sites-available/combo.conf @@ -3,44 +3,12 @@ server { listen [::]:443 ssl http2; server_name ~^agent ~^portail ~^compte ~^mon\.; - include snippets/publik-ssl.conf; - access_log /var/log/nginx/combo-access.log combined_full; error_log /var/log/nginx/combo-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/combo/tenants/$host/static/$1 - /var/lib/combo/tenants/$host/theme/static/$1 - /var/lib/combo/collectstatic/$1 - =404; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - add_header 'Access-Control-Allow-Origin' '*'; - include snippets/gzip-statics.conf; - } + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; - location ~ ^/media/(.+)$ { - alias /var/lib/combo/tenants/$host/media/$1; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - } - - location /robots.txt { - alias /var/lib/combo/www/robots.txt; - } - - location / { - proxy_pass http://unix:/var/run/combo/combo.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - } + include snippets/publik-openssl.conf; + include snippets/publik-combo.conf; } diff --git a/doc/nginx/sites-available/corbo.conf b/doc/nginx/sites-available/corbo.conf index 37a88e9..5fe02a4 100644 --- a/doc/nginx/sites-available/corbo.conf +++ b/doc/nginx/sites-available/corbo.conf @@ -3,44 +3,12 @@ server { listen [::]:443 ssl http2; server_name ~^annonce ~^corbo; - include snippets/publik-ssl.conf; - access_log /var/log/nginx/corbo-access.log combined_full; error_log /var/log/nginx/corbo-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/corbo/tenants/$host/static/$1 - /var/lib/corbo/tenants/$host/theme/static/$1 - /var/lib/corbo/collectstatic/$1 - =404; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - add_header 'Access-Control-Allow-Origin' '*'; - include snippets/gzip-statics.conf; - } + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; - location ~ ^/media/(.+)$ { - alias /var/lib/corbo/tenants/$host/media/$1; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - } - - location /robots.txt { - alias /var/lib/corbo/www/robots.txt; - } - - location / { - proxy_pass http://unix:/var/run/corbo/corbo.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - } + include snippets/publik-openssl.conf; + include snippets/publik-corbo.conf; } diff --git a/doc/nginx/sites-available/fargo.conf b/doc/nginx/sites-available/fargo.conf index 6442c0c..d5b9a6a 100644 --- a/doc/nginx/sites-available/fargo.conf +++ b/doc/nginx/sites-available/fargo.conf @@ -3,37 +3,12 @@ server { listen [::]:443 ssl http2; server_name ~^portedoc ~^porte-doc ~^fargo; - include snippets/publik-ssl.conf; - access_log /var/log/nginx/fargo-access.log combined_full; error_log /var/log/nginx/fargo-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/fargo/tenants/$host/static/$1 - /var/lib/fargo/tenants/$host/theme/static/$1 - /var/lib/fargo/collectstatic/$1 - =404; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - add_header 'Access-Control-Allow-Origin' '*'; - include snippets/gzip-statics.conf; - } + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; - location /robots.txt { - alias /var/lib/fargo/www/robots.txt; - } - - location / { - proxy_pass http://unix:/var/run/fargo/fargo.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - } + include snippets/publik-openssl.conf; + include snippets/publik-fargo.conf; } diff --git a/doc/nginx/sites-available/hobo.conf b/doc/nginx/sites-available/hobo.conf index 6f88764..7908cba 100644 --- a/doc/nginx/sites-available/hobo.conf +++ b/doc/nginx/sites-available/hobo.conf @@ -3,44 +3,12 @@ server { listen [::]:443 ssl http2; server_name ~^hobo; - include snippets/publik-ssl.conf; - access_log /var/log/nginx/hobo-access.log combined_full; error_log /var/log/nginx/hobo-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/hobo/tenants/$host/static/$1 - /var/lib/hobo/tenants/$host/theme/static/$1 - /var/lib/hobo/collectstatic/$1 - =404; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - add_header 'Access-Control-Allow-Origin' '*'; - include snippets/gzip-statics.conf; - } + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; - location ~ ^/media/(.+)$ { - alias /var/lib/hobo/tenants/$host/media/$1; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - } - - location /robots.txt { - alias /var/lib/hobo/www/robots.txt; - } - - location / { - proxy_pass http://unix:/var/run/hobo/hobo.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - } + include snippets/publik-openssl.conf; + include snippets/publik-hobo.conf; } diff --git a/doc/nginx/sites-available/mandayejs.conf b/doc/nginx/sites-available/mandayejs.conf index f46d84d..b4682b7 100644 --- a/doc/nginx/sites-available/mandayejs.conf +++ b/doc/nginx/sites-available/mandayejs.conf @@ -3,44 +3,12 @@ server { listen [::]:443 ssl http2; server_name ~^mandayejs; - include snippets/publik-ssl.conf; - access_log /var/log/nginx/mandayejs-access.log combined_full; error_log /var/log/nginx/mandayejs-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/mandayejs/tenants/$host/static/$1 - /var/lib/mandayejs/tenants/$host/theme/static/$1 - /var/lib/mandayejs/collectstatic/$1 - =404; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - add_header 'Access-Control-Allow-Origin' '*'; - include snippets/gzip-statics.conf; - } + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; - location ~ ^/media/(.