diegor2
/
nginx.d
разклонено от piratas/nginx.d


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181
							## Configuração para biblioteca.partidopirata.org
server {
  listen 80;
  listen [::]:80;
  server_name biblioteca.partidopirata.org;
  return 301 https://biblioteca.partidopirata.org$request_uri;
}
server {
  listen 80;
  listen [::]:80;
  server_name *.biblioteca.partidopirata.org;
  return 301 http://biblioteca.partidopirata.org$request_uri;
}

## SSL
server {
  listen 443 ssl;
  listen [::]:443 ssl;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  ssl_ecdh_curve secp384r1;
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off;
  ssl_stapling on;
  ssl_stapling_verify on;
  resolver 208.67.220.220 208.67.222.222 valid=300s;
  resolver_timeout 5s;
  add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
  add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;
  ssl_certificate /etc/letsencrypt/live/partidopirata.org-0001/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/partidopirata.org-0001/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/partidopirata.org-0001/chain.pem;

  server_name biblioteca.partidopirata.org;

  #################################################
  # Stock useful config options, but ignore them :)
  #################################################
  include /etc/nginx/mime.types;

  autoindex off;
  default_type application/octet-stream;
  sendfile on;

  # Gzip
  gzip on;
  gzip_min_length 1024;
  gzip_buffers 4 32k;
  gzip_types text/plain application/x-javascript text/javascript text/xml text/css;

  #####################################
  # Mounting MediaGoblin stuff
  # This is the section you should read
  #####################################

  # Change this to update the upload size limit for your users
  client_max_body_size 1228M;
  client_body_timeout 360s;

  # prevent attacks (someone uploading a .txt file that the browser
  # interprets as an HTML file, etc.)
  add_header X-Content-Type-Options nosniff;

  # Log é o cacete
  #server_name mediagoblin.example.org www.mediagoblin.example.org;
  #access_log /var/log/nginx/mediagoblin.example.access.log;
  #error_log /var/log/nginx/mediagoblin.example.error.log;

  # MediaGoblin's stock static files: CSS, JS, etc.
  location /mgoblin_static/ {
    alias /home/biblioteca/mediagoblin/mediagoblin/static/;
  }

  # Instance specific media:
  location /mgoblin_media/ {
    alias /home/biblioteca/mediagoblin/user_dev/media/public/;
  }

  # Theme static files (usually symlinked in)
  location /theme_static/ {
    alias /home/biblioteca/mediagoblin/user_dev/theme_static/;
  }

  # Plugin static files (usually symlinked in)
  location /plugin_static/ {
    alias /home/biblioteca/mediagoblin/user_dev/plugin_static/;
  }

  # Mounting MediaGoblin itself via FastCGI.
  location / {
    fastcgi_pass 127.0.0.1:26543;
    include /etc/nginx/fastcgi_params;

    # our understanding vs nginx's handling of script_name vs
    # path_info don't match :)
    fastcgi_param PATH_INFO $fastcgi_script_name;
    fastcgi_param SCRIPT_NAME "";
    client_max_body_size 1228M;
  }
}

## Tor
server {
  listen 127.0.0.1:42908;
  allow 127.0.0.1;
  deny all;

  add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;

  server_name bibvznfpj46ymcwr.onion;

  #################################################
  # Stock useful config options, but ignore them :)
  #################################################
  include /etc/nginx/mime.types;

  autoindex off;
  default_type application/octet-stream;
  sendfile on;

  # Gzip
  gzip on;
  gzip_min_length 1024;
  gzip_buffers 4 32k;
  gzip_types text/plain application/x-javascript text/javascript text/xml text/css;

  #####################################
  # Mounting MediaGoblin stuff
  # This is the section you should read
  #####################################

  # Change this to update the upload size limit for your users
  client_max_body_size 1228M;
  client_body_timeout 360s;

  # prevent attacks (someone uploading a .txt file that the browser
  # interprets as an HTML file, etc.)
  add_header X-Content-Type-Options nosniff;

  # Log é o cacete
  #server_name mediagoblin.example.org www.mediagoblin.example.org;
  #access_log /var/log/nginx/mediagoblin.example.access.log;
  #error_log /var/log/nginx/mediagoblin.example.error.log;

  # MediaGoblin's stock static files: CSS, JS, etc.
  location /mgoblin_static/ {
    alias /home/biblioteca/mediagoblin/mediagoblin/static/;
  }

  # Instance specific media:
  location /mgoblin_media/ {
    alias /home/biblioteca/mediagoblin/user_dev/media/public/;
  }

  # Theme static files (usually symlinked in)
  location /theme_static/ {
    alias /home/biblioteca/mediagoblin/user_dev/theme_static/;
  }

  # Plugin static files (usually symlinked in)
  location /plugin_static/ {
    alias /home/biblioteca/mediagoblin/user_dev/plugin_static/;
  }

  # Mounting MediaGoblin itself via FastCGI.
  location / {
    fastcgi_pass 127.0.0.1:26543;
    include /etc/nginx/fastcgi_params;

    # our understanding vs nginx's handling of script_name vs
    # path_info don't match :)
    fastcgi_param PATH_INFO $fastcgi_script_name;
    fastcgi_param SCRIPT_NAME "";
    client_max_body_size 1228M;
  }
}