cl-deck-builder2/doc/web/nginx/deck-builder-tls

server {
	listen [::]:443 default_server ssl;
	listen 443 default_server ssl;

	server_name phntsm.ddns.net;

	ssl_certificate     "/etc/ssl/nginx/phntsm.ddns.net.crt";
	ssl_certificate_key "/etc/ssl/nginx/phntsm.ddns.net.key";
	ssl_dhparam         "/etc/ssl/nginx/phntsm.ddns.net.dhparam";

	ssl_session_timeout 5m;
	ssl_protocols TLSv1.2;
	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
	ssl_session_cache shared:SSL:50m;
	ssl_prefer_server_ciphers on;

	root /var/www/html;
	index index.html;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		# try_files $uri $uri/ =404;

		set_real_ip_from unix:;
		real_ip_header X-Forwarded-For;
		real_ip_recursive on;

		client_max_body_size 8m;
		#auth_basic "Restricted Content";
		#auth_basic_user_file /etc/nginx/.htpasswd;

		proxy_read_timeout    300;
		proxy_connect_timeout 300;
		proxy_send_timeout    300;
		fastcgi_read_timeout  300;

		proxy_pass http://127.0.0.1:5005;
		include /etc/nginx/fastcgi_params;
		include /etc/nginx/proxy_params;
	}

	# /~user web directories
	location ~ ^/~(.+?)(/.*)?$ {
		alias /home/$1/www$2;
		index index.html index.htm;
		autoindex on;
	}

	#	location /_/static/assets/ {
	#		alias /home/git/public/;
	#	}

	location /git/ {
		auth_basic "Restricted Content";
		auth_basic_user_file /etc/nginx/.htpasswd;

		proxy_read_timeout    300;
		proxy_connect_timeout 300;
		proxy_send_timeout    300;
		fastcgi_read_timeout  300;

		client_max_body_size 512M;
		# make nginx use unescaped URI, keep "%2F" as is
		rewrite ^ $request_uri;
		rewrite ^/git(/.*) $1 break;
		proxy_pass http://127.0.0.1:3000$uri;
		include /etc/nginx/fastcgi_params;
		include /etc/nginx/proxy_params;
	}

	location ~ /collectd/ {
		gzip off;
		root /home/user/code/alpine-collectd-web;

		auth_basic "Restricted Content";
		auth_basic_user_file /etc/nginx/.htpasswd;

		proxy_read_timeout    300;
		proxy_connect_timeout 300;
		proxy_send_timeout    300;
		fastcgi_read_timeout  300;

		#proxy_http_version 1.1;
		rewrite ^/collectd/(.*) /$1 break;
		proxy_pass http://127.0.0.1:8888;
	}

	location ~ /psy/ {
		auth_basic "Restricted Content";
		auth_basic_user_file /etc/nginx/.htpasswd;

		proxy_read_timeout    300;
		proxy_connect_timeout 300;
		proxy_send_timeout    300;
		fastcgi_read_timeout  300;

		#proxy_http_version 1.1;
		# rewrite ^/psy/(.*) /$1 break;
		include /etc/nginx/proxy_params;
		proxy_pass http://127.0.0.1:9292;
	}

	#	location ~ \.php$ {
	#		include /etc/nginx/fastcgi_params;
	#		include /etc/nginx/proxy_params;
	#		fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
	#		# fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
	#		fastcgi_pass   unix:/var/run/php/php-fpm.sock;
	#	}

	#	location ~ /phpmyadmin/ {
	#		auth_basic "Restricted Content";
	#		auth_basic_user_file /etc/nginx/.htpasswd;
	#		index index.php;
	#	}

	location ~ /\.ht {
		deny all;
	}

}
Initial commit of cl-deck-builder2. 2024-01-21 02:35:35 -05:00			`server {`
			`listen [::]:443 default_server ssl;`
			`listen 443 default_server ssl;`

