nginx: document snippets (#41620)
This commit is contained in:
Christophe Siraut
parent
1f264de873
commit
0b317394f5
|
|
@ -7,31 +7,5 @@ server {
|
|||
access_log /var/log/nginx/authentic2-multitenant-access.log combined_full;
|
||||
error_log /var/log/nginx/authentic2-multitenant-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/authentic2-multitenant/tenants/$host/static/$1
|
||||
/var/lib/authentic2-multitenant/tenants/$host/theme/static/$1
|
||||
/var/lib/authentic2-multitenant/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/authentic2-multitenant/tenants/$host/media/$1;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/authentic2-multitenant/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
proxy_pass http://unix:/var/run/authentic2-multitenant/authentic2-multitenant.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-authentic2-multitenant.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,30 +6,5 @@ server {
|
|||
access_log /var/log/nginx/bijoe-access.log combined_full;
|
||||
error_log /var/log/nginx/bijoe-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/bijoe/tenants/$host/static/$1
|
||||
/var/lib/bijoe/tenants/$host/theme/static/$1
|
||||
/var/lib/bijoe/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/bijoe/tenants/$host/media/$1;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/bijoe/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/bijoe/bijoe.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-bijoe.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,30 +6,5 @@ server {
|
|||
access_log /var/log/nginx/chrono-access.log combined_full;
|
||||
error_log /var/log/nginx/chrono-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/chrono/tenants/$host/static/$1
|
||||
/var/lib/chrono/tenants/$host/theme/static/$1
|
||||
/var/lib/chrono/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/chrono/tenants/$host/media/$1;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/chrono/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/chrono/chrono.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-chrono.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,31 +6,5 @@ server {
|
|||
access_log /var/log/nginx/combo-access.log combined_full;
|
||||
error_log /var/log/nginx/combo-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/combo/tenants/$host/static/$1
|
||||
/var/lib/combo/tenants/$host/theme/static/$1
|
||||
/var/lib/combo/collectstatic/$1
|
||||
=404;
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
}
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/combo/tenants/$host/media/$1;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/combo/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/combo/combo.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-combo.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,30 +6,5 @@ server {
|
|||
access_log /var/log/nginx/corbo-access.log combined_full;
|
||||
error_log /var/log/nginx/corbo-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/corbo/tenants/$host/static/$1
|
||||
/var/lib/corbo/tenants/$host/theme/static/$1
|
||||
/var/lib/corbo/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/corbo/tenants/$host/media/$1;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/corbo/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/corbo/corbo.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-corbo.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,26 +6,5 @@ server {
|
|||
access_log /var/log/nginx/fargo-access.log combined_full;
|
||||
error_log /var/log/nginx/fargo-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/fargo/tenants/$host/static/$1
|
||||
/var/lib/fargo/tenants/$host/theme/static/$1
|
||||
/var/lib/fargo/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/fargo/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/fargo/fargo.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-fargo.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,30 +6,5 @@ server {
|
|||
access_log /var/log/nginx/hobo-access.log combined_full;
|
||||
error_log /var/log/nginx/hobo-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/hobo/tenants/$host/static/$1
|
||||
/var/lib/hobo/tenants/$host/theme/static/$1
|
||||
/var/lib/hobo/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/hobo/tenants/$host/media/$1;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/hobo/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/hobo/hobo.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-hobo.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,30 +6,5 @@ server {
|
|||
access_log /var/log/nginx/mandayejs-access.log combined_full;
|
||||
error_log /var/log/nginx/mandayejs-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/mandayejs/tenants/$host/static/$1
|
||||
/var/lib/mandayejs/tenants/$host/theme/static/$1
|
||||
/var/lib/mandayejs/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/mandayejs/tenants/$host/media/$1;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/mandayejs/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/mandayejs/mandayejs.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-mandayejs.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,26 +6,5 @@ server {
|
|||
access_log /var/log/nginx/passerelle-access.log combined_full;
|
||||
error_log /var/log/nginx/passerelle-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/passerelle/tenants/$host/static/$1
|
||||
/var/lib/passerelle/tenants/$host/theme/static/$1
|
||||
/var/lib/passerelle/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/passerelle/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/passerelle/passerelle.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-passerelle.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,31 +6,5 @@ server {
|
|||
access_log /var/log/nginx/wcs-access.log combined_full;
|
||||
error_log /var/log/nginx/wcs-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/wcs/$host/static/$1
|
||||
/var/lib/wcs/$host/theme/static/$1
|
||||
/var/lib/wcs/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/wcs/$host/media/$1;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/wcs/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
proxy_pass http://unix:/var/run/wcs/wcs.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-wcs.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,30 +7,5 @@ server {
|
|||
access_log /var/log/nginx/welco-access.log combined_full;
|
||||
error_log /var/log/nginx/welco-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/welco/tenants/$host/static/$1
|
||||
/var/lib/welco/tenants/$host/theme/static/$1
|
||||
/var/lib/welco/collectstatic/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/welco/tenants/$host/media/$1;
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/welco/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/welco/welco.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
}
|
||||
include snippets/publik-welco.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,47 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^connexion ~^login ~^authent;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/authentic2-multitenant-access.log combined_full;
|
||||
error_log /var/log/nginx/authentic2-multitenant-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/authentic2-multitenant/tenants/$host/static/$1
|
||||
/var/lib/authentic2-multitenant/tenants/$host/theme/static/$1
|
||||
/var/lib/authentic2-multitenant/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/authentic2-multitenant/tenants/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/authentic2-multitenant/www/robots.txt;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/authentic2-multitenant/authentic2-multitenant.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-authentic.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,44 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^statistique ~^bijoe;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/bijoe-access.log combined_full;
