diff options
Diffstat (limited to 'files/etc')
-rw-r--r-- | files/etc/nginx/sites-available/shione.net | 107 | ||||
l--------- | files/etc/nginx/sites-enabled/shione.net | 1 |
2 files changed, 108 insertions, 0 deletions
diff --git a/files/etc/nginx/sites-available/shione.net b/files/etc/nginx/sites-available/shione.net new file mode 100644 index 0000000..28f7afe --- /dev/null +++ b/files/etc/nginx/sites-available/shione.net @@ -0,0 +1,107 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +# `fancyindex` is from `nginx-extras`. +server { + listen 80 default_server; + listen [::]:80 default_server; + + # SSL configuration + # + # Partially generated by https://ssl-config.mozilla.org/. + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + # managed by Certbot. + ssl_certificate /etc/letsencrypt/live/shione.net/fullchain.pem; + # managed by Certbot. + ssl_certificate_key /etc/letsencrypt/live/shione.net/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + + # OCSP stapling + ssl_stapling on; + ssl_stapling_verify on; + + # HSTS (ngx_http_headers_module is required) (63072000 seconds) + # + # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security. + add_header Strict-Transport-Security "max-age=63072000" always; + + # Prevent spam. + add_header X-Robots-Tag "noai, noimageai" always; + + server_name shione.net www.shione.net; + + location ~* \.(htaccess|htpasswd) { + deny all; + } + + location / { + root /var/www/html/shione.net; + + index index.html; + + auth_basic off; + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + location /share { + root /var/www; + + # Enable fancy indexes. + fancyindex on; + + # Output human-readable file sizes. + fancyindex_exact_size off; + } + + location ~ ^/share/(?<dir>[^/]+) { + root /var/www; + + # Require authentication if available. + set $auth_basic off; + set $auth_basic_user_file ""; + if (-f /var/www/share/$dir/.htpasswd) { + set $auth_basic Required; + set $auth_basic_user_file /var/www/share/$dir/.htpasswd; + } + + auth_basic $auth_basic; + auth_basic_user_file $auth_basic_user_file; + + # Enable fancy indexes. + fancyindex on; + + # Output human-readable file sizes. + fancyindex_exact_size off; + } +} diff --git a/files/etc/nginx/sites-enabled/shione.net b/files/etc/nginx/sites-enabled/shione.net new file mode 120000 index 0000000..2c390bf --- /dev/null +++ b/files/etc/nginx/sites-enabled/shione.net @@ -0,0 +1 @@ +../sites-available/shione.net
\ No newline at end of file |