apoio.conf 3.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143
  1. ## Configuração para apoio.partidopirata.org
  2. ## Desenvolvimento
  3. server {
  4. listen 80;
  5. listen [::]:80;
  6. server_name apoio-dev.partidopirata.org;
  7. charset utf-8;
  8. client_max_body_size 75M;
  9. # Django media
  10. location /media {
  11. alias /home/crncosta/apoio.partidopirata.xyz/apoio/inc;
  12. }
  13. location /static {
  14. alias /home/crncosta/apoio.partidopirata.xyz/apoio/inc;
  15. }
  16. location / {
  17. uwsgi_pass django;
  18. include /home/crncosta/apoio.partidopirata.xyz/uwsgi_params;
  19. }
  20. }
  21. server {
  22. listen 80;
  23. listen [::]:80;
  24. server_name apoio-dev1.partidopirata.org;
  25. charset utf-8;
  26. client_max_body_size 75M;
  27. location /media {
  28. alias /home/jango/apoio-piratas.dev/apoio/inc;
  29. }
  30. location /static {
  31. alias /home/jango/apoio-piratas.dev/apoio/inc;
  32. }
  33. location / {
  34. uwsgi_pass apoio;
  35. include /home/jango/apoio-piratas.dev/uwsgi_params;
  36. }
  37. }
  38. server {
  39. listen 80;
  40. listen [::]:80;
  41. server_name apoio.partidopirata.org;
  42. return 301 https://apoio.partidopirata.org$request_uri;
  43. }
  44. server {
  45. listen 80;
  46. listen [::]:80;
  47. server_name *.apoio.partidopirata.org;
  48. return 301 http://apoio.partidopirata.org$request_uri;
  49. }
  50. ## SSL
  51. server {
  52. listen 443 ssl;
  53. listen [::]:443 ssl;
  54. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  55. ssl_prefer_server_ciphers on;
  56. ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  57. ssl_ecdh_curve secp384r1;
  58. ssl_session_cache shared:SSL:10m;
  59. ssl_session_tickets off;
  60. ssl_stapling on;
  61. ssl_stapling_verify on;
  62. resolver 208.67.220.220 208.67.222.222 valid=300s;
  63. resolver_timeout 5s;
  64. add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
  65. add_header X-Frame-Options SAMEORIGIN;
  66. add_header X-Content-Type-Options nosniff;
  67. ssl_certificate /etc/letsencrypt/live/partidopirata.org-0001/fullchain.pem;
  68. ssl_certificate_key /etc/letsencrypt/live/partidopirata.org-0001/privkey.pem;
  69. ssl_trusted_certificate /etc/letsencrypt/live/partidopirata.org-0001/chain.pem;
  70. server_name apoio.partidopirata.org;
  71. charset utf-8;
  72. client_max_body_size 75M;
  73. location /media {
  74. alias /home/jango/apoio-piratas.prod/apoio/inc;
  75. }
  76. location /static {
  77. alias /home/jango/apoio-piratas.prod/apoio/inc;
  78. }
  79. location / {
  80. uwsgi_pass apoio;
  81. include /home/jango/apoio-piratas.prod/uwsgi_params;
  82. }
  83. ## TODO: Consertar o FAQ
  84. location /faqs/ {
  85. return 307 /;
  86. }
  87. location /faqs/ask/ {
  88. return 307 /;
  89. }
  90. }
  91. ## Tor
  92. server {
  93. listen 127.0.0.1:42910;
  94. allow 127.0.0.1;
  95. deny all;
  96. add_header X-Frame-Options SAMEORIGIN;
  97. add_header X-Content-Type-Options nosniff;
  98. server_name apo5yfpbivxd5obb.onion;
  99. charset utf-8;
  100. client_max_body_size 75M;
  101. location /media {
  102. alias /home/jango/apoio-piratas.prod/apoio/inc;
  103. }
  104. location /static {
  105. alias /home/jango/apoio-piratas.prod/apoio/inc;
  106. }
  107. location / {
  108. uwsgi_pass apoio;
  109. include /home/jango/apoio-piratas.prod/uwsgi_params;
  110. }
  111. ## TODO: Consertar o FAQ
  112. location /faqs/ {
  113. return 307 /;
  114. }
  115. location /faqs/ask/ {
  116. return 307 /;
  117. }
  118. }