|
||||
error_log /var/log/nginx/bijoe-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/bijoe/tenants/$host/static/$1
|
||||
/var/lib/bijoe/tenants/$host/theme/static/$1
|
||||
/var/lib/bijoe/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/bijoe/tenants/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/bijoe/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/bijoe/bijoe.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-bijoe.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,44 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^agenda ~^chrono;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/chrono-access.log combined_full;
|
||||
error_log /var/log/nginx/chrono-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/chrono/tenants/$host/static/$1
|
||||
/var/lib/chrono/tenants/$host/theme/static/$1
|
||||
/var/lib/chrono/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/chrono/tenants/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/chrono/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/chrono/chrono.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-chrono.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,44 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^agent ~^portail ~^compte ~^mon\.;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/combo-access.log combined_full;
|
||||
error_log /var/log/nginx/combo-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/combo/tenants/$host/static/$1
|
||||
/var/lib/combo/tenants/$host/theme/static/$1
|
||||
/var/lib/combo/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/combo/tenants/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/combo/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/combo/combo.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-combo.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,44 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^annonce ~^corbo;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/corbo-access.log combined_full;
|
||||
error_log /var/log/nginx/corbo-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/corbo/tenants/$host/static/$1
|
||||
/var/lib/corbo/tenants/$host/theme/static/$1
|
||||
/var/lib/corbo/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/corbo/tenants/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/corbo/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/corbo/corbo.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-corbo.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,37 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^portedoc ~^porte-doc ~^fargo;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/fargo-access.log combined_full;
|
||||
error_log /var/log/nginx/fargo-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/fargo/tenants/$host/static/$1
|
||||
/var/lib/fargo/tenants/$host/theme/static/$1
|
||||
/var/lib/fargo/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/fargo/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/fargo/fargo.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-fargo.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,44 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^hobo;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/hobo-access.log combined_full;
|
||||
error_log /var/log/nginx/hobo-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/hobo/tenants/$host/static/$1
|
||||
/var/lib/hobo/tenants/$host/theme/static/$1
|
||||
/var/lib/hobo/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/hobo/tenants/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/hobo/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/hobo/hobo.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-hobo.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,44 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^mandayejs;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/mandayejs-access.log combined_full;
|
||||
error_log /var/log/nginx/mandayejs-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/mandayejs/tenants/$host/static/$1
|
||||
/var/lib/mandayejs/tenants/$host/theme/static/$1
|
||||
/var/lib/mandayejs/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/mandayejs/tenants/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/mandayejs/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/mandayejs/mandayejs.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-mandayejs.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,37 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^passerelle;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/passerelle-access.log combined_full;
|
||||
error_log /var/log/nginx/passerelle-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/passerelle/tenants/$host/static/$1
|
||||
/var/lib/passerelle/tenants/$host/theme/static/$1
|
||||
/var/lib/passerelle/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/passerelle/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/passerelle/passerelle.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-passerelle.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,44 +3,12 @@ server {
|
|||
listen [::]:443 http2;
|
||||
server_name ~^demarche ~^form;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/wcs-access.log combined_full;
|
||||
error_log /var/log/nginx/wcs-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/wcs/$host/static/$1
|
||||
/var/lib/wcs/$host/theme/static/$1
|
||||
/var/lib/wcs/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/wcs/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/wcs/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/wcs/wcs.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-wcs.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,44 +3,12 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ~^courrier ~^welco;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/welco-access.log combined_full;
|
||||
error_log /var/log/nginx/welco-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/welco/tenants/$host/static/$1
|
||||
/var/lib/welco/tenants/$host/theme/static/$1
|
||||
/var/lib/welco/collectstatic/$1
|
||||
=404;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
include snippets/gzip-statics.conf;
|
||||
}
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
location ~ ^/media/(.+)$ {
|
||||
alias /var/lib/welco/tenants/$host/media/$1;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
add_header 'Content-Security-Policy' "default-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline';";
|
||||
}
|
||||
|
||||
location /robots.txt {
|
||||
alias /var/lib/welco/www/robots.txt;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/welco/welco.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
add_header 'X-Content-Type-Options' 'nosniff';
|
||||
add_header 'X-XSS-Protection' '1; mode=block';
|
||||
}
|
||||
include snippets/publik-openssl.conf;
|
||||
include snippets/publik-welco.conf;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,11 +3,14 @@ server {
|
|||
listen [::]:443 ssl default_server http2;
|
||||
server_name _;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
access_log /var/log/nginx/default-access.log combined_full;
|
||||
error_log /var/log/nginx/default-error.log;
|
||||
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
include snippets/publik-ssl.conf;
|
||||
|
||||
location / {
|
||||
return 404;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue