Skip to content

Instantly share code, notes, and snippets.

@hfase01

hfase01/nginx.conf

Created August 17, 2012 10:46
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save hfase01/3377898 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save hfase01/3377898 to your computer and use it in GitHub Desktop.
Download ZIP
beastmode NGINX
Raw
nginx.conf
worker_processes 8;
user hans;
pid /var/run/nginx.pid;
events {
worker_connections 2048;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server_tokens off;
gzip on;
gzip_comp_level 3;
gzip_vary on;
gzip_proxied any;
gzip_buffers 16 4k;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
#### Upstream
###
##
#
upstream diaspora {
server unix:/home/diaspora/diaspora/tmp/sockets/diaspora.socket max_fails=3 fail_timeout=30s;
server unix:/home/hans/workspace/diaspora/tmp/sockets/diaspora.socket max_fails=3 fail_timeout=30s;
}
####
# upstream gitlab {
# server unix:/home/hans/workspace/diaspora/tmp/sockets/diaspora.socket max_fails=3 fail_timeout=30s;
# server 127.0.0.1:3000 max_fails=3 fail_timeout=30s; ## script-server fail-back
# }
####
# upstream w44 {
# server unix:/home/w44/diaspora/tmp/sockets/diaspora.socket max_fails=3 fail_timeout=30s;
# server 127.0.0.1:3000 max_fails=3 fail_timeout=30s; ## script-server fail-back
# }
####
# upstream friendica {
# server 0.0.0.0:85;
# }
#
#### Catch-all
###
##
#
server {
listen 80;
server_name _; ## This is a catch-all. Any unhandled request will be re-directed.
rewrite ^(.*) https://hfase.com$1 permanent;
}
####
server {
listen 443;
server_name _; ## This is a catch-all. Any unhandled request will be re-directed.
rewrite ^(.*) https://hfase.com$1 permanent;
ssl on;
ssl_certificate /home/hans/ssl-certs+keys/hfase-ssl.crt; ## You will need to supply these files!!!
ssl_certificate_key /home/hans/ssl-certs+keys/hfase-ssl.key; ## You will need to supply these files!!!
# enable better ssl security if you like to mitigate BEAST and other exploits
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
#ssl_protocols TLSv1;
#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
#ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=500;
#ssl_ecdh_curve secp521r1;
}
#### w44
###
##
#
# server {
# listen 80;
# server_name w44.co;
# rewrite ^(.*) https://w44.co$1 permanent;
# }
# server {
# listen 443;
# server_name w44.co;
# root /home/w44/diaspora/public;
# ssl on;
# ssl_certificate /home/hans/ssl-certs+keys/w44.crt; ## You will need to supply these files!!!
# ssl_certificate_key /home/hans/ssl-certs+keys/w44.key; ## You will need to supply these files!!!
# # enable better ssl security if you like to mitigate BEAST and other exploits
# ssl_session_cache shared:SSL:10m;
# ssl_session_timeout 5m;
# #ssl_protocols TLSv1;
# #ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
# #ssl_prefer_server_ciphers on;
# add_header Strict-Transport-Security max-age=500;
# #ssl_ecdh_curve secp521r1;
# location /uploads/images {
# expires 1d;
# add_header Cache-Control public;
# }
# location /assets {
# expires 1d;
# add_header Cache-Control public;
# }
# location / {
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $http_host;
# proxy_set_header X-Forwarded-Proto https;
# proxy_redirect off;
# client_max_body_size 4M;
# client_body_buffer_size 128K;
# if (-f $request_filename/index.html) {
# rewrite (.*) $1/index.html break;
# }
# if (-f $request_filename.html) {
# rewrite (.*) $1.html break;
# }
# if (!-f $request_filename) {
# proxy_pass http://w44;
# break;
# }
# }
# error_page 500 503 504 /500.html;
# location = /500.html {
# root /home/w44/diaspora/public;
# }
# error_page 404 /404.html;
# location = /404.html {
# root /home/w44/diaspora/public;
# }
# error_page 502 /down.html;
# location = /down.html {
# root /home/w44/diaspora/public;
# }
# }
#### Webmin
###
##
#
server {
listen 80;
server_name admin.hfase.com;
rewrite ^(.*) https://admin.hfase.com$1 permanent;
}
server {
listen 443;
server_name admin.hfase.com;
ssl on;
ssl_certificate /home/hans/ssl-certs+keys/admin.hfase-ssl.crt;
ssl_certificate_key /home/hans/ssl-certs+keys/admin.hfase-ssl.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
#ssl_protocols TLSv1;
#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
#ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=500;
location / {
proxy_pass https://127.0.0.1:10000/;
}
}
#### Diaspora
###
##
#
server {
listen 443;
server_name hfase.com;
root /home/diaspora/diaspora/public;
ssl on;
ssl_certificate /home/hans/ssl-certs+keys/hfase-ssl.crt; ## You will need to supply these files!!!
ssl_certificate_key /home/hans/ssl-certs+keys/hfase-ssl.key; ## You will need to supply these files!!!
# enable better ssl security if you like to mitigate BEAST and other exploits
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
#ssl_protocols TLSv1;
#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
#ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=500;
#ssl_ecdh_curve secp521r1;
location /uploads/images {
expires 1d;
add_header Cache-Control public;
}
location /assets {
expires 1d;
add_header Cache-Control public;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
client_max_body_size 4M;
client_body_buffer_size 128K;
if (-f $request_filename/index.html) {
rewrite (.*) $1/index.html break;
}
if (-f $request_filename.html) {
rewrite (.*) $1.html break;
}
if (!-f $request_filename) {
proxy_pass http://diaspora;
break;
}
}
error_page 500 503 504 /500.html;
location = /500.html {
root /home/diaspora/diaspora/public;
}
error_page 404 /404.html;
location = /404.html {
root /home/diaspora/diaspora/public;
}
error_page 502 /down.html;
location = /down.html {
root /home/diaspora/diaspora/public;
}
}
#### Gitlab
###
##
#
server {
listen 443;
server_name git.hfase.com;
root /home/gitlab/gitlab/public;
ssl on;
ssl_certificate /home/hans/ssl-certs+keys/git.hfase-ssl.crt;
ssl_certificate_key /home/hans/ssl-certs+keys/git.hfase-ssl.key;
# enable better ssl security if you like to mitigate BEAST and other exploits
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
#ssl_protocols TLSv1;
#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
#ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=500;
#ssl_ecdh_curve secp521r1;
location /uploads/images {
expires 1d;
add_header Cache-Control public;
}
location /assets {
expires 1d;
add_header Cache-Control public;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
client_max_body_size 4M;
client_body_buffer_size 128K;
if (-f $request_filename/index.html) {
rewrite (.*) $1/index.html break;
}
if (-f $request_filename.html) {
rewrite (.*) $1.html break;
}
if (!-f $request_filename) {
proxy_pass http://gitlab;
break;
}
}
error_page 500 503 504 /500.html;
location = /500.html {
root /home/gitlab/gitlab/public;
}
error_page 404 /404.html;
location = /404.html {
root /home/gitlab/gitlab/public;
}
error_page 502 /down.html;
location = /down.html {
root /home/gitlab/gitlab/public;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment