[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [taler-deployment] branch master updated: We have /etc in a
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [taler-deployment] branch master updated: We have /etc in a separate repo for the server now. |
|
Date: |
Wed, 26 Jun 2019 23:44:03 +0200 |
This is an automated email from the git hooks/post-receive script.
dold pushed a commit to branch master
in repository deployment.
The following commit(s) were added to refs/heads/master by this push:
new bb0c5ae We have /etc in a separate repo for the server now.
bb0c5ae is described below
commit bb0c5ae74bd80516b769c00c81bedf11a4d3e9ed
Author: Florian Dold <address@hidden>
AuthorDate: Wed Jun 26 23:43:47 2019 +0200
We have /etc in a separate repo for the server now.
---
etc/aliases | 109 ------
etc/cgitrc | 73 ----
etc/nginx/apps/drupal/admin_basic_auth.conf | 12 -
etc/nginx/apps/drupal/cron_allowed_hosts.conf | 10 -
etc/nginx/apps/drupal/drupal.conf | 347 -------------------
etc/nginx/apps/drupal/drupal_boost.conf | 377 ---------------------
etc/nginx/apps/drupal/drupal_boost_escaped.conf | 382 ---------------------
etc/nginx/apps/drupal/drupal_cron_update.conf | 40 ---
etc/nginx/apps/drupal/drupal_escaped.conf | 347 -------------------
etc/nginx/apps/drupal/drupal_install.conf | 16 -
etc/nginx/apps/drupal/drupal_upload_progress.conf | 23 --
etc/nginx/apps/drupal/fastcgi_drupal.conf | 43 ---
etc/nginx/apps/drupal/fastcgi_no_args_drupal.conf | 43 ---
etc/nginx/apps/drupal/hotlinking_protection.conf | 10 -
etc/nginx/apps/drupal/map_cache.conf | 39 ---
etc/nginx/apps/drupal/microcache_fcgi.conf | 39 ---
etc/nginx/apps/drupal/microcache_fcgi_auth.conf | 51 ---
etc/nginx/apps/drupal/microcache_proxy.conf | 53 ---
etc/nginx/apps/drupal/microcache_proxy_auth.conf | 54 ---
etc/nginx/conf.d/favicon_robots | 11 -
etc/nginx/conf.d/talerssl | 14 -
etc/nginx/fastcgi.conf | 26 --
etc/nginx/fastcgi_params | 25 --
etc/nginx/koi-utf | 109 ------
etc/nginx/koi-win | 103 ------
etc/nginx/mime.types | 89 -----
etc/nginx/nginx.conf | 79 -----
etc/nginx/proxy_params | 4 -
etc/nginx/scgi_params | 17 -
etc/nginx/sites-available/blog-demo.site | 43 ---
etc/nginx/sites-available/default.site | 86 -----
etc/nginx/sites-available/drupal-demo-ssl.site | 49 ---
etc/nginx/sites-available/drupal-demo.site | 40 ---
etc/nginx/sites-available/ghm_videos.site | 25 --
etc/nginx/sites-available/www.git-ssl.site | 25 --
etc/nginx/sites-available/www.git.site | 24 --
etc/nginx/sites-enabled/api-ssl.site | 9 -
etc/nginx/sites-enabled/api.site | 8 -
etc/nginx/sites-enabled/buildbot-ssl.site | 23 --
etc/nginx/sites-enabled/buildbot.site | 14 -
etc/nginx/sites-enabled/decentralise-ssl.site | 14 -
etc/nginx/sites-enabled/decentralise.site | 13 -
etc/nginx/sites-enabled/default.site | 18 -
etc/nginx/sites-enabled/demo.site | 169 ----------
etc/nginx/sites-enabled/docs-ssl.site | 69 ----
etc/nginx/sites-enabled/docs.site | 7 -
etc/nginx/sites-enabled/env.site | 85 -----
etc/nginx/sites-enabled/gauger-ssl.site | 18 -
etc/nginx/sites-enabled/gauger.site | 17 -
etc/nginx/sites-enabled/git-ssl.site | 31 --
etc/nginx/sites-enabled/git.site | 10 -
etc/nginx/sites-enabled/intranet-ssl.site | 15 -
etc/nginx/sites-enabled/intranet.site | 10 -
etc/nginx/sites-enabled/lcov-ssl.site | 20 --
etc/nginx/sites-enabled/lcov.site | 19 --
etc/nginx/sites-enabled/sandbox.site | 20 --
etc/nginx/sites-enabled/test.site | 391 ----------------------
etc/nginx/sites-enabled/trollslayer.site | 16 -
etc/nginx/sites-enabled/www-ssl.site | 59 ----
etc/nginx/sites-enabled/www-stage.site | 78 -----
etc/nginx/sites-enabled/www.git-ssl.site | 11 -
etc/nginx/sites-enabled/www.git.site | 10 -
etc/nginx/sites-enabled/www.site | 13 -
etc/nginx/uwsgi_params | 25 --
etc/nginx/win-utf | 125 -------
etc/sudoers.d/README | 3 -
etc/sudoers.d/auditor_slave | 3 -
etc/sudoers.d/test_switcher | 3 -
68 files changed, 4163 deletions(-)
diff --git a/etc/aliases b/etc/aliases
deleted file mode 100644
index cfa1be0..0000000
--- a/etc/aliases
+++ /dev/null
@@ -1,109 +0,0 @@
-# See man 5 aliases for format
-postmaster: root
-root: admin
-
-# Executive team
-ceo: leon
-cto: grothoff
-cfo: clevel
-clevel: ceo,cto
-
-# Generic contact address
-contact: mail
-mail: ceo,cto,sva
-
-# All system admins
-admin: grothoff,dold,stanisci
-
-# Contact for translators
-translation-volunteer: admin
-
-# Feedback
-demo-feedback: admin
-wallet: florian,tg
-taler-bb: mstan
-buildfailures: mstan,florian,grothoff
-
-# Special
-protonmail: grothoff
-
-# ???
-msw: tg
-
-# For investors
-invest: grothoff
-
-# Twitter registration (ask grothoff for PW if desired)
-twitter: grothoff
-
-# Web server
-www-data: grothoff,marcello
-
-# Language teams
-it: marcello,address@hidden
-fr: marcello, address@hidden
-de: grothoff,florian,sva,address@hidden
-es: address@hidden,address@hidden,address@hidden,address@hidden
-cz: address@hidden
-tn: address@hidden
-ru: address@hidden
-
-# All language teams (to notify about new text)
-translation-updates: it,de,fr,es,cz,tn,ru
-
-##################################################
-
-# Personal aliases
-nana: address@hidden
-nk: nana
-karlstetter: nana
-nana.karlstetter: nana
-
-grothoff: address@hidden
-christian: grothoff
-christian.grothoff: grothoff
-cg: grothoff
-
-leon: address@hidden
-schumacher: leon
-leon.schumacher: leon
-ls: leon
-
-michael: address@hidden
-widmer: michael
-mw: michael
-michael.widmer: michael
-
-tg: *@tg-x.net
-
-sva: address@hidden
-laengle: sva
-bernadette: sva
-bernadette.laengle: sva
-
-totakura: address@hidden
-sreeharsha.totakura: totakura
-
-dold: address@hidden
-florian: dold
-florian.dold: dold
-
-carlo: address@hidden
-
-ben: address@hidden
-mueller: ben
-ben.mueller: ben
-
-onete: address@hidden
-cristina: onete
-cristina.onete: onete
-
-burdges: address@hidden
-jeff: burdges
-jeff.burdges: burdges
-
-mstan: address@hidden
-marcello: mstan
-stanisci: mstan
-
-
diff --git a/etc/cgitrc b/etc/cgitrc
deleted file mode 100644
index 4ddaf0c..0000000
--- a/etc/cgitrc
+++ /dev/null
@@ -1,73 +0,0 @@
-#
-# cgit config
-# see cgitrc(5) for details
-#readme=:README
-virtual-root=/
-#cache-size=1000
-
-# Highlight source code with python pygments-based highlighter
-source-filter=/home/git/bin/cgit-syntax-highlighting.sh
-
-# Format org-mode, markdown, restructuredtext, manpages, text files, and html
files
-about-filter=/home/git/bin/cgit-about-formatting.sh
-#about-filter=/usr/lib/cgit/filters/about-formatting.sh
-
-enable-filter-overrides=1
-
-css=/cgit/cgit.css
-logo=/cgit/cgit.png
-
-strict-export=git-daemon-export-ok
-scan-path=/home/git/repositories
-
-clone-prefix=https://git.taler.net git://git.taler.net ssh://address@hidden
-
-snapshots=tar.gz zip
-
-root-title=TALER Git Repositories
-root-desc=Source code of various TALER-related projects
-root-readme=/home/git/repositories/README.html
-footer=/home/git/repositories/FOOTER.html
-
-readme=:README.org
-readme=:readme.org
-readme=:README.md
-readme=:readme.md
-readme=:README.mkd
-readme=:readme.mkd
-readme=:README.rst
-readme=:readme.rst
-readme=:README.html
-readme=:readme.html
-readme=:README.htm
-readme=:readme.htm
-readme=:README.txt
-readme=:readme.txt
-readme=:README
-readme=:readme
-readme=:INSTALL.org
-readme=:install.org
-readme=:INSTALL.md
-readme=:install.md
-readme=:INSTALL.mkd
-readme=:install.mkd
-readme=:INSTALL.rst
-readme=:install.rst
-readme=:INSTALL.html
-readme=:install.html
-readme=:INSTALL.htm
-readme=:install.htm
-readme=:INSTALL.txt
-readme=:install.txt
-readme=:INSTALL
-readme=:install
-
-
-# MIME types for serving raw content
-mimetype.html=text/html
-mimetype.gif=image/gif
-mimetype.jpg=image/jpeg
-mimetype.jpeg=image/jpeg
-mimetype.png=image/png
-mimetype.svg=image/svg+xml
-mimetype.pdf=application/pdf
diff --git a/etc/nginx/apps/drupal/admin_basic_auth.conf
b/etc/nginx/apps/drupal/admin_basic_auth.conf
deleted file mode 100644
index cc796ce..0000000
--- a/etc/nginx/apps/drupal/admin_basic_auth.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american"
-*-
-
-## Protect the /admin URIs with a basic auth.
-location ^~ /admin {
- auth_basic "Restricted access"; #realm
- auth_basic_user_file .htpasswd-users;
-
- ## Include the specific FastCGI configuration. This is for a
- ## FCGI backend like php-cgi or php-fpm.
- include apps/drupal/fastcgi_drupal.conf;
- fastcgi_pass phpcgi;
-}
diff --git a/etc/nginx/apps/drupal/cron_allowed_hosts.conf
b/etc/nginx/apps/drupal/cron_allowed_hosts.conf
deleted file mode 100644
index bdb3dd9..0000000
--- a/etc/nginx/apps/drupal/cron_allowed_hosts.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-# -*- mode: nginx; mode:autopair; mode: flyspell-prog;
ispell-local-dictionary: "american" -*-
-### Configuration file for specifying which hosts can invoke Drupal's
-### cron. This only applies if you're not using drush to run cron.
-
-geo $not_allowed_cron {
- default 1;
- ## Add your set of hosts.
- 127.0.0.1 0; # allow the localhost
- 192.168.1.0/24 0; # allow on an internal network
-}
diff --git a/etc/nginx/apps/drupal/drupal.conf
b/etc/nginx/apps/drupal/drupal.conf
deleted file mode 100644
index e65024f..0000000
--- a/etc/nginx/apps/drupal/drupal.conf
+++ /dev/null
@@ -1,347 +0,0 @@
-# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american"
-*-
-### Nginx configuration for Drupal. This configuration makes use of
-### drush (http:///drupal.org/project/drush) for site maintenance
-### and like tasks:
-###
-### 1. Run the cronjobs.
-### 2. Run the DB and code updates: drush up or drush upc followed by
-### drush updb to run any DB updates required by the code upgrades
-### that were performed.
-### 3. Disabling of xmlrpc.xml, install.php (needed only for
-### installing the site) and update.php: all updates are now
-### handled through drush.
-
-## The 'default' location.
-location / {
-
- ## Drupal 404 from can impact performance. If using a module like
- ## search404 then 404's *have *to be handled by Drupal. Uncomment to
- ## relay the handling of 404's to Drupal.
- ## error_page 404 /index.php;
-
- ## Using a nested location is the 'correct' way to use regexes.
-
- ## Regular private file serving (i.e. handled by Drupal).
