diff --git a/Nginx/Locations/mracs.dev/mcmap.loc.conf b/Nginx/Locations/mracs.dev/mcmap.loc.conf new file mode 100644 index 0000000..62d88c5 --- /dev/null +++ b/Nginx/Locations/mracs.dev/mcmap.loc.conf @@ -0,0 +1,3 @@ +location /mcmap { + proxy_pass http://localhost:8123; +} diff --git a/Nginx/Server Blocks/ats.libraryofcode.org.conf b/Nginx/Server Blocks/ats.libraryofcode.org.conf deleted file mode 100644 index 438ef82..0000000 --- a/Nginx/Server Blocks/ats.libraryofcode.org.conf +++ /dev/null @@ -1,23 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name ats.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - root /var/www/opencats; - - index index.html index.htm index.php; - - location / { - try_files $uri $uri/ =404; - } - - location ~ \.php$ { - include snippets/fastcgi-php.conf; - fastcgi_pass unix:/run/php/php7.0-fpm.sock; - fastcgi_param HTACCESS on; - proxy_read_timeout 800; - } -} diff --git a/Nginx/Server Blocks/bin.libraryofcode.org.conf b/Nginx/Server Blocks/bin.libraryofcode.org.conf deleted file mode 100644 index 0ffe6a5..0000000 --- a/Nginx/Server Blocks/bin.libraryofcode.org.conf +++ /dev/null @@ -1,14 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name bin.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - root /var/binary; - - location / { - autoindex on; - } -} diff --git a/Nginx/Server Blocks/board.ins.conf b/Nginx/Server Blocks/board.ins.conf deleted file mode 100644 index a4b7853..0000000 --- a/Nginx/Server Blocks/board.ins.conf +++ /dev/null @@ -1,16 +0,0 @@ -server { - listen 10.8.0.1:443 ssl http2; - #listen [::]:443 ssl http2; - server_name board.ins; - - ssl_certificate /etc/nginx/ssl/board-ins.chain.crt; - ssl_certificate_key /etc/nginx/ssl/board-ins.key.pem; - - location / { - proxy_pass http://localhost:3121; - } - - location /api { - proxy_pass http://localhost:3892; - } -} diff --git a/Nginx/Server Blocks/book.libraryofcode.org.conf b/Nginx/Server Blocks/book.libraryofcode.org.conf deleted file mode 100644 index d177211..0000000 --- a/Nginx/Server Blocks/book.libraryofcode.org.conf +++ /dev/null @@ -1,24 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name book.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - root /opt/book; - - index index.html index.htm index.php; - - - location ~ \.php$ { - include snippets/fastcgi-php.conf; - fastcgi_pass unix:/run/php/php7.3-fpm.sock; - fastcgi_param HTACCESS on; - proxy_read_timeout 800; - } - - if (!-e $request_filename){ - rewrite ^(.*)$ /index.php?/$1 last; - } -} diff --git a/Nginx/Server Blocks/certapi.libraryofcode.org.conf b/Nginx/Server Blocks/certapi.libraryofcode.org.conf deleted file mode 100644 index 2c429eb..0000000 --- a/Nginx/Server Blocks/certapi.libraryofcode.org.conf +++ /dev/null @@ -1,12 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name certapi.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - location / { - proxy_pass http://localhost:3030; - } -} diff --git a/Nginx/Server Blocks/cloud.libraryofcode.org.conf b/Nginx/Server Blocks/cloud.libraryofcode.org.conf deleted file mode 100644 index f503341..0000000 --- a/Nginx/Server Blocks/cloud.libraryofcode.org.conf +++ /dev/null @@ -1,16 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name cloud.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - location / { - return 307 $scheme://www.libraryofcode.org/; - } - - location ~ /(.*)$ { - rewrite https://$1.cloud.libraryofcode.org temporary; - } -} diff --git a/Nginx/Server Blocks/comm.libraryofcode.org.conf b/Nginx/Server Blocks/comm.libraryofcode.org.conf deleted file mode 100644 index 6bb8605..0000000 --- a/Nginx/Server Blocks/comm.libraryofcode.org.conf +++ /dev/null @@ -1,12 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name comm.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - location / { - proxy_pass http://localhost:3895; - } -} diff --git a/Nginx/Server Blocks/confluence.libraryofcode.org.conf b/Nginx/Server Blocks/confluence.libraryofcode.org.conf deleted file mode 100644 index 1fbbe46..0000000 --- a/Nginx/Server Blocks/confluence.libraryofcode.org.conf +++ /dev/null @@ -1,22 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name confluence.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - location / { - return 307 https://wiki.libraryofcode.org/; - } - - location /synchrony { - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://localhost:8091/synchrony; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - } -} diff --git a/Nginx/Server Blocks/content.libraryofcode.org.conf b/Nginx/Server Blocks/content.libraryofcode.org.conf deleted file mode 100644 index 9d5fff5..0000000 --- a/Nginx/Server Blocks/content.libraryofcode.org.conf +++ /dev/null @@ -1,20 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name content.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - root /var/www/content; - - location / { - autoindex on; - } - - location /sec { - autoindex on; - auth_basic "Secure Area"; - auth_basic_user_file /etc/nginx/htpasswd; - } -} diff --git a/Nginx/Server Blocks/cr.ins.conf b/Nginx/Server Blocks/cr.ins.conf deleted file mode 100644 index 24d2202..0000000 --- a/Nginx/Server Blocks/cr.ins.conf +++ /dev/null @@ -1,12 +0,0 @@ -server { - listen 10.8.0.1:443 ssl http2; - #listen [::]:443 ssl http2; - server_name cr.ins; - - ssl_certificate /etc/nginx/ssl/cr-ins.chain.crt; - ssl_certificate_key /etc/nginx/ssl/cr-ins.key.pem; - - location / { - proxy_pass http://10.8.0.1:3891; - } -} diff --git a/Nginx/Server Blocks/cshd.ins.conf b/Nginx/Server Blocks/cshd.ins.conf deleted file mode 100644 index 6fecbc3..0000000 --- a/Nginx/Server Blocks/cshd.ins.conf +++ /dev/null @@ -1,12 +0,0 @@ -server { - listen 10.8.0.1:443 ssl http2; - #listen [::]:443 ssl http2; - server_name cshd.ins; - - ssl_certificate /etc/nginx/ssl/cshd-ins.chain.crt; - ssl_certificate_key /etc/nginx/ssl/cshd-ins.key.pem; - - location / { - proxy_pass http://10.8.0.1:5479; - } -} diff --git a/Nginx/Server Blocks/data.ins.conf b/Nginx/Server Blocks/data.ins.conf deleted file mode 100644 index 43397af..0000000 --- a/Nginx/Server Blocks/data.ins.conf +++ /dev/null @@ -1,12 +0,0 @@ -server { - listen 10.8.0.1:443 ssl http2; - #listen [::]:443 ssl http2; - server_name data.ins; - - ssl_certificate /etc/nginx/ssl/data-ins.chain.crt; - ssl_certificate_key /etc/nginx/ssl/data-ins.key.pem; - - location / { - proxy_pass http://10.8.0.1:19999; - } -} diff --git a/Nginx/Server Blocks/directory.libraryofcode.org.conf b/Nginx/Server Blocks/directory.libraryofcode.org.conf deleted file mode 100644 index 1de7d2b..0000000 --- a/Nginx/Server Blocks/directory.libraryofcode.org.conf +++ /dev/null @@ -1,11 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name directory.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - root /var/www/staff-directory; - index index.html; -} diff --git a/Nginx/Server Blocks/dns.ins.conf b/Nginx/Server Blocks/dns.ins.conf deleted file mode 100644 index 26a2019..0000000 --- a/Nginx/Server Blocks/dns.ins.conf +++ /dev/null @@ -1,35 +0,0 @@ -server { - listen 10.8.0.1:443 ssl http2; - server_name dns.ins; - - ssl_certificate /etc/nginx/ssl/dns-ins.chain.crt; - ssl_certificate_key /etc/nginx/ssl/dns-ins.key.pem; - - - index index.html index.htm index.php; - root /opt/powerdns-admin; - - access_log /var/log/nginx/powerdns-admin.local.access.log combined; - error_log /var/log/nginx/powerdns-admin.local.error.log; - - location ~ ^/static/ { - include /etc/nginx/mime.types; - root /opt/powerdns-admin/powerdnsadmin; - - location ~* \.