nginx_default_cert_name: lovelace.box.pydis.wtf nginx_configs: stats-stub.conf: | server { listen 127.0.0.1; listen [::1]; server_name localhost; location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; allow ::1; deny all; } } prometheus.lovelace.box.wtf.conf: | server { listen 443; listen [::]:443; server_name prometheus.lovelace.box.pydis.wtf; ssl_certificate /etc/letsencrypt/live/prometheus.lovelace.box.pydis.wtf/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/prometheus.lovelace.box.pydis.wtf/privkey.pem; ssl_client_certificate /opt/pydis/ca.pem; ssl_verify_client on; location / { if ($reject) { return 403; } proxy_pass http://localhost:9090; } } map $ssl_client_s_dn $reject { default 1; CN=sudo.access.tls.pydis.wtf 0; CN=prometheus.access.tls.pydis.wtf 0; } files.pydis.wtf.conf: | server { listen 443; listen [::]:443; server_name files.pydis.wtf cloud.native.is.fun.and.easy.pydis.wtf; root /var/www/files.pydis.wtf; ssl_certificate /etc/letsencrypt/live/pydis.wtf/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/pydis.wtf/privkey.pem; location / { try_files $uri $uri/ =404; } } propaganda.pydis.wtf.conf: | server { listen 443; listen [::]:443; server_name propaganda.pydis.wtf; root /var/www/propaganda.pydis.wtf; ssl_certificate /etc/letsencrypt/live/pydis.wtf/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/pydis.wtf/privkey.pem; add_header "X-Robots-Tag" "noindex" always; } munin.pydis.wtf.conf: | server { listen 443; listen [::]:443; server_name munin.pydis.wtf; ssl_certificate /etc/letsencrypt/live/pydis.wtf/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/pydis.wtf/privkey.pem; root /var/cache/munin; ssl_client_certificate /etc/nginx/certs/cloudflare.crt; ssl_verify_client on; access_log /var/log/nginx/munin-access.log; error_log /var/log/nginx/munin-errors.log; location / { return 302 /munin; } location /munin/static/ { alias /etc/munin/static/; expires 31d; } location /munin/ { fastcgi_split_path_info ^(/munin)(.*); fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME /usr/lib/munin/cgi/munin-cgi-html; fastcgi_pass unix:/run/fcgiwrap.socket; include fastcgi_params; } location ^~ /munin-cgi/munin-cgi-graph/ { fastcgi_split_path_info ^(/munin-cgi/munin-cgi-graph)(.*); fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME /usr/lib/munin/cgi/munin-cgi-graph; fastcgi_pass unix:/run/fcgiwrap.socket; include fastcgi_params; } } owlcorp.uk.conf: | server { listen 443; listen [::]:443; server_name owlcorp.uk; root /var/www/owlcorp.uk; ssl_certificate /etc/letsencrypt/live/owlcorp.uk/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/owlcorp.uk/privkey.pem; location / { try_files $uri $uri/ =404; } } pydis.wtf.conf: | server { listen 443; listen [::]:443; server_name pydis.wtf; root /var/www/pydis.wtf; ssl_certificate /etc/letsencrypt/live/pydis.wtf/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/pydis.wtf/privkey.pem; location ~ ^/~(.+?)(/.*)?$ { alias /home/$1/public$2; autoindex on; } location / { try_files $uri $uri/ =404; } }