- location ^~ /system/files/ {
- ## Include the specific FastCGI configuration. This is for a
- ## FCGI backend like php-cgi or php-fpm.
- include apps/drupal/fastcgi_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## If proxying to apache comment the two lines above and
- ## uncomment the two lines below.
- #proxy_pass http://phpapache/index.php?q=$uri;
- #proxy_set_header Connection '';
-
- ## For not signaling a 404 in the error log whenever the
- ## system/files directory is accessed add the line below.
- ## Note that the 404 is the intended behavior.
- log_not_found off;
- }
-
- ## Trying to access private files directly returns a 404.
- location ^~ /sites/default/files/private/ {
- internal;
- }
-
- ## Support for the file_force module
- ## http://drupal.org/project/file_force.
- location ^~ /system/files_force/ {
- ## Include the specific FastCGI configuration. This is for a
- ## FCGI backend like php-cgi or php-fpm.
- include apps/drupal/fastcgi_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## If proxying to apache comment the two lines above and
- ## uncomment the two lines below.
- #proxy_pass http://phpapache/index.php?q=$uri;
- #proxy_set_header Connection '';
-
- ## For not signaling a 404 in the error log whenever the
- ## system/files directory is accessed add the line below.
- ## Note that the 404 is the intended behavior.
- log_not_found off;
- }
-
- ## If accessing an image generated by Drupal 6 imagecache, serve it
- ## directly if available, if not relay the request to Drupal to
(re)generate
- ## the image.
- location ~* /imagecache/ {
- ## Image hotlinking protection. If you want hotlinking
- ## protection for your images uncomment the following line.
- #include apps/drupal/hotlinking_protection.conf;
-
- access_log off;
- expires 30d;
- try_files $uri @drupal;
- }
-
- ## Drupal 7 generated image handling, i.e., imagecache in core. See:
- ## http://drupal.org/node/371374.
- location ~* /files/styles/ {
- ## Image hotlinking protection. If you want hotlinking
- ## protection for your images uncomment the following line.
- #include apps/drupal/hotlinking_protection.conf;
-
- access_log off;
- expires 30d;
- try_files $uri @drupal;
- }
-
- ## Advanced Aggregation module CSS
- ## support. http://drupal.org/project/advagg.
- location ^~ /sites/default/files/advagg_css/ {
- expires max;
- add_header ETag '';
- add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT';
- add_header Accept-Ranges '';
-
- location ~* /sites/default/files/advagg_css/css[_[:alnum:]]+\.css$ {
- access_log off;
- try_files $uri @drupal;
- }
- }
-
- ## Advanced Aggregation module JS
- ## support. http://drupal.org/project/advagg.
- location ^~ /sites/default/files/advagg_js/ {
- expires max;
- add_header ETag '';
- add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT';
- add_header Accept-Ranges '';
-
- location ~* /sites/default/files/advagg_js/js[_[:alnum:]]+\.js$ {
- access_log off;
- try_files $uri @drupal;
- }
- }
-
- ## All static files will be served directly.
- location ~*
^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|svg)$ {
-
- access_log off;
- expires 30d;
- ## No need to bleed constant updates. Send the all shebang in one
- ## fell swoop.
- tcp_nodelay off;
- ## Set the OS file cache.
- open_file_cache max=3000 inactive=120s;
- open_file_cache_valid 45s;
- open_file_cache_min_uses 2;
- open_file_cache_errors off;
- }
-
- ## PDFs and powerpoint files handling.
- location ~* ^.+\.(?:pdf|pptx?)$ {
- expires 30d;
- ## No need to bleed constant updates. Send the all shebang in one
- ## fell swoop.
- tcp_nodelay off;
- }
-
- ## MP3 and Ogg/Vorbis files are served using AIO when supported. Your OS
must support it.
- location ^~ /sites/default/files/audio/mp3 {
- location ~* ^/sites/default/files/audio/mp3/.*\.mp3$ {
- directio 4k; # for XFS
- ## If you're using ext3 or similar uncomment the line below and
comment the above.
- #directio 512; # for ext3 or similar (block alignments)
- tcp_nopush off;
-# aio on;
- output_buffers 1 2M;
- }
- }
-
- location ^~ /sites/default/files/audio/ogg {
- location ~* ^/sites/default/files/audio/ogg/.*\.ogg$ {
- directio 4k; # for XFS
- ## If you're using ext3 or similar uncomment the line below and
comment the above.
- #directio 512; # for ext3 or similar (block alignments)
- tcp_nopush off;
-# aio on;
- output_buffers 1 2M;
- }
- }
-
- ## Pseudo streaming of FLV files:
- ## http://wiki.nginx.org/HttpFlvStreamModule.
- ## If pseudo streaming isn't working, try to comment
- ## out in nginx.conf line with:
- ## add_header X-Frame-Options SAMEORIGIN;
- location ^~ /sites/default/files/video/flv {
- location ~* ^/sites/default/files/video/flv/.*\.flv$ {
-# flv;
- }
- }
-
- ## Pseudo streaming of H264/AAC files. This requires an Nginx
- ## version greater or equal to 1.0.7 for the stable branch and
- ## greater or equal to 1.1.3 for the development branch.
- ## Cf. http://nginx.org/en/docs/http/ngx_http_mp4_module.html.
- location ^~ /sites/default/files/video/mp4 { # videos
- location ~* ^/sites/default/files/video/mp4/.*\.(?:mp4|mov)$ {
-# mp4;
-# mp4_buffer_size 1M;
-# mp4_max_buffer_size 5M;
- }
- }
-
- location ^~ /sites/default/files/audio/m4a { # audios
- location ~* ^/sites/default/files/audio/m4a/.*\.m4a$ {
-# mp4;
-# mp4_buffer_size 1M;
-# mp4_max_buffer_size 5M;
- }
- }
-
- ## Advanced Help module makes each module provided README available.
- location ^~ /help/ {
- location ~* ^/help/[^/]*/README\.txt$ {
- ## Include the specific FastCGI configuration. This is for a
- ## FCGI backend like php-cgi or php-fpm.
- include apps/drupal/fastcgi_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## If proxying to apache comment the two lines above and
- ## uncomment the two lines below.