(jpg|jpeg|png|gif)$ { - expires 365d; - } - - location ~* ^.+.(css|js)$ { - expires 7d; - } - } - - location / { - proxy_pass http://unix:/run/powerdns-admin/socket; - proxy_read_timeout 120; - proxy_connect_timeout 120; - proxy_redirect off; - } - -} diff --git a/Nginx/Server Blocks/docker.libraryofcode.org.conf b/Nginx/Server Blocks/docker.libraryofcode.org.conf deleted file mode 100644 index 2b24f42..0000000 --- a/Nginx/Server Blocks/docker.libraryofcode.org.conf +++ /dev/null @@ -1,14 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name docker.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - client_max_body_size 1G; - - location / { - proxy_pass http://localhost:5000; - } -} diff --git a/Nginx/Server Blocks/drive.libraryofcode.org.conf b/Nginx/Server Blocks/drive.libraryofcode.org.conf deleted file mode 100644 index d13fc6f..0000000 --- a/Nginx/Server Blocks/drive.libraryofcode.org.conf +++ /dev/null @@ -1,14 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name drive.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - client_max_body_size 1G; - - location / { - proxy_pass http://localhost:5608; - } -} diff --git a/Nginx/Server Blocks/eds.libraryofcode.org.conf b/Nginx/Server Blocks/eds.libraryofcode.org.conf deleted file mode 100644 index df2a6f5..0000000 --- a/Nginx/Server Blocks/eds.libraryofcode.org.conf +++ /dev/null @@ -1,17 +0,0 @@ -upstream eds-backend { - server localhost:7101; - server node2.libraryofcode.org:7101 backup; -} - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name eds.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - location / { - proxy_pass http://eds-backend; - } -} diff --git a/Nginx/Server Blocks/edu.libraryofcode.org.conf b/Nginx/Server Blocks/edu.libraryofcode.org.conf deleted file mode 100644 index 1bb2c6b..0000000 --- a/Nginx/Server Blocks/edu.libraryofcode.org.conf +++ /dev/null @@ -1,42 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name edu.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - root /opt/moodle; - - index index.html index.htm index.php; - - error_page 404 /error/index.php; error_page 403 =404 /error/index.php; - - location ~ [^/]\.php(/|$) { - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_index index.php; - fastcgi_pass unix:/run/php/php8.0-fpm_moodle.sock; - include fastcgi_params; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_read_timeout 300; - proxy_read_timeout 300; - } - - location /dataroot/ { - internal; - alias /var/opt/moodledata/; # ensure the path ends with / - } - - # Hide all dot files but allow "Well-Known URIs" as per RFC 5785 - location ~ /\.(?!well-known).* { - return 404; - } - - # This should be after the php fpm rule and very close to the last nginx ruleset. - # Don't allow direct access to various internal files. See MDL-69333 - location ~ (/vendor/|/node_modules/|composer\.json|/readme|/README|readme\.txt|/upgrade\.txt|db/install\.xml|/fixtures/|/behat/|phpunit\.xml|\.lock|environment\.xml) { - deny all; - return 404; - } -} diff --git a/Nginx/Server Blocks/firewall.ins.conf b/Nginx/Server Blocks/firewall.ins.conf deleted file mode 100644 index 8c3aa37..0000000 --- a/Nginx/Server Blocks/firewall.ins.conf +++ /dev/null @@ -1,12 +0,0 @@ -server { - listen 10.8.0.1:443 ssl http2; - #listen [::]:443 ssl http2; - server_name firewall.ins; - - ssl_certificate /etc/nginx/ssl/firewall-ins.chain.crt; - ssl_certificate_key /etc/nginx/ssl/firewall-ins.key.pem; - - location / { - proxy_pass http://192.168.56.1:80; - } -} diff --git a/Nginx/Server Blocks/forms.libraryofcode.org.conf b/Nginx/Server Blocks/forms.libraryofcode.org.conf deleted file mode 100644 index dead835..0000000 --- a/Nginx/Server Blocks/forms.libraryofcode.org.conf +++ /dev/null @@ -1,13 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name forms.