lulzette/ansible-pet
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

rename web

Browse Source
This commit is contained in:
lulzette
2021-06-30 02:30:24 +00:00
parent 7c78252bfe
commit ceba4626c8
21 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
web/roles/nginx/files/sites-enabled/cloud.conf Normal file
View File

@@ -0,0 +1,91 @@
server {
listen 80;
# listen 443 ssl http2;
server_name cloud.{{domain}};
index index.php;
# ssl_certificate /etc/letsencrypt/live/cloud.{{domain}}/fullchain.pem; # managed by Certbot
# ssl_certificate_key /etc/letsencrypt/live/cloud.{{domain}}/privkey.pem; # managed by Certbot
# add_header X-Content-Type-Options nosniff;
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
# add_header X-XSS-Protection "1; mode=block";
# add_header X-Robots-Tag none;
# add_header X-Download-Options noopen;
# add_header X-Permitted-Cross-Domain-Policies none;
# add_header Referrer-Policy no-referrer;
# add_header X-Frame-Options SAMEORIGIN;
access_log /var/log/nginx/access.nextcloud.log main;
root /var/www/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
client_max_body_size 512M;
fastcgi_buffers 64 4K;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_send_timeout 1200;
fastcgi_read_timeout 1200;
fastcgi_pass unix:/run/php/php-cloud.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
access_log off;
}
}

17
web/roles/nginx/files/sites-enabled/default_server.conf Executable file
View File

@@ -0,0 +1,17 @@
server {
listen 80 default_server;
# listen 443 ssl default_server; # managed by Certbot
# ssl_certificate /etc/letsencrypt/live/xz777.ru/fullchain.pem; # managed by Certbot
# ssl_certificate_key /etc/letsencrypt/live/xz777.ru/privkey.pem; # managed by Certbot
# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
access_log /var/log/nginx/ip_access.log verbose_llz;
root /var/www/default_server;
index index.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
}

33
web/roles/nginx/files/sites-enabled/pma.conf Normal file
View File

@@ -0,0 +1,33 @@
server {
listen 80;
# listen 443 ssl http2;
server_name pma.{{domain}};
# ssl_certificate /etc/letsencrypt/live/pma.{{domain}}/fullchain.pem; # managed by Certbot
# ssl_certificate_key /etc/letsencrypt/live/pma.{{domain}}/privkey.pem; # managed by Certbot
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
# add_header X-Content-Type-Options nosniff;
# add_header X-XSS-Protection "1; mode=block";
# add_header X-Robots-Tag none;
# add_header X-Download-Options noopen;
# add_header X-Permitted-Cross-Domain-Policies none;
root /var/www/pma;
location ^~ / {
index index.php;
location ^~ /wiki/maintenance/ {
return 403;
}
location ~ .*.php$ {
include /etc/nginx/fastcgi.conf;
fastcgi_pass unix:/run/php/php-other.sock;
fastcgi_index index.php;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
}

43
web/roles/nginx/files/sites-enabled/root.conf Normal file
View File

@@ -0,0 +1,43 @@
server {
listen 80;
# listen 443 ssl http2;
server_name {{domain}};
# ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem; # managed by Certbot
# ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem; # managed by Certbot
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
# add_header X-Content-Type-Options nosniff;
# add_header X-XSS-Protection "1; mode=block";
root /var/www/root;
index index.html index.php;
access_log /var/log/nginx/access.log main;
# block cocksucking bots
if ($http_user_agent ~ (Ahrefs|MJ12bot|LinkpadBot|MauiBot|BLEXBot|SMTBot|SemrushBot|Nimbostratus-Bot)) {
return 444;
}
# https redirect
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
location / {
try_files $uri $uri/ =404;
}
location = /robots.txt {
allow all;
log_not_found off;
# access_log off;
}
location ^~ /.well-known/acme-challenge { }
location ~ .*.php$ {
include /etc/nginx/fastcgi.conf;
fastcgi_pass unix:/run/php/php-other.sock;
fastcgi_index index.php;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}

38
web/roles/nginx/files/sites-enabled/wiki.conf Normal file
View File

@@ -0,0 +1,38 @@
server {
listen 80;
# listen 443 ssl http2;
server_name wiki.{{domain}};
# ssl_certificate /etc/letsencrypt/live/wiki.{{domain}}/fullchain.pem; # managed by Certbot
# ssl_certificate_key /etc/letsencrypt/live/wiki.{{domain}}/privkey.pem; # managed by Certbot
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
# add_header X-Content-Type-Options nosniff;
# add_header X-XSS-Protection "1; mode=block";
# add_header X-Robots-Tag none;
# add_header X-Download-Options noopen;
# add_header X-Permitted-Cross-Domain-Policies none;
root /var/www;
location / {
return 302 /wiki;
}
location ^~ /wiki {
index index.php;
location ^~ /wiki/maintenance/ {
return 403;
}
location ~ .*.php$ {
include /etc/nginx/fastcgi.conf;
fastcgi_pass unix:/run/php/php-wiki.sock;
fastcgi_index index.php;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
# try_files $uri /index.php;
expires max;
log_not_found off;
}
}
}