- #proxy_pass http://phpapache/index.php?q=$uri;
- #proxy_set_header Connection '';
- }
- }
-
- ## Replicate the Apache <FilesMatch> directive of Drupal standard
- ## .htaccess. Disable access to any code files. Return a 404 to curtail
- ## information disclosure. Hide also the text files.
- location ~*
^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|pot|sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$
{
- return 404;
- }
-
- ## First we try the URI and relay to the /index.php?q=$uri&$args if not
found.
- try_files $uri @drupal;
-}
-
-########### Security measures ##########
-
-## Uncomment the line below if you want to enable basic auth for
-## access to all /admin URIs. Note that this provides much better
-## protection if use HTTPS. Since it can easily be eavesdropped if you
-## use HTTP.
-#include apps/drupal/admin_basic_auth.conf;
-
-## Restrict access to the strictly necessary PHP files. Reducing the
-## scope for exploits. Handling of PHP code and the Drupal event loop.
-location @drupal {
- ## Include the FastCGI config.
- include apps/drupal/fastcgi_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## FastCGI microcache.
-# include apps/drupal/microcache_fcgi.conf;
- ## FCGI microcache for authenticated users also.
- #include apps/drupal/microcache_fcgi_auth.conf;
-
- ## If proxying to apache comment the two lines above and
- ## uncomment the two lines below.
- #proxy_pass http://phpapache/index.php?q=$uri;
- #proxy_set_header Connection '';
-
- ## Proxy microcache.
- #include apps/drupal/microcache_proxy.conf;
- ## Proxy microcache for authenticated users also.
- #include apps/drupal/microcache_proxy_auth.conf;
-
- ## Filefield Upload progress
- ## http://drupal.org/project/filefield_nginx_progress support
- ## through the NginxUploadProgress modules.
-# track_uploads uploads 60s;
-}
-
-location @drupal-no-args {
- ## Include the specific FastCGI configuration. This is for a
- ## FCGI backend like php-cgi or php-fpm.
- include apps/drupal/fastcgi_no_args_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## FastCGI microcache.
-# include apps/drupal/microcache_fcgi.conf;
- ## FCGI microcache for authenticated users also.
- #include apps/drupal/microcache_fcgi_auth.conf;
-
- ## If proxying to apache comment the two lines above and
- ## uncomment the two lines below.
- #proxy_pass http://phpapache/index.php?q=$uri;
- #proxy_set_header Connection '';
-
- ## Proxy microcache.
- #include apps/drupal/microcache_proxy.conf;
- ## Proxy microcache for authenticated users also.
- #include apps/drupal/microcache_proxy_auth.conf;
-}
-
-## Disallow access to .bzr, .git, .hg, .svn, .cvs directories: return
-## 404 as not to disclose information.
-location ^~ /.bzr {
- return 404;
-}
-
-location ^~ /.git {
- return 404;
-}
-
-location ^~ /.hg {
- return 404;
-}
-
-location ^~ /.svn {
- return 404;
-}
-
-location ^~ /.cvs {
- return 404;
-}
-
-## Disallow access to patches directory.
-location ^~ /patches {
- return 404;
-}
-
-## Disallow access to drush backup directory.
-location ^~ /backup {
- return 404;
-}
-
-## Disable access logs for robots.txt.
-location = /robots.txt {
- access_log off;
- ## Add support for the robotstxt module
- ## http://drupal.org/project/robotstxt.
- try_files $uri @drupal-no-args;
-}
-
-## RSS feed support.
-location = /rss.xml {
- try_files $uri @drupal-no-args;
-}
-
-## XML Sitemap support.
-location = /sitemap.xml {
- try_files $uri @drupal-no-args;
-}
-
-## Support for favicon. Return an 1x1 transparent GIF if it doesn't
-## exist.
-location = /favicon.ico {
- expires 30d;
- try_files /favicon.ico @empty;
-}
-
-## Return an in memory 1x1 transparent GIF.
-location @empty {
- expires 30d;
- empty_gif;
-}
-
-## Any other attempt to access PHP files returns a 404.
-location ~* ^.+\.php$ {
- return 404;
-}
-
diff --git a/etc/nginx/apps/drupal/drupal_boost.conf
b/etc/nginx/apps/drupal/drupal_boost.conf
deleted file mode 100644
index 1cb10e1..0000000
--- a/etc/nginx/apps/drupal/drupal_boost.conf
+++ /dev/null
@@ -1,377 +0,0 @@
-# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*-
-### Nginx configuration for using Boost with Drupal. This
-### configuration makes use of drush (http:///drupal.org/project/drush)
-### for site maintenance and like tasks:
-###
-### 1. Run the cronjobs.
-### 2. Run the DB and code updates: drush up or drush upc followed by
-### drush updb to run any DB updates required by the code upgrades
-### that were performed.
-### 3. Disabling of xmlrpc.xml, install.php (needed only for
-### installing the site) and update.php: all updates are now
-### handled through drush.
-
-## The 'default' location.
-location / {
-
- ## Drupal 404 from can impact performance. If using a module like
- ## search404 then 404's *have *to be handled by Drupal. Uncomment to
- ## relay the handling of 404's to Drupal.
- ## error_page 404 /index.php;
-
- ## Using a nested location is the 'correct' way to use regexes.
-
- ## Regular private file serving (i.e. handled by Drupal).
- location ^~ /system/files/ {
- ## Include the specific FastCGI configuration. This is for a
- ## FCGI backend like php-cgi or php-fpm.
- include apps/drupal/fastcgi_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## If proxying to apache comment the two lines above and
- ## uncomment the line below.
- #proxy_pass http://phpapache/index.php?q=$uri;
- #proxy_set_header Connection '';
-
- ## For not signaling a 404 in the error log whenever the
- ## system/files directory is accessed add the line below.
- ## Note that the 404 is the intended behavior.
- log_not_found off;
- }
-
- ## Trying to access private files directly returns a 404.
- location ^~ /sites/default/files/private/ {
- internal;
- }
-
- ## Support for the file_force module
- ## http://drupal.org/project/file_force.
- location ^~ /system/files_force/ {
- ## Include the specific FastCGI configuration. This is for a
- ## FCGI backend like php-cgi or php-fpm.
- include apps/drupal/fastcgi_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## If proxying to apache comment the two lines above and
- ## uncomment the line below.
- #proxy_pass http://phpapache/index.php?q=$no_slash_uri;
- #proxy_set_header Connection '';
-
- ## For not signaling a 404 in the error log whenever the
- ## system/files directory is accessed add the line below.