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - root /var/www/forms; - - rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent; - try_files $uri.html $uri/ $uri =404; -} diff --git a/Nginx/Server Blocks/gitlab.libraryofcode.org.conf b/Nginx/Server Blocks/gitlab.libraryofcode.org.conf deleted file mode 100644 index a28d808..0000000 --- a/Nginx/Server Blocks/gitlab.libraryofcode.org.conf +++ /dev/null @@ -1,68 +0,0 @@ -upstream gitlab-workhorse { - server unix:/var/opt/gitlab/gitlab-workhorse/sockets/socket fail_timeout=0; -} - - -## HTTPS host -server { - listen 0.0.0.0:443 ssl http2; - listen [::]:443 ipv6only=on ssl http2; - server_name gitlab.libraryofcode.org; ## Replace this with something like gitlab.example.com - root /opt/gitlab/embedded/service/gitlab-rails/public; - - ## Strong SSL Security - ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/ - ssl on; - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs - #ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - ssl_protocols TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 5m; - - ## See app/controllers/application_controller.rb for headers set - - ## [Optional] Enable HTTP Strict Transport Security - ## HSTS is a feature improving protection against MITM attacks - ## For more information see: https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/ - add_header Strict-Transport-Security "max-age=31536000; preload"; - - ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL. - ## Replace with your ssl_trusted_certificate. For more info see: - ## - https://medium.com/devops-programming/4445f4862461 - ## - https://www.ruby-forum.com/topic/4419319 - ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx - # ssl_stapling on; - # ssl_stapling_verify on; - # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt; - # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired - # resolver_timeout 5s; - - ## Individual nginx logs for this GitLab vhost - access_log /var/log/nginx/gitlab_access.log; - error_log /var/log/nginx/gitlab_error.log; - - location / { - client_max_body_size 0; - gzip off; - - ## https://github.com/gitlabhq/gitlabhq/issues/694 - ## Some requests take more than 30 seconds. - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_redirect off; - - proxy_http_version 1.1; - - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Ssl on; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://gitlab-workhorse; - } -} diff --git a/Nginx/Server Blocks/gocrypt.libraryofcode.org.conf b/Nginx/Server Blocks/gocrypt.libraryofcode.org.conf deleted file mode 100644 index 1f744c5..0000000 --- a/Nginx/Server Blocks/gocrypt.libraryofcode.org.conf +++ /dev/null @@ -1,16 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name gocrypt.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - root /var/www/gocryptdoc; - index index.html; - - location / { - try_files $uri $uri/index.html =404; - - } -} diff --git a/Nginx/Server Blocks/hr.libraryofcode.org.conf b/Nginx/Server Blocks/hr.libraryofcode.org.conf deleted file mode 100644 index 568b631..0000000 --- a/Nginx/Server Blocks/hr.libraryofcode.org.conf +++ /dev/null @@ -1,12 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name hr.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - location / { - proxy_pass http://localhost:5487; - } -} diff --git a/Nginx/Server Blocks/inbox.libraryofcode.org.conf b/Nginx/Server Blocks/inbox.libraryofcode.org.conf deleted file mode 100644 index f2d00ea..0000000 --- a/Nginx/Server Blocks/inbox.libraryofcode.org.conf +++ /dev/null @@ -1,31 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name inbox.