blob: 1f6b7df7e600b51b40c2821b8c806db9765e6dd2 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
nginx_default_cert_name: lovelace.box.pydis.wtf
nginx_configs:
stats-stub.conf: |
server {
listen 127.0.0.1;
listen [::1];
server_name localhost;
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
allow ::1;
deny all;
}
}
prometheus.lovelace.box.wtf.conf: |
server {
listen 443;
listen [::]:443;
server_name prometheus.lovelace.box.pydis.wtf;
ssl_certificate /etc/letsencrypt/live/prometheus.lovelace.box.pydis.wtf/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/prometheus.lovelace.box.pydis.wtf/privkey.pem;
ssl_client_certificate /opt/pydis/ca.pem;
ssl_verify_client on;
location / {
if ($reject) { return 403; }
proxy_pass http://localhost:9090;
}
}
map $ssl_client_s_dn $reject {
default 1;
CN=sudo.access.tls.pydis.wtf 0;
CN=prometheus.access.tls.pydis.wtf 0;
}
files.pydis.wtf.conf: |
server {
listen 443;
listen [::]:443;
server_name files.pydis.wtf cloud.native.is.fun.and.easy.pydis.wtf;
root /var/www/files.pydis.wtf;
ssl_certificate /etc/letsencrypt/live/pydis.wtf/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pydis.wtf/privkey.pem;
location / {
try_files $uri $uri/ =404;
}
}
propaganda.pydis.wtf.conf: |
server {
listen 443;
listen [::]:443;
server_name propaganda.pydis.wtf;
root /var/www/propaganda.pydis.wtf;
ssl_certificate /etc/letsencrypt/live/pydis.wtf/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pydis.wtf/privkey.pem;
add_header "X-Robots-Tag" "noindex" always;
}
munin.pydis.wtf.conf: |
server {
listen 443;
listen [::]:443;
server_name munin.pydis.wtf;
ssl_certificate /etc/letsencrypt/live/pydis.wtf/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pydis.wtf/privkey.pem;
root /var/cache/munin;
ssl_client_certificate /etc/nginx/certs/cloudflare.crt;
ssl_verify_client on;
access_log /var/log/nginx/munin-access.log;
error_log /var/log/nginx/munin-errors.log;
location / {
return 302 /munin;
}
location /munin/static/ {
alias /etc/munin/static/;
expires 31d;
}
location /munin/ {
fastcgi_split_path_info ^(/munin)(.*);
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME /usr/lib/munin/cgi/munin-cgi-html;
fastcgi_pass unix:/run/fcgiwrap.socket;
include fastcgi_params;
}
location ^~ /munin-cgi/munin-cgi-graph/ {
fastcgi_split_path_info ^(/munin-cgi/munin-cgi-graph)(.*);
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME /usr/lib/munin/cgi/munin-cgi-graph;
fastcgi_pass unix:/run/fcgiwrap.socket;
include fastcgi_params;
}
}
owlcorp.uk.conf: |
server {
listen 443;
listen [::]:443;
server_name owlcorp.uk;
root /var/www/owlcorp.uk;
ssl_certificate /etc/letsencrypt/live/owlcorp.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/owlcorp.uk/privkey.pem;
location / {
try_files $uri $uri/ =404;
}
}
pydis.wtf.conf: |
server {
listen 443;
listen [::]:443;
server_name pydis.wtf;
root /var/www/pydis.wtf;
ssl_certificate /etc/letsencrypt/live/pydis.wtf/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pydis.wtf/privkey.pem;
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public$2;
autoindex on;
}
location / {
try_files $uri $uri/ =404;
}
}
|