- ## Note that the 404 is the intended behavior.
- log_not_found off;
- }
-
- ## If accessing an image generated by Drupal 6 imagecache, serve it
- ## directly if available, if not relay the request to Drupal to
(re)generate
- ## the image.
- location ~* /imagecache/ {
- ## Image hotlinking protection. If you want hotlinking
- ## protection for your images uncomment the following line.
- #include apps/drupal/hotlinking_protection.conf;
-
- access_log off;
- expires 30d;
- try_files $uri @drupal;
- }
-
- ## Drupal 7 generated image handling, i.e., imagecache in core. See:
- ## http://drupal.org/node/371374.
- location ~* /files/styles/ {
- ## Image hotlinking protection. If you want hotlinking
- ## protection for your images uncomment the following line.
- #include apps/drupal/hotlinking_protection.conf;
-
- access_log off;
- expires 30d;
- try_files $uri @drupal;
- }
-
- ## Advanced Aggregation module CSS
- ## support. http://drupal.org/project/advagg.
- location ^~ /sites/default/files/advagg_css/ {
- expires max;
- add_header ETag '';
- add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT';
- add_header Accept-Ranges '';
-
- location ~* /sites/default/files/advagg_css/css[_[:alnum:]]+\.css$ {
- access_log off;
- try_files $uri @drupal;
- }
- }
-
- ## Advanced Aggregation module JS
- ## support. http://drupal.org/project/advagg.
- location ^~ /sites/default/files/advagg_js/ {
- add_header Pragma '';
- add_header Cache-Control 'public, max-age=946080000';
- add_header Accept-Ranges '';
-
- location ~* /sites/default/files/advagg_js/js[_[:alnum:]]+\.js$ {
- access_log off;
- try_files $uri @drupal;
- }
- }
-
- ## All static files will be served directly.
- location ~*
^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|svg)$ {
- access_log off;
- expires 30d;
- ## No need to bleed constant updates. Send the all shebang in one
- ## fell swoop.
- tcp_nodelay off;
- }
-
- ## PDFs and powerpoint files handling.
- location ~* ^.+\.(?:pdf|pptx?)$ {
- expires 30d;
- ## No need to bleed constant updates. Send the all shebang in one
- ## fell swoop.
- tcp_nodelay off;
- }
-
- ## MP3 and Ogg/Vorbis files are served using AIO when supported. Your OS
must support it.
- location ^~ /sites/default/files/audio/mp3 {
- location ~* ^/sites/default/files/audio/mp3/.*\.mp3$ {
- directio 4k; # for XFS
- ## If you're using ext3 or similar uncomment the line below and
comment the above.
- #directio 512; # for ext3 or similar (block alignments)
- tcp_nopush off;
- aio on;
- output_buffers 1 2M;
- }
- }
-
- location ^~ /sites/default/files/audio/ogg {
- location ~* ^/sites/default/files/audio/ogg/.*\.ogg$ {
- directio 4k; # for XFS
- ## If you're using ext3 or similar uncomment the line below and
comment the above.
- #directio 512; # for ext3 or similar (block alignments)
- tcp_nopush off;
- aio on;
- output_buffers 1 2M;
- }
- }
-
- ## Pseudo streaming of FLV files:
- ## http://wiki.nginx.org/HttpFlvStreamModule.
- ## If pseudo streaming isn't working, try to comment
- ## out in nginx.conf line with:
- ## add_header X-Frame-Options SAMEORIGIN;
- location ^~ /sites/default/files/video/flv {
- location ~* ^/sites/default/files/video/flv/.*\.flv$ {
- flv;
- }
- }
-
- ## Pseudo streaming of H264/AAC files. This requires an Nginx
- ## version greater or equal to 1.0.7 for the stable branch and
- ## greater or equal to 1.1.3 for the development branch.
- ## Cf. http://nginx.org/en/docs/http/ngx_http_mp4_module.html.
- location ^~ /sites/default/files/video/mp4 { # videos
- location ~* ^/sites/default/files/video/mp4/.*\.(?:mp4|mov)$ {
- mp4;
- mp4_buffer_size 1M;
- mp4_max_buffer_size 5M;
- }
- }
-
- location ^~ /sites/default/files/audio/m4a { # audios
- location ~* ^/sites/default/files/audio/m4a/.*\.m4a$ {
- mp4;
- mp4_buffer_size 1M;
- mp4_max_buffer_size 5M;
- }
- }
-
- ## Advanced Help module makes each module provided README available.
- location ^~ /help/ {
- location ~* ^/help/[^/]*/README\.txt$ {
- ## Include the specific FastCGI configuration. This is for a
- ## FCGI backend like php-cgi or php-fpm.
- include apps/drupal/fastcgi_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## If proxying to apache comment the two lines above and
- ## uncomment the line below.
- #proxy_pass http://phpapache/index.php?q=$uri;
- }
- }
-
- ## Replicate the Apache <FilesMatch> directive of Drupal standard
- ## .htaccess. Disable access to any code files. Return a 404 to curtail
- ## information disclosure. Hide also the text files.
- location ~*
^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|pot|sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$
{
- return 404;
- }
-
- ## First we try the URI and relay to the @cache if not found.
- try_files $uri @cache;
-}
-
-## We define a named location for the cache.
-location @cache {
- ## Boost compresses can the pages so we check it. Comment it out
- ## if you don't have it enabled in Boost.
- gzip_static on;
-
- ## Error page handler for the case where $no_cache is 1. POST
- ## request or authenticated.
- error_page 418 = @drupal;
-
- ## If $no_cache is 1 then it means that either we have a session
- ## cookie or that the request method is POST. So serve the dynamic
- ## page.
- if ($no_cache) {
- return 418; # I'm a teapot/I can't get no cachifaction
- }
-
- ## No caching for POST requests.
- if ($request_method = POST) {
- return 418;
- }
-
- # Now for some header tweaking. We use a date that differs
- # from stock Drupal. Everyone seems to be using their
- # birthdate. Why go against the grain?
- add_header Expires "Tue, 13 Jun 1977 03:45:00 GMT";
- # We bypass all delays in the post-check and pre-check
- # parameters of Cache-Control. Both set to 0.