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - root /var/www/rainloop; - index index.php index.html; - - access_log /var/log/nginx/rainloop_access.log; - error_log /var/log/nginx/rainloop_error.log; - - location / { - try_files $uri $uri/ /index.php?$query_string; - } - - location ~ ^/(.+\.php)$ { - try_files $uri =404; - fastcgi_pass unix:/run/php/php7.0-fpm.sock; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include /etc/nginx/fastcgi_params; - } - - location ^~ /data { - deny all; - } - -} diff --git a/Nginx/Server Blocks/ins-test.libraryofcode.org.conf b/Nginx/Server Blocks/ins-test.libraryofcode.org.conf deleted file mode 100644 index 5162522..0000000 --- a/Nginx/Server Blocks/ins-test.libraryofcode.org.conf +++ /dev/null @@ -1,30 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name ins-test.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/ins-test.chain.crt; - ssl_certificate_key /etc/nginx/ssl/ins-test.key.pem; - - ssl_session_cache builtin:1000 shared:SSL:10m; - #ssl_protocols TLSv1.2; - - #ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - - ssl_protocols TLSv1.2; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - ssl_prefer_server_ciphers on; - - ssl_stapling on; - ssl_stapling_verify off; - - root /var/www/content; - location / { - autoindex on; - } - location /sec { - autoindex on; - auth_basic "Secure Area"; - auth_basic_user_file /etc/nginx/htpasswd; - } -} diff --git a/Nginx/Server Blocks/internships.libraryofcode.org.conf b/Nginx/Server Blocks/internships.libraryofcode.org.conf deleted file mode 100644 index abfc5aa..0000000 --- a/Nginx/Server Blocks/internships.libraryofcode.org.conf +++ /dev/null @@ -1,30 +0,0 @@ -// php7.2-fpm-internships.sock - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name internships.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - - location ~ [^/]\.php(/|$) { - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_index index.php; - fastcgi_pass /run/php/php7.2-fpm-internships.sock; - include fastcgi_params; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - } - - # Hide all dot files but allow "Well-Known URIs" as per RFC 5785 - location ~ /\.(?!well-known).* { - return 404; - } - - location ~ (/vendor/|/node_modules/|composer\.json|/readme|/README|readme\.txt|/upgrade\.txt|db/install\.xml|/fixtures/|/behat/|phpunit\.xml|\.lock|environment\.xml) { - deny all; - return 404; - } -} diff --git a/Nginx/Server Blocks/journal.libraryofcode.org.conf b/Nginx/Server Blocks/journal.libraryofcode.org.conf deleted file mode 100644 index 2c741a6..0000000 --- a/Nginx/Server Blocks/journal.libraryofcode.org.conf +++ /dev/null @@ -1,44 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name journal.libraryofcode.org; - - root /var/www/ojs; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Content-Type-Options "nosniff"; - - index index.html index.htm index.php; - - charset utf-8; - - location / { - try_files $uri $uri/ /index.php?$query_string; - } - - error_page 404 /index.php; - - location ~ ^(.+\.php)(.*)$ { - set $path_info $fastcgi_path_info; - fastcgi_split_path_info ^(.+\.php)(.*)$; - fastcgi_param PATH_INFO $path_info; - fastcgi_param PATH_TRANSLATED $document_root$path_info; - - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - include fastcgi_params; - - fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - } - - location ~ /\.(?!well-known).