Compare commits
2 Commits
main
...
18147_comm
| Author | SHA1 | Date |
|---|---|---|
Christophe Siraut
|
21a9e80826 | |
|
Christophe Siraut
|
639def7037 |
|
|
@ -0,0 +1,11 @@
|
|||
nginx/snippets/publik-application.conf
|
||||
nginx/snippets/publik-authentic2-multitenant.conf
|
||||
nginx/snippets/publik-bijoe.conf
|
||||
nginx/snippets/publik-chrono.conf
|
||||
nginx/snippets/publik-combo.conf
|
||||
nginx/snippets/publik-corbo.conf
|
||||
nginx/snippets/publik-fargo.conf
|
||||
nginx/snippets/publik-hobo.conf
|
||||
nginx/snippets/publik-mandayejs.conf
|
||||
nginx/snippets/publik-passerelle.conf
|
||||
nginx/snippets/publik-welco.conf
|
||||
12
Makefile
12
Makefile
|
|
@ -1,4 +1,4 @@
|
|||
.PHONY: clean name version name fullname
|
||||
.PHONY: clean name version name fullname nginx-snippets
|
||||
|
||||
NAME=$(shell basename $(CURDIR))
|
||||
VERSION=`git describe | sed 's/^debian\///' | sed 's/v//'`
|
||||
|
|
@ -10,6 +10,15 @@ DIST_FILES = Makefile \
|
|||
publik.conf.example \
|
||||
doc
|
||||
|
||||
all: clean nginx-snippets
|
||||
|
||||
nginx-snippets: nginx/snippets/publik-authentic2-multitenant.conf nginx/snippets/publik-bijoe.conf nginx/snippets/publik-chrono.conf nginx/snippets/publik-combo.conf nginx/snippets/publik-corbo.conf nginx/snippets/publik-fargo.conf nginx/snippets/publik-hobo.conf nginx/snippets/publik-mandayejs.conf nginx/snippets/publik-passerelle.conf nginx/snippets/publik-welco.conf
|
||||
|
||||
nginx/snippets/%.conf: nginx/snippets/publik-application.conf.c
|
||||
$(eval APPLICATION := $(subst publik-,,$(notdir $(basename $@))))
|
||||
$(eval MACRO := $(shell echo "$(APPLICATION)" | tr a-z A-Z))
|
||||
cpp -P -nostdinc -C -D APPLICATION=$(APPLICATION) -D $(MACRO)=1 nginx/snippets/publik-application.conf.c > $@
|
||||
|
||||
version:
|
||||
@(echo $(VERSION))
|
||||
|
||||
|
|
@ -21,6 +30,7 @@ fullname:
|
|||
|
||||
clean:
|
||||
rm -rf sdist
|
||||
rm -rf build
|
||||
|
||||
dist-bzip2: dist
|
||||
cd sdist && tar cfj ../sdist/$(NAME)-$(VERSION).tar.bz2 $(NAME)-$(VERSION)
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ Source: publik-common
|
|||
Maintainer: Christophe Siraut <csiraut@entrouvert.com>
|
||||
Section: admin
|
||||
Priority: optional
|
||||
Build-Depends: debhelper (>= 9)
|
||||
Build-Depends: debhelper (>= 9), gettext-base
|
||||
Standards-Version: 4.1.3
|
||||
|
||||
Package: publik-common
|
||||
|
|
|
|||
|
|
@ -3,3 +3,5 @@ publik-create-databases /usr/bin
|
|||
publik-cluster-link /usr/bin
|
||||
publik-emailconf /usr/bin
|
||||
publik.conf.example /etc/publik
|
||||
nginx/conf.d/* etc/nginx/conf.d
|
||||
nginx/snippets/* etc/nginx/snippets
|
||||
|
|
|
|||
|
|
@ -7,31 +7,5 @@ server {
|
|||
access_log /var/log/nginx/authentic2-multitenant-access.log combined_full;
|
||||
error_log /var/log/nginx/authentic2-multitenant-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/authentic2-multitenant/tenants/$host/static/$1
|
||||
/var/lib/authentic2-multitenant/tenants/$host/theme/static/$1
|
||||
/var/lib/authentic2-multitenant/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/authentic2-multitenant/tenants/$host/media/$1;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/authentic2-multitenant/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
proxy_pass http://unix:/var/run/authentic2-multitenant/authentic2-multitenant.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-authentic2-multitenant.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,30 +6,5 @@ server {
|
|||
access_log /var/log/nginx/bijoe-access.log combined_full;
|
||||
error_log /var/log/nginx/bijoe-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/bijoe/tenants/$host/static/$1
|
||||
/var/lib/bijoe/tenants/$host/theme/static/$1
|
||||
/var/lib/bijoe/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/bijoe/tenants/$host/media/$1;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/bijoe/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/bijoe/bijoe.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-bijoe.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,30 +6,5 @@ server {
|
|||
access_log /var/log/nginx/chrono-access.log combined_full;
|
||||
error_log /var/log/nginx/chrono-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/chrono/tenants/$host/static/$1
|
||||
/var/lib/chrono/tenants/$host/theme/static/$1
|
||||
/var/lib/chrono/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/chrono/tenants/$host/media/$1;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/chrono/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/chrono/chrono.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-chrono.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,31 +6,5 @@ server {
|
|||
access_log /var/log/nginx/combo-access.log combined_full;
|
||||
error_log /var/log/nginx/combo-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/combo/tenants/$host/static/$1
|
||||
/var/lib/combo/tenants/$host/theme/static/$1
|
||||
/var/lib/combo/collectstatic/$1
|
||||
=404;
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
}
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/combo/tenants/$host/media/$1;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/combo/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/combo/combo.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-combo.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,30 +6,5 @@ server {
|
|||
access_log /var/log/nginx/corbo-access.log combined_full;
|
||||
error_log /var/log/nginx/corbo-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/corbo/tenants/$host/static/$1
|
||||
/var/lib/corbo/tenants/$host/theme/static/$1
|
||||
/var/lib/corbo/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/corbo/tenants/$host/media/$1;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/corbo/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/corbo/corbo.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-corbo.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,26 +6,5 @@ server {
|
|||
access_log /var/log/nginx/fargo-access.log combined_full;
|
||||
error_log /var/log/nginx/fargo-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/fargo/tenants/$host/static/$1
|
||||
/var/lib/fargo/tenants/$host/theme/static/$1
|
||||
/var/lib/fargo/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/fargo/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/fargo/fargo.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-fargo.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,30 +6,5 @@ server {