- add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
- # Funny...perhaps. Egocentric? Damn right!;
- add_header X-Header "Boost Helás Avril 1.0";
- ## Boost doesn't set a charset.
- charset utf-8;
-
- # We try each boost URI in succession, if every one of them
- # fails then relay to Drupal.
- try_files /cache/normal/$host${uri}_${args}.html
/cache/perm/$host${uri}_.css /cache/perm/$host${uri}_.js
/cache/$host/0$uri.html /cache/$host/0${uri}/index.html @drupal;
-}
-
-########### Security measures ##########
-
-## Uncomment the line below if you want to enable basic auth for
-## access to all /admin URIs. Note that this provides much better
-## protection if use HTTPS. Since it can easily be eavesdropped if you
-## use HTTP.
-#include apps/drupal/admin_basic_auth.conf;
-
-## Restrict access to the strictly necessary PHP files. Reducing the
-## scope for exploits. Handling of PHP code and the Drupal event loop.
-location @drupal {
- ## Include the FastCGI config.
- include apps/drupal/fastcgi_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## FCGI microcache for authenticated users also.
- include apps/drupal/microcache_fcgi_auth.conf;
-
- ## To use Apache for serving PHP uncomment the line bellow and
- ## comment out the above.
- #proxy_pass http://phpapache/index.php?q=$uri&$args;
- #proxy_set_header Connection '';
- ## Proxy microcache for authenticated users also.
- #include apps/drupal/microcache_proxy_auth.conf;
-
- ## Filefield Upload progress
- ## http://drupal.org/project/filefield_nginx_progress support
- ## through the NginxUploadProgress modules.
- track_uploads uploads 60s;
-}
-
-location @drupal-no-args {
- ## Include the specific FastCGI configuration. This is for a
- ## FCGI backend like php-cgi or php-fpm.
- include apps/drupal/fastcgi_no_args_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## FCGI microcache for authenticated users also.
- include apps/drupal/microcache_fcgi_auth.conf;
-
- ## If proxying to apache comment the two lines above and
- ## uncomment the line below.
- #proxy_pass http://phpapache/index.php?q=$uri;
- #proxy_set_header Connection '';
-
- ## Proxy microcache for authenticated users also.
- #include apps/drupal/microcache_proxy_auth.conf;
-}
-
-## Disallow access to .bzr, .git, .hg, .svn, .cvs directories: return
-## 404 as not to disclose information.
-location ^~ /.bzr {
- return 404;
-}
-
-location ^~ /.git {
- return 404;
-}
-
-location ^~ /.hg {
- return 404;
-}
-
-location ^~ /.svn {
- return 404;
-}
-
-location ^~ /.cvs {
- return 404;
-}
-
-## Disallow access to patches directory.
-location ^~ /patches {
- return 404;
-}
-
-## Disallow access to drush backup directory.
-location ^~ /backup {
- return 404;
-}
-
-## Disable access logs for robots.txt.
-location = /robots.txt {
- access_log off;
- ## Add support for the robotstxt module
- ## http://drupal.org/project/robotstxt.
- try_files $uri @drupal-no-args;
-}
-
-## RSS feed support.
-location = /rss.xml {
- try_files $uri @drupal-no-args;
-}
-
-## XML Sitemap support.
-location = /sitemap.xml {
- try_files $uri @drupal-no-args;
-}
-
-## Support for favicon. Return an 1x1 transparent GIF if it doesn't
-## exist.
-location = /favicon.ico {
- expires 30d;
- try_files /favicon.ico @empty;
-}
-
-## Return an in memory 1x1 transparent GIF.
-location @empty {
- expires 30d;
- empty_gif;
-}
-
-## Any other attempt to access PHP files returns a 404.
-location ~* ^.+\.php$ {
- return 404;
-}
-
-## Boost stats.
-location = /boost_stats.php {
- fastcgi_pass phpcgi;
- ## To use Apache for serving PHP uncomment the line bellow and
- ## comment out the above.
- #proxy_pass http://phpapache;
-}
-
diff --git a/etc/nginx/apps/drupal/drupal_boost_escaped.conf
b/etc/nginx/apps/drupal/drupal_boost_escaped.conf
deleted file mode 100644
index 36f5d98..0000000
--- a/etc/nginx/apps/drupal/drupal_boost_escaped.conf
+++ /dev/null
@@ -1,382 +0,0 @@
-# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*-
-### Nginx configuration for using Boost with Drupal. This
-### configuration makes use of drush (http:///drupal.org/project/drush)
-### for site maintenance and like tasks:
-###
-### 1. Run the cronjobs.
-### 2. Run the DB and code updates: drush up or drush upc followed by
-### drush updb to run any DB updates required by the code upgrades
-### that were performed.
-### 3. Disabling of xmlrpc.xml, install.php (needed only for
-### installing the site) and update.php: all updates are now
-### handled through drush.
-
-## To avoid the ugly rewrite we use Lua to escape the URI.
-set_by_lua $escaped_uri 'return ngx.escape_uri(ngx.var.uri)';
-
-## The 'default' location.
-location / {
-
- ## Drupal 404 from can impact performance. If using a module like
- ## search404 then 404's *have *to be handled by Drupal. Uncomment to
- ## relay the handling of 404's to Drupal.
- ## error_page 404 /index.php;
-
- ## Using a nested location is the 'correct' way to use regexes.
-
- ## Regular private file serving (i.e. handled by Drupal).
- location ^~ /system/files/ {
- ## Include the specific FastCGI configuration. This is for a
- ## FCGI backend like php-cgi or php-fpm.
- include apps/drupal/fastcgi_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## If proxying to apache comment the two lines above and
- ## uncomment the line below.
- #proxy_pass http://phpapache/index.php?q=$escaped_uri;
- #proxy_set_header Connection '';
-
- ## For not signaling a 404 in the error log whenever the
- ## system/files directory is accessed add the line below.
- ## Note that the 404 is the intended behavior.
- log_not_found off;
- }
-
- ## Trying to access private files directly returns a 404.
- location ^~ /sites/default/files/private/ {
- internal;
- }
-
- ## Support for the file_force module
- ## http://drupal.org/project/file_force.
- location ^~ /system/files_force/ {
- ## Include the specific FastCGI configuration. This is for a
- ## FCGI backend like php-cgi or php-fpm.
- include apps/drupal/fastcgi_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## If proxying to apache comment the two lines above and
- ## uncomment the line below.