* { - deny all; - } -} diff --git a/Nginx/Server Blocks/keys.ins.conf b/Nginx/Server Blocks/keys.ins.conf deleted file mode 100644 index fcb5981..0000000 --- a/Nginx/Server Blocks/keys.ins.conf +++ /dev/null @@ -1,13 +0,0 @@ -server { - listen 10.8.0.1:443 ssl http2; - #listen [::]:443 ssl http2; - server_name keys.ins; - - ssl_certificate /etc/nginx/ssl/keys-ins.chain.crt; - ssl_certificate_key /etc/nginx/ssl/keys-ins.key.pem; - - root /var/www/keys; - location / { - autoindex on; - } -} diff --git a/Nginx/Server Blocks/keys.libraryofcode.org.conf b/Nginx/Server Blocks/keys.libraryofcode.org.conf deleted file mode 100644 index b0707bb..0000000 --- a/Nginx/Server Blocks/keys.libraryofcode.org.conf +++ /dev/null @@ -1,22 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2;server_name keys.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - root /var/www/html/sks; - - error_page 404 /404.html; - - location ~ (.git|LICENSE|readme.md) { - deny all; - return 404; - } - - location /pks { - proxy_pass http://localhost:11371; - proxy_pass_header Server; - } - -} diff --git a/Nginx/Server Blocks/libraryofcode.org.conf b/Nginx/Server Blocks/libraryofcode.org.conf deleted file mode 100644 index 224d629..0000000 --- a/Nginx/Server Blocks/libraryofcode.org.conf +++ /dev/null @@ -1,39 +0,0 @@ -server { - listen 443 ssl http2 default_server; - listen [::]:443 ssl http2 default_server; - server_name www.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - root /var/www/wordpress; - index index.php; - - location / { - try_files $uri $uri/ /index.php?$args; - } - - location ~ \.php$ { - #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini - include fastcgi_params; - fastcgi_intercept_errors on; - fastcgi_pass unix:/run/php/php7.3-fpm.sock; - #The following parameter can be also included in fastcgi_params file - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { - expires max; - log_not_found off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location = /ads.txt { - root /var/www/int/1; - } -} diff --git a/Nginx/Server Blocks/lists-old.libraryofcode.org.conf b/Nginx/Server Blocks/lists-old.libraryofcode.org.conf deleted file mode 100644 index a823fa7..0000000 --- a/Nginx/Server Blocks/lists-old.libraryofcode.org.conf +++ /dev/null @@ -1,34 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name lists.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - client_max_body_size 1G; - - location / { - return 307 $scheme://lists.libraryofcode.org/cgi-bin/mailman/listinfo; - } - - location /cgi-bin/mailman { - root /usr/lib/; - fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$; - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; - fastcgi_intercept_errors on; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - location /images/mailman { - alias /usr/share/images/mailman; - } - - location /pipermail { - alias /var/lib/mailman/archives/public; - autoindex on; - } -} diff --git a/Nginx/Server Blocks/lists.libraryofcode.org.conf b/Nginx/Server Blocks/lists.libraryofcode.org.conf deleted file mode 100644 index 9a5f110..0000000 --- a/Nginx/Server Blocks/lists.libraryofcode.org.conf +++ /dev/null @@ -1,16 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name lists.libraryofcode.org; - - location /static/ { - alias /etc/mailman3/static/; - } - - location / { - proxy_pass http://127.0.0.1:6475; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; - - } -} diff --git a/Nginx/Server Blocks/loc.sh.conf b/Nginx/Server Blocks/loc.sh.conf deleted file mode 100644 index 01c1ea1..0000000 --- a/Nginx/Server Blocks/loc.sh.conf +++ /dev/null @@ -1,13 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name loc.sh; - - ssl_certificate /etc/letsencrypt/live/loc.sh-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/loc.sh-0001/privkey.pem; # managed by Certbot - - location / { - proxy_pass http://localhost:3890; - } - -} diff --git a/Nginx/Server Blocks/mc-map.libraryofcode.org.conf b/Nginx/Server Blocks/mc-map.libraryofcode.org.conf deleted file mode 100644 index 7d3a809..0000000 --- a/Nginx/Server Blocks/mc-map.libraryofcode.org.conf +++ /dev/null @@ -1,12 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name mc-map.