aboutsummaryrefslogtreecommitdiffstats
path: root/files/etc/nginx
diff options
context:
space:
mode:
Diffstat (limited to 'files/etc/nginx')
-rw-r--r--files/etc/nginx/sites-available/shione.net107
l---------files/etc/nginx/sites-enabled/shione.net1
2 files changed, 108 insertions, 0 deletions
diff --git a/files/etc/nginx/sites-available/shione.net b/files/etc/nginx/sites-available/shione.net
new file mode 100644
index 0000000..28f7afe
--- /dev/null
+++ b/files/etc/nginx/sites-available/shione.net
@@ -0,0 +1,107 @@
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# https://www.nginx.com/resources/wiki/start/
+# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
+# https://wiki.debian.org/Nginx/DirectoryStructure
+#
+# In most cases, administrators will remove this file from sites-enabled/ and
+# leave it as reference inside of sites-available where it will continue to be
+# updated by the nginx packaging team.
+#
+# This file will automatically load configuration files provided by other
+# applications, such as Drupal or Wordpress. These applications will be made
+# available underneath a path with that package name, such as /drupal8.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+# Default server configuration
+#
+# `fancyindex` is from `nginx-extras`.
+server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+
+ # SSL configuration
+ #
+ # Partially generated by https://ssl-config.mozilla.org/.
+ listen 443 ssl default_server;
+ listen [::]:443 ssl default_server;
+ #
+ # Note: You should disable gzip for SSL traffic.
+ # See: https://bugs.debian.org/773332
+ #
+ # Read up on ssl_ciphers to ensure a secure configuration.
+ # See: https://bugs.debian.org/765782
+ #
+ # Self signed certs generated by the ssl-cert package
+ # Don't use them in a production server!
+ #
+ # include snippets/snakeoil.conf;
+ # managed by Certbot.
+ ssl_certificate /etc/letsencrypt/live/shione.net/fullchain.pem;
+ # managed by Certbot.
+ ssl_certificate_key /etc/letsencrypt/live/shione.net/privkey.pem;
+ include /etc/letsencrypt/options-ssl-nginx.conf;
+
+ # OCSP stapling
+ ssl_stapling on;
+ ssl_stapling_verify on;
+
+ # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+ #
+ # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security.
+ add_header Strict-Transport-Security "max-age=63072000" always;
+
+ # Prevent spam.
+ add_header X-Robots-Tag "noai, noimageai" always;
+
+ server_name shione.net www.shione.net;
+
+ location ~* \.(htaccess|htpasswd) {
+ deny all;
+ }
+
+ location / {
+ root /var/www/html/shione.net;
+
+ index index.html;
+
+ auth_basic off;
+ # First attempt to serve request as file, then
+ # as directory, then fall back to displaying a 404.
+ try_files $uri $uri/ =404;
+ }
+
+ location /share {
+ root /var/www;
+
+ # Enable fancy indexes.
+ fancyindex on;
+
+ # Output human-readable file sizes.
+ fancyindex_exact_size off;
+ }
+
+ location ~ ^/share/(?<dir>[^/]+) {
+ root /var/www;
+
+ # Require authentication if available.
+ set $auth_basic off;
+ set $auth_basic_user_file "";
+ if (-f /var/www/share/$dir/.htpasswd) {
+ set $auth_basic Required;
+ set $auth_basic_user_file /var/www/share/$dir/.htpasswd;
+ }
+
+ auth_basic $auth_basic;
+ auth_basic_user_file $auth_basic_user_file;
+
+ # Enable fancy indexes.
+ fancyindex on;
+
+ # Output human-readable file sizes.
+ fancyindex_exact_size off;
+ }
+}
diff --git a/files/etc/nginx/sites-enabled/shione.net b/files/etc/nginx/sites-enabled/shione.net
new file mode 120000
index 0000000..2c390bf
--- /dev/null
+++ b/files/etc/nginx/sites-enabled/shione.net
@@ -0,0 +1 @@
+../sites-available/shione.net \ No newline at end of file