- #proxy_pass http://phpapache/index.php?q=$no_slash_uri;
- #proxy_set_header Connection '';
-
- ## For not signaling a 404 in the error log whenever the
- ## system/files directory is accessed add the line below.
- ## Note that the 404 is the intended behavior.
- log_not_found off;
- }
-
- ## If accessing an image generated by Drupal 6 imagecache, serve it
- ## directly if available, if not relay the request to Drupal to
(re)generate
- ## the image.
- location ~* /imagecache/ {
- ## Image hotlinking protection. If you want hotlinking
- ## protection for your images uncomment the following line.
- #include apps/drupal/hotlinking_protection.conf;
-
- access_log off;
- expires 30d;
- try_files $escaped_uri @drupal;
- }
-
- ## Drupal 7 generated image handling, i.e., imagecache in core. See:
- ## http://drupal.org/node/371374.
- location ~* /files/styles/ {
- ## Image hotlinking protection. If you want hotlinking
- ## protection for your images uncomment the following line.
- #include apps/drupal/hotlinking_protection.conf;
-
- access_log off;
- expires 30d;
- try_files $escaped_uri @drupal;
- }
-
- ## Advanced Aggregation module CSS
- ## support. http://drupal.org/project/advagg.
- location ^~ /sites/default/files/advagg_css/ {
- expires max;
- add_header ETag '';
- add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT';
- add_header Accept-Ranges '';
-
- location ~* /sites/default/files/advagg_css/css[_[:alnum:]]+\.css$ {
- access_log off;
- try_files $escaped_uri @drupal;
- }
- }
-
- ## Advanced Aggregation module JS
- ## support. http://drupal.org/project/advagg.
- location ^~ /sites/default/files/advagg_js/ {
- add_header Pragma '';
- add_header Cache-Control 'public, max-age=946080000';
- add_header Accept-Ranges '';
-
- location ~* /sites/default/files/advagg_js/js[_[:alnum:]]+\.js$ {
- access_log off;
- try_files $escaped_uri @drupal;
- }
- }
-
- ## All static files will be served directly.
- location ~*
^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|svg)$ {
- access_log off;
- expires 30d;
- ## No need to bleed constant updates. Send the all shebang in one
- ## fell swoop.
- tcp_nodelay off;
- }
-
- ## PDFs and powerpoint files handling.
- location ~* ^.+\.(?:pdf|pptx?)$ {
- expires 30d;
- ## No need to bleed constant updates. Send the all shebang in one
- ## fell swoop.
- tcp_nodelay off;
- }
-
- ## MP3 and Ogg/Vorbis files are served using AIO when supported. Your OS
must support it.
- location ^~ /sites/default/files/audio/mp3 {
- location ~* ^/sites/default/files/audio/mp3/.*\.mp3$ {
- directio 4k; # for XFS
- ## If you're using ext3 or similar uncomment the line below and
comment the above.
- #directio 512; # for ext3 or similar (block alignments)
- tcp_nopush off;
- aio on;
- output_buffers 1 2M;
- }
- }
-
- location ^~ /sites/default/files/audio/ogg {
- location ~* ^/sites/default/files/audio/ogg/.*\.ogg$ {
- directio 4k; # for XFS
- ## If you're using ext3 or similar uncomment the line below and
comment the above.
- #directio 512; # for ext3 or similar (block alignments)
- tcp_nopush off;
- aio on;
- output_buffers 1 2M;
- }
- }
-
- ## Pseudo streaming of FLV files:
- ## http://wiki.nginx.org/HttpFlvStreamModule.
- ## If pseudo streaming isn't working, try to comment
- ## out in nginx.conf line with:
- ## add_header X-Frame-Options SAMEORIGIN;
- location ^~ /sites/default/files/video/flv {
- location ~* ^/sites/default/files/video/flv/.*\.flv$ {
- flv;
- }
- }
-
- ## Pseudo streaming of H264/AAC files. This requires an Nginx
- ## version greater or equal to 1.0.7 for the stable branch and
- ## greater or equal to 1.1.3 for the development branch.
- ## Cf. http://nginx.org/en/docs/http/ngx_http_mp4_module.html.
- location ^~ /sites/default/files/video/mp4 { # videos
- location ~* ^/sites/default/files/video/mp4/.*\.(?:mp4|mov)$ {
- mp4;
- mp4_buffer_size 1M;
- mp4_max_buffer_size 5M;
- }
- }
-
- location ^~ /sites/default/files/audio/m4a { # audios
- location ~* ^/sites/default/files/audio/m4a/.*\.m4a$ {
- mp4;
- mp4_buffer_size 1M;
- mp4_max_buffer_size 5M;
- }
- }
-
- ## Advanced Help module makes each module provided README available.
- location ^~ /help/ {
- location ~* ^/help/[^/]*/README\.txt$ {
- ## Include the specific FastCGI configuration. This is for a
- ## FCGI backend like php-cgi or php-fpm.
- include apps/drupal/fastcgi_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## If proxying to apache comment the two lines above and
- ## uncomment the line below.
- #proxy_pass http://phpapache/index.php?q=$escaped_uri;
- #proxy_set_header Connection '';
- }
- }
-
- ## Replicate the Apache <FilesMatch> directive of Drupal standard
- ## .htaccess. Disable access to any code files. Return a 404 to curtail
- ## information disclosure. Hide also the text files.
- location ~*
^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|pot|sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$
{
- return 404;
- }
-
- ## First we try the URI and relay to the @cache if not found.
- try_files $escaped_uri @cache;
-}
-
-## We define a named location for the cache.
-location @cache {
- ## Boost compresses can the pages so we check it. Comment it out
- ## if you don't have it enabled in Boost.
- gzip_static on;
-
- ## Error page handler for the case where $no_cache is 1. POST
- ## request or authenticated.
- error_page 418 = @drupal;
-
- ## If $no_cache is 1 then it means that either we have a session
- ## cookie or that the request method is POST. So serve the dynamic
- ## page.
- if ($no_cache) {
- return 418; # I'm a teapot/I can't get no cachifaction
- }
-
- ## No caching for POST requests.
- if ($request_method = POST) {
- return 418;
- }
-
- # Now for some header tweaking. We use a date that differs
- # from stock Drupal. Everyone seems to be using their
- # birthdate. Why go against the grain?