|
|||
access_log /var/log/nginx/hobo-access.log combined_full;
|
||||
error_log /var/log/nginx/hobo-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/hobo/tenants/$host/static/$1
|
||||
/var/lib/hobo/tenants/$host/theme/static/$1
|
||||
/var/lib/hobo/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/hobo/tenants/$host/media/$1;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/hobo/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/hobo/hobo.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-hobo.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,30 +6,5 @@ server {
|
|||
access_log /var/log/nginx/mandayejs-access.log combined_full;
|
||||
error_log /var/log/nginx/mandayejs-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/mandayejs/tenants/$host/static/$1
|
||||
/var/lib/mandayejs/tenants/$host/theme/static/$1
|
||||
/var/lib/mandayejs/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/mandayejs/tenants/$host/media/$1;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/mandayejs/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/mandayejs/mandayejs.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-mandayejs.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,26 +6,5 @@ server {
|
|||
access_log /var/log/nginx/passerelle-access.log combined_full;
|
||||
error_log /var/log/nginx/passerelle-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/passerelle/tenants/$host/static/$1
|
||||
/var/lib/passerelle/tenants/$host/theme/static/$1
|
||||
/var/lib/passerelle/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/passerelle/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/passerelle/passerelle.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-passerelle.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,31 +6,5 @@ server {
|
|||
access_log /var/log/nginx/wcs-access.log combined_full;
|
||||
error_log /var/log/nginx/wcs-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/wcs/$host/static/$1
|
||||
/var/lib/wcs/$host/theme/static/$1
|
||||
/var/lib/wcs/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/wcs/$host/media/$1;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/wcs/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
proxy_pass http://unix:/var/run/wcs/wcs.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-wcs.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,30 +7,5 @@ server {
|
|||
access_log /var/log/nginx/welco-access.log combined_full;
|
||||
error_log /var/log/nginx/welco-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/welco/tenants/$host/static/$1
|
||||
/var/lib/welco/tenants/$host/theme/static/$1
|
||||
/var/lib/welco/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/welco/tenants/$host/media/$1;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/welco/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/welco/welco.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-welco.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,47 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^connexion ~^login ~^authent;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/authentic2-multitenant-access.log combined_full;
|
||||
error_log /var/log/nginx/authentic2-multitenant-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/authentic2-multitenant/tenants/$host/static/$1
|
||||
/var/lib/authentic2-multitenant/tenants/$host/theme/static/$1
|
||||
/var/lib/authentic2-multitenant/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/authentic2-multitenant/tenants/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/authentic2-multitenant/www/robots.txt;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/authentic2-multitenant/authentic2-multitenant.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-authentic2-multitenant.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,44 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^statistique ~^bijoe;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/bijoe-access.log combined_full;
|
||||
error_log /var/log/nginx/bijoe-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/bijoe/tenants/$host/static/$1
|
||||
/var/lib/bijoe/tenants/$host/theme/static/$1
|
||||
/var/lib/bijoe/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/bijoe/tenants/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/bijoe/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/bijoe/bijoe.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-bijoe.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,44 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^agenda ~^chrono;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/chrono-access.log combined_full;
|
||||
error_log /var/log/nginx/chrono-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/chrono/tenants/$host/static/$1
|
||||
/var/lib/chrono/tenants/$host/theme/static/$1
|
||||
/var/lib/chrono/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/chrono/tenants/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/chrono/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/chrono/chrono.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-chrono.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,44 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^agent ~^portail ~^compte ~^mon\.;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/combo-access.log combined_full;
|
||||
error_log /var/log/nginx/combo-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/combo/tenants/$host/static/$1
|
||||
/var/lib/combo/tenants/$host/theme/static/$1
|
||||
/var/lib/combo/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/combo/tenants/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/combo/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/combo/combo.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-combo.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,44 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^annonce ~^corbo;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/corbo-access.log combined_full;
|
||||
error_log /var/log/nginx/corbo-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/corbo/tenants/$host/static/$1
|
||||
/var/lib/corbo/tenants/$host/theme/static/$1
|
||||