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - location / { - proxy_pass http://localhost:8123; - } -} diff --git a/Nginx/Server Blocks/modmail.ins.conf b/Nginx/Server Blocks/modmail.ins.conf deleted file mode 100644 index 4a554e1..0000000 --- a/Nginx/Server Blocks/modmail.ins.conf +++ /dev/null @@ -1,12 +0,0 @@ -server { - listen 10.8.0.1:443 ssl http2; - #listen [::]:443 ssl http2; - server_name modmail.ins; - - ssl_certificate /etc/nginx/ssl/modmail-ins.chain.crt; - ssl_certificate_key /etc/nginx/ssl/modmail-ins.key.pem; - - location / { - proxy_pass http://10.8.0.1:5478; - } -} diff --git a/Nginx/Server Blocks/mracs.dev.conf b/Nginx/Server Blocks/mracs.dev.conf new file mode 100644 index 0000000..5b35445 --- /dev/null +++ b/Nginx/Server Blocks/mracs.dev.conf @@ -0,0 +1,7 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name mracs.dev; + + include /etc/nginx/loc/mracs.dev/*; +} diff --git a/Nginx/Server Blocks/nlm.libraryofcode.org.conf b/Nginx/Server Blocks/nlm.libraryofcode.org.conf deleted file mode 100644 index b1f9213..0000000 --- a/Nginx/Server Blocks/nlm.libraryofcode.org.conf +++ /dev/null @@ -1,12 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name nlm.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - location / { - proxy_pass http://localhost:9000; - } -} diff --git a/Nginx/Server Blocks/pbx.ins.conf b/Nginx/Server Blocks/pbx.ins.conf deleted file mode 100644 index 90c6c61..0000000 --- a/Nginx/Server Blocks/pbx.ins.conf +++ /dev/null @@ -1,34 +0,0 @@ -server { - listen 10.8.0.1:443 ssl http2; - listen [::]:443 ssl http2; - server_name pbx.ins; - - ssl_certificate /etc/nginx/ssl/pbx-ins.chain.crt; - ssl_certificate_key /etc/nginx/ssl/pbx-ins.key.pem; - - client_max_body_size 230M; - client_body_timeout 1h; - - root /var/www/html; - index index.html index.htm index.php; - - location / { - try_files $uri $uri/ =404; - } - - location ~ \.php$ { - include snippets/fastcgi-php.conf; # server defaults are good - fastcgi_pass unix:/run/php/php7.3-fpm-asterisk.sock; - fastcgi_param HTACCESS on; # disables FreePBX htaccess warning - proxy_read_timeout 800; - } - - # disallows the things that the FreePBX .htaccess files disallow - location ~ (/\.ht|/\.git|\.ini$|/libraries|/helpers|/i18n|/node|/views/.+php$) { - deny all; - } - - # from the api module .htaccess file - rewrite ^/admin/api/([^/]*)/([^/]*)/?(.*)?$ /admin/api/api.php?module=$1&command=$2&route=$3 last; - -} diff --git a/Nginx/Server Blocks/report.libraryofcode.org.conf b/Nginx/Server Blocks/report.libraryofcode.org.conf deleted file mode 100644 index 84018bb..0000000 --- a/Nginx/Server Blocks/report.libraryofcode.org.conf +++ /dev/null @@ -1,16 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name report.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - root /var/www/report; - index public/index.html; - - location /assets { - alias /var/www/report/assets/; - try_files $uri $uri/ =404; - } -} diff --git a/Nginx/Server Blocks/s3.libraryofcode.org.conf b/Nginx/Server Blocks/s3.libraryofcode.org.conf deleted file mode 100644 index 99f6a84..0000000 --- a/Nginx/Server Blocks/s3.libraryofcode.org.conf +++ /dev/null @@ -1,12 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name s3.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - location / { - proxy_pass http://localhost:9000; - } -} diff --git a/Nginx/Server Blocks/sis.libraryofcode.org.conf b/Nginx/Server Blocks/sis.libraryofcode.org.conf deleted file mode 100644 index 3baba9a..0000000 --- a/Nginx/Server Blocks/sis.libraryofcode.org.conf +++ /dev/null @@ -1,13 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name sis.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - location / { - #proxy_pass http://localhost:6969; - return 307 https://edu.libraryofcode.org/; - } -} diff --git a/Nginx/Server Blocks/skb.libraryofcode.org.conf b/Nginx/Server Blocks/skb.libraryofcode.org.conf deleted file mode 100644 index 1c70c5f..0000000 --- a/Nginx/Server Blocks/skb.libraryofcode.org.conf +++ /dev/null @@ -1,14 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name skb.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - client_max_body_size 1G; - - location / { - proxy_pass http://localhost:3001; - } -} diff --git a/Nginx/Server Blocks/staff.libraryofcode.org.conf b/Nginx/Server Blocks/staff.libraryofcode.org.conf deleted file mode 100644 index c861c9f..0000000 --- a/Nginx/Server Blocks/staff.libraryofcode.org.conf +++ /dev/null @@ -1,13 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name staff.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - #limit_req zone=one burst=15; - location / { - return 307 https://wiki.libraryofcode.org/en/cs-support; - } -} diff --git a/Nginx/Server Blocks/static.libraryofcode.org.conf b/Nginx/Server Blocks/static.libraryofcode.org.conf deleted file mode 100644 index faf4768..0000000 --- a/Nginx/Server Blocks/static.libraryofcode.org.conf +++ /dev/null @@ -1,13 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name static.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - root /var/www/static; - location / { - autoindex on; - } -} diff --git a/Nginx/Server Blocks/time.libraryofcode.org.conf b/Nginx/Server Blocks/time.libraryofcode.org.conf deleted file mode 100644 index f643472..0000000 --- a/Nginx/Server Blocks/time.libraryofcode.org.conf +++ /dev/null @@ -1,34 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name time.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - root /opt/kimai2/public; - index index.php; - - access_log off; - log_not_found off; - - location ~ /\.ht { - deny all; - } - - location / { - try_files $uri /index.php$is_args$args; - } - - location ~ ^/index\.php(/|$) { - fastcgi_pass unix:/run/php/php8.1-fpm.sock; - fastcgi_split_path_info ^(.+\.php)(/.*)$; - include fastcgi.conf; - fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root/..:/tmp/"; - internal; - } - - location ~ \.php$ { - return 404; - } -} diff --git a/Nginx/Server Blocks/wiki.libraryofcode.org.conf b/Nginx/Server Blocks/wiki.libraryofcode.org.conf deleted file mode 100644 index 40d6f4f..0000000 --- a/Nginx/Server Blocks/wiki.libraryofcode.org.conf +++ /dev/null @@ -1,14 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name wiki.libraryofcode.org; - - ssl_certificate /etc/nginx/ssl/org.chain.crt; - ssl_certificate_key /etc/nginx/ssl/org.key.pem; - - client_max_body_size 1G; - - location / { - proxy_pass http://localhost:3000; - } -} diff --git a/Nginx/nginx.conf b/Nginx/nginx.conf index 525d11f..5c8fc04 100644 --- a/Nginx/nginx.conf +++ b/Nginx/nginx.conf @@ -39,10 +39,12 @@ http { ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_stapling on; + ssl_certificate /etc/letsencrypt/live/mracs.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/mracs.dev/privkey.pem; #ssl_stapling_verify on; ssl_session_cache shared:SSL:10m; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - ssl_dhparam /etc/nginx/dhparam.pem; + #ssl_dhparam /etc/nginx/dhparam.pem; ssl_ecdh_curve X25519:prime256v1:secp384r1;