			`server_name phntsm.ddns.net;`

			`ssl_certificate "/etc/ssl/nginx/phntsm.ddns.net.crt";`
			`ssl_certificate_key "/etc/ssl/nginx/phntsm.ddns.net.key";`
			`ssl_dhparam "/etc/ssl/nginx/phntsm.ddns.net.dhparam";`

			`ssl_session_timeout 5m;`
			`ssl_protocols TLSv1.2;`
			`ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;`
			`ssl_session_cache shared:SSL:50m;`
			`ssl_prefer_server_ciphers on;`

			`root /var/www/html;`
			`index index.html;`

			`location / {`
			`# First attempt to serve request as file, then`
			`# as directory, then fall back to displaying a 404.`
			`# try_files $uri $uri/ =404;`

			`set_real_ip_from unix:;`
			`real_ip_header X-Forwarded-For;`
			`real_ip_recursive on;`

			`client_max_body_size 8m;`
			`#auth_basic "Restricted Content";`
			`#auth_basic_user_file /etc/nginx/.htpasswd;`

			`proxy_read_timeout 300;`
			`proxy_connect_timeout 300;`
			`proxy_send_timeout 300;`
			`fastcgi_read_timeout 300;`

			`proxy_pass http://127.0.0.1:5005;`
			`include /etc/nginx/fastcgi_params;`
			`include /etc/nginx/proxy_params;`
			`}`

			`# /~user web directories`
			`location ~ ^/~(.+?)(/.*)?$ {`
			`alias /home/$1/www$2;`
			`index index.html index.htm;`
			`autoindex on;`
			`}`

			`# location /_/static/assets/ {`
			`# alias /home/git/public/;`
			`# }`

			`location /git/ {`
			`auth_basic "Restricted Content";`
			`auth_basic_user_file /etc/nginx/.htpasswd;`

			`proxy_read_timeout 300;`
			`proxy_connect_timeout 300;`
			`proxy_send_timeout 300;`
			`fastcgi_read_timeout 300;`

			`client_max_body_size 512M;`
			`# make nginx use unescaped URI, keep "%2F" as is`
			`rewrite ^ $request_uri;`
			`rewrite ^/git(/.*) $1 break;`
			`proxy_pass http://127.0.0.1:3000$uri;`
			`include /etc/nginx/fastcgi_params;`
			`include /etc/nginx/proxy_params;`
			`}`

			`location ~ /collectd/ {`
			`gzip off;`
			`root /home/user/code/alpine-collectd-web;`

			`auth_basic "Restricted Content";`
			`auth_basic_user_file /etc/nginx/.htpasswd;`

			`proxy_read_timeout 300;`
			`proxy_connect_timeout 300;`
			`proxy_send_timeout 300;`
			`fastcgi_read_timeout 300;`

			`#proxy_http_version 1.1;`
			`rewrite ^/collectd/(.*) /$1 break;`
			`proxy_pass http://127.0.0.1:8888;`
			`}`

			`location ~ /psy/ {`
			`auth_basic "Restricted Content";`
			`auth_basic_user_file /etc/nginx/.htpasswd;`

			`proxy_read_timeout 300;`
			`proxy_connect_timeout 300;`
			`proxy_send_timeout 300;`
			`fastcgi_read_timeout 300;`

			`#proxy_http_version 1.1;`
			`# rewrite ^/psy/(.*) /$1 break;`
			`include /etc/nginx/proxy_params;`
			`proxy_pass http://127.0.0.1:9292;`
			`}`

			`# location ~ \.php$ {`
			`# include /etc/nginx/fastcgi_params;`
			`# include /etc/nginx/proxy_params;`
			`# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;`
			`# # fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;`
			`# fastcgi_pass unix:/var/run/php/php-fpm.sock;`
			`# }`

			`# location ~ /phpmyadmin/ {`
			`# auth_basic "Restricted Content";`
			`# auth_basic_user_file /etc/nginx/.htpasswd;`
			`# index index.php;`
			`# }`

			`location ~ /\.ht {`
			`deny all;`
			`}`

			`}`