/var/lib/corbo/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/corbo/tenants/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/corbo/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/corbo/corbo.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-corbo.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,37 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^portedoc ~^porte-doc ~^fargo;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/fargo-access.log combined_full;
|
||||
error_log /var/log/nginx/fargo-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/fargo/tenants/$host/static/$1
|
||||
/var/lib/fargo/tenants/$host/theme/static/$1
|
||||
/var/lib/fargo/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/fargo/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/fargo/fargo.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-fargo.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,44 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^hobo;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/hobo-access.log combined_full;
|
||||
error_log /var/log/nginx/hobo-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/hobo/tenants/$host/static/$1
|
||||
/var/lib/hobo/tenants/$host/theme/static/$1
|
||||
/var/lib/hobo/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/hobo/tenants/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/hobo/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/hobo/hobo.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-hobo.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,44 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^mandayejs;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/mandayejs-access.log combined_full;
|
||||
error_log /var/log/nginx/mandayejs-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/mandayejs/tenants/$host/static/$1
|
||||
/var/lib/mandayejs/tenants/$host/theme/static/$1
|
||||
/var/lib/mandayejs/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/mandayejs/tenants/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/mandayejs/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/mandayejs/mandayejs.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-mandayejs.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,37 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^passerelle;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/passerelle-access.log combined_full;
|
||||
error_log /var/log/nginx/passerelle-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/passerelle/tenants/$host/static/$1
|
||||
/var/lib/passerelle/tenants/$host/theme/static/$1
|
||||
/var/lib/passerelle/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/passerelle/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/passerelle/passerelle.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-passerelle.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,44 +3,12 @@ server {
|
|||
listen [::]:443 http2;
|
||||
server_name ~^demarche ~^form;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/wcs-access.log combined_full;
|
||||
error_log /var/log/nginx/wcs-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/wcs/$host/static/$1
|
||||
/var/lib/wcs/$host/theme/static/$1
|
||||
/var/lib/wcs/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/wcs/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/wcs/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/wcs/wcs.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-wcs.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,44 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^courrier ~^welco;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/welco-access.log combined_full;
|
||||
error_log /var/log/nginx/welco-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/welco/tenants/$host/static/$1
|
||||
/var/lib/welco/tenants/$host/theme/static/$1
|
||||
/var/lib/welco/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/welco/tenants/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/welco/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/welco/welco.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-welco.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,11 +3,14 @@ server {
|
|||
listen [::]:443 ssl default_server http2;
|
||||
server_name _;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/default-access.log combined_full;
|
||||
error_log /var/log/nginx/default-error.log;
|
||||
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
location / {
|
||||
return 404;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,42 @@
|
|||
#define HTTP http:/
|
||||
#undef unix
|
||||
|
||||
include snippets/publik-openssl.conf;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/APPLICATION/tenants/$host/static/$1
|
||||
/var/lib/APPLICATION/tenants/$host/theme/static/$1
|
||||
/var/lib/APPLICATION/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/publik-gzip.conf;
|
||||
}
|
||||
|
||||
#if ! defined PASSERELLE && ! defined FARGO
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/APPLICATION/tenants/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
#endif
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/APPLICATION/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass HTTP/unix:/var/run/APPLICATION/APPLICATION.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
|
|
@ -1,8 +1,5 @@
|
|||
# from https://ssl-config.mozilla.org/
|
||||
# nginx 1.10.3, intermediate config, OpenSSL 1.1.0l
|
||||
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
# generated 2020-04-13, Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
|
||||
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.
|
||||
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||
|
|
@ -13,9 +10,19 @@ ssl_session_tickets off;
|
|||
ssl_dhparam /etc/ssl/dhparam2048.pem;
|
||||
|
||||
# intermediate configuration
|
||||
ssl_protocols TLSv1.2;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
# OCSP stapling
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
|
||||
|
||||
# replace with the IP address of your resolver
|
||||
# resolver resolver.entrouvert.org;
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/wcs/$host/static/$1
|
||||
/var/lib/wcs/$host/theme/static/$1
|
||||
/var/lib/wcs/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/publik-gzip.conf;
|
||||
}
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/wcs/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/wcs/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/wcs/wcs.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
Loading…
Reference in New Issue