ohadcn · September 8, 2020 19:02
diff --git a/README.md b/README.md
diff --git a/cache_static b/cache_static
 location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires max;
 }
diff --git a/force_https b/force_https
 if ($scheme != https) {
        return 301 https://$host$request_uri;
 }
diff --git a/hostify_logs b/hostify_logs
 access_log /var/log/nginx/$host.log;
diff --git a/index_html_redirect b/index_html_redirect
 location / {
        try_files $uri $uri/ /index.html;
 }
diff --git a/index_php_redirect b/index_php_redirect
 # redirect to index.php instead of returning 404
 # must have for many CMS (e,g: wordpress, drupal)
 location / {
        try_files $uri $uri/ /index.php?$args;
 }
diff --git a/nginx-site-template b/nginx-site-template
 server {
        listen 443 ssl;
        listen 80;
        server_name www.oodi.co.il oodi.co.il;
        
        # don't use variables like $main_addr, this kills performance.
        # don't let your site be available from many addresses, google don't like it.
        if ($host != www.oodi.co.il) {
                return 301 https://www.oodi.co.il$request_uri;
        }

        # put this one last to avoid multiple redirects
        include force_https;
        
        ssl_certificate /etc/letsencrypt/live/oodi.co.il/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/oodi.co.il/privkey.pem;
        
        include ssl_params;
        include hostify_logs;
        
        # TODO: unite the .onion into one server directive
        # listen 127.0.0.1:80;
        # server_name xxzggveprj3lpmuk.onion;

        root /home/site/html;
        index index.html index.htm index.php;
        
        location /ws {
                set $pass_port 1234;
                proxy_pass http://127.0.0.1:$pass_port$request_uri;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                include proxy_params;
        }
        
        location /app {
                set $pass_port 1234;
                proxy_pass http://127.0.0.1:$pass_port$request_uri;
                include proxy_params;
        }
        
        include php_srv; # for php
        include index_php_redirect; # required for wordpress (and other CMS)
        #include index_html_redirect; # required for react / vue builds
        include cache_static; # better perfomance
 }
diff --git a/php_srv b/php_srv
 location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

        # With php-cgi alone:
        # fastcgi_pass 127.0.0.1:9000;

        # With php5-fpm:
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
 }
diff --git a/proxy_params b/proxy_params
 proxy_set_header Host $http_host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
diff --git a/ssl_params b/ssl_params
 ssl_session_timeout 5m;
 ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
 ssl_prefer_server_ciphers on;
	if ($scheme != https) {
	return 301 https://$host$request_uri;
	}
	# redirect to index.php instead of returning 404
	# must have for many CMS (e,g: wordpress, drupal)
	location / {
	try_files $uri $uri/ /index.php?$args;
	}
	server {
	listen 443 ssl;
	listen 80;
	server_name www.oodi.co.il oodi.co.il;

	# don't use variables like $main_addr, this kills performance.
	# don't let your site be available from many addresses, google don't like it.
	if ($host != www.oodi.co.il) {
	return 301 https://www.oodi.co.il$request_uri;
	}

	# put this one last to avoid multiple redirects
	include force_https;

	ssl_certificate /etc/letsencrypt/live/oodi.co.il/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/oodi.co.il/privkey.pem;

	include ssl_params;
	include hostify_logs;

	# TODO: unite the .onion into one server directive
	# listen 127.0.0.1:80;
	# server_name xxzggveprj3lpmuk.onion;

	root /home/site/html;
	index index.html index.htm index.php;

	location /ws {
	set $pass_port 1234;
	proxy_pass http://127.0.0.1:$pass_port$request_uri;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	include proxy_params;
	}

	location /app {
	set $pass_port 1234;
	proxy_pass http://127.0.0.1:$pass_port$request_uri;
	include proxy_params;
	}

	include php_srv; # for php
	include index_php_redirect; # required for wordpress (and other CMS)
	#include index_html_redirect; # required for react / vue builds
	include cache_static; # better perfomance
	}
	location ~ \.php$ {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

	# With php-cgi alone:
	# fastcgi_pass 127.0.0.1:9000;

	# With php5-fpm:
	fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_index index.php;
	include fastcgi_params;
	}
	proxy_set_header Host $http_host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	ssl_session_timeout 5m;
	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
	ssl_prefer_server_ciphers on;