+)$ { - alias /var/lib/mandayejs/tenants/$host/media/$1; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - } - - location /robots.txt { - alias /var/lib/mandayejs/www/robots.txt; - } - - location / { - proxy_pass http://unix:/var/run/mandayejs/mandayejs.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - } + include snippets/publik-openssl.conf; + include snippets/publik-mandayejs.conf; } diff --git a/doc/nginx/sites-available/passerelle.conf b/doc/nginx/sites-available/passerelle.conf index 1529af7..8d16565 100644 --- a/doc/nginx/sites-available/passerelle.conf +++ b/doc/nginx/sites-available/passerelle.conf @@ -3,37 +3,12 @@ server { listen [::]:443 ssl http2; server_name ~^passerelle; - include snippets/publik-ssl.conf; - access_log /var/log/nginx/passerelle-access.log combined_full; error_log /var/log/nginx/passerelle-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/passerelle/tenants/$host/static/$1 - /var/lib/passerelle/tenants/$host/theme/static/$1 - /var/lib/passerelle/collectstatic/$1 - =404; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - add_header 'Access-Control-Allow-Origin' '*'; - include snippets/gzip-statics.conf; - } + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; - location /robots.txt { - alias /var/lib/passerelle/www/robots.txt; - } - - location / { - proxy_pass http://unix:/var/run/passerelle/passerelle.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - } + include snippets/publik-openssl.conf; + include snippets/publik-passerelle.conf; } diff --git a/doc/nginx/sites-available/wcs.conf b/doc/nginx/sites-available/wcs.conf index 6a4ee1f..4135f50 100644 --- a/doc/nginx/sites-available/wcs.conf +++ b/doc/nginx/sites-available/wcs.conf @@ -3,44 +3,12 @@ server { listen [::]:443 http2; server_name ~^demarche ~^form; - include snippets/publik-ssl.conf; - access_log /var/log/nginx/wcs-access.log combined_full; error_log /var/log/nginx/wcs-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/wcs/$host/static/$1 - /var/lib/wcs/$host/theme/static/$1 - /var/lib/wcs/collectstatic/$1 - =404; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - add_header 'Access-Control-Allow-Origin' '*'; - include snippets/gzip-statics.conf; - } + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; - location ~ ^/media/(.+)$ { - alias /var/lib/wcs/$host/media/$1; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - } - - location /robots.txt { - alias /var/lib/wcs/www/robots.txt; - } - - location / { - proxy_pass http://unix:/var/run/wcs/wcs.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - } + include snippets/publik-openssl.conf; + include snippets/publik-wcs.conf; } diff --git a/doc/nginx/sites-available/welco.conf b/doc/nginx/sites-available/welco.conf index 801825b..2c86ee6 100644 --- a/doc/nginx/sites-available/welco.conf +++ b/doc/nginx/sites-available/welco.conf @@ -3,44 +3,12 @@ server { listen [::]:443 ssl http2; server_name ~^courrier ~^welco; - include snippets/publik-ssl.conf; - access_log /var/log/nginx/welco-access.log combined_full; error_log /var/log/nginx/welco-error.log; - location ~ ^/static/(.+)$ { - root /; - try_files /var/lib/welco/tenants/$host/static/$1 - /var/lib/welco/tenants/$host/theme/static/$1 - /var/lib/welco/collectstatic/$1 - =404; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - add_header 'Access-Control-Allow-Origin' '*'; - include snippets/gzip-statics.conf; - } + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; - location ~ ^/media/(.+)$ { - alias /var/lib/welco/tenants/$host/media/$1; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';"; - } - - location /robots.txt { - alias /var/lib/welco/www/robots.txt; - } - - location / { - proxy_pass http://unix:/var/run/welco/welco.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - add_header 'X-Content-Type-Options' 'nosniff'; - add_header 'X-XSS-Protection' '1; mode=block'; - } + include snippets/publik-openssl.conf; + include snippets/publik-welco.conf; } diff --git a/doc/nginx/sites-available/zz_default-server.conf b/doc/nginx/sites-available/zz_default-server.conf index c003b19..95c0591 100644 --- a/doc/nginx/sites-available/zz_default-server.conf +++ b/doc/nginx/sites-available/zz_default-server.conf @@ -3,11 +3,14 @@ server { listen [::]:443 ssl default_server http2; server_name _; - include snippets/publik-ssl.conf; - access_log /var/log/nginx/default-access.log combined_full; error_log /var/log/nginx/default-error.log; + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + + include snippets/publik-ssl.conf; + location / { return 404; }