- add_header Expires "Tue, 13 Jun 1977 03:45:00 GMT";
- # We bypass all delays in the post-check and pre-check
- # parameters of Cache-Control. Both set to 0.
- add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
- # Funny...perhaps. Egocentric? Damn right!;
- add_header X-Header "Boost Helás Avril 1.0";
- ## Boost doesn't set a charset.
- charset utf-8;
-
- # We try each boost URI in succession, if every one of them
- # fails then relay to Drupal.
- try_files /cache/normal/$host${uri}_${args}.html
/cache/perm/$host${uri}_.css /cache/perm/$host${uri}_.js
/cache/$host/0$escaped_uri.html /cache/$host/0${uri}/index.html @drupal;
-}
-
-########### Security measures ##########
-
-## Uncomment the line below if you want to enable basic auth for
-## access to all /admin URIs. Note that this provides much better
-## protection if use HTTPS. Since it can easily be eavesdropped if you
-## use HTTP.
-#include apps/drupal/admin_basic_auth.conf;
-
-## Restrict access to the strictly necessary PHP files. Reducing the
-## scope for exploits. Handling of PHP code and the Drupal event loop.
-location @drupal {
- ## Include the FastCGI config.
- include apps/drupal/fastcgi_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## FCGI microcache for authenticated users also.
- include apps/drupal/microcache_fcgi_auth.conf;
-
- ## To use Apache for serving PHP uncomment the line bellow and
- ## comment out the above.
- #proxy_pass http://phpapache/index.php?q=$escaped_uri&$args;
- #proxy_set_header Connection '';
- ## Proxy microcache for authenticated users also.
- #include apps/drupal/microcache_proxy_auth.conf;
-
- ## Filefield Upload progress
- ## http://drupal.org/project/filefield_nginx_progress support
- ## through the NginxUploadProgress modules.
- track_uploads uploads 60s;
-}
-
-location @drupal-no-args {
- ## Include the specific FastCGI configuration. This is for a
- ## FCGI backend like php-cgi or php-fpm.
- include apps/drupal/fastcgi_no_args_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## FCGI microcache for authenticated users also.
- include apps/drupal/microcache_fcgi_auth.conf;
-
- ## If proxying to apache comment the two lines above and
- ## uncomment the line below.
- #proxy_pass http://phpapache/index.php?q=$escaped_uri;
- #proxy_set_header Connection '';
-
- ## Proxy microcache for authenticated users also.
- #include apps/drupal/microcache_proxy_auth.conf;
-}
-
-## Disallow access to .bzr, .git, .hg, .svn, .cvs directories: return
-## 404 as not to disclose information.
-location ^~ /.bzr {
- return 404;
-}
-
-location ^~ /.git {
- return 404;
-}
-
-location ^~ /.hg {
- return 404;
-}
-
-location ^~ /.svn {
- return 404;
-}
-
-location ^~ /.cvs {
- return 404;
-}
-
-## Disallow access to patches directory.
-location ^~ /patches {
- return 404;
-}
-
-## Disallow access to drush backup directory.
-location ^~ /backup {
- return 404;
-}
-
-## Disable access logs for robots.txt.
-location = /robots.txt {
- access_log off;
- ## Add support for the robotstxt module
- ## http://drupal.org/project/robotstxt.
- try_files $uri @drupal-no-args;
-}
-
-## RSS feed support.
-location = /rss.xml {
- try_files $escaped_uri @drupal-no-args;
-}
-
-## XML Sitemap support.
-location = /sitemap.xml {
- try_files $escaped_uri @drupal-no-args;
-}
-
-## Support for favicon. Return an 1x1 transparent GIF if it doesn't
-## exist.
-location = /favicon.ico {
- expires 30d;
- try_files /favicon.ico @empty;
-}
-
-## Return an in memory 1x1 transparent GIF.
-location @empty {
- expires 30d;
- empty_gif;
-}
-
-## Any other attempt to access PHP files returns a 404.
-location ~* ^.+\.php$ {
- return 404;
-}
-
-## Boost stats.
-location = /boost_stats.php {
- fastcgi_pass phpcgi;
- ## To use Apache for serving PHP uncomment the line bellow and
- ## comment out the above.
- #proxy_pass http://phpapache;
- #proxy_set_header Connection '';
-}
-
diff --git a/etc/nginx/apps/drupal/drupal_cron_update.conf
b/etc/nginx/apps/drupal/drupal_cron_update.conf
deleted file mode 100644
index 55500e9..0000000
--- a/etc/nginx/apps/drupal/drupal_cron_update.conf
+++ /dev/null
@@ -1,40 +0,0 @@
-# -*- mode: nginx; mode:autopair; mode: flyspell-prog;
ispell-local-dictionary: "american" -*-
-### Configuration file for Drupal if you're not using drush to update your
site or run cron.
-
-## XMLRPC. Comment out if not enabled.
-location = /xmlrpc.php {
- fastcgi_pass phpcgi;
- # To use Apache for serving PHP uncomment the line bellow and
- # comment out the above.
- #proxy_pass http://phpapache;
-}
-
-## Restrict cron access to a specific host.
-location = /cron.php {
- ## If not allowed to run cron then issue a 404 and redirect to the
- ## site root.
- if ($not_allowed_cron) {
- return 404 /;
- }
- fastcgi_pass phpcgi;
- ## To use Apache for serving PHP uncomment the line bellow and
- ## comment out the above.
- #proxy_pass http://phpapache;
-}
-
-## Run the update from the web interface with Drupal 7.
-location = /authorize.php {
- fastcgi_pass phpcgi;
- ## To use Apache for serving PHP uncomment the line bellow and
- ## comment out the above.
- #proxy_pass http://phpapache;
-}
-
-location = /update.php {
- auth_basic "Restricted Access"; # auth realm
- auth_basic_user_file .htpasswd-users; # htpasswd file
- fastcgi_pass phpcgi;
- ## To use Apache for serving PHP uncomment the line bellow and
- ## comment out the above.
- #proxy_pass http://phpapache;
-}
diff --git a/etc/nginx/apps/drupal/drupal_escaped.conf
b/etc/nginx/apps/drupal/drupal_escaped.conf
deleted file mode 100644
index db08cc0..0000000
--- a/etc/nginx/apps/drupal/drupal_escaped.conf
+++ /dev/null
@@ -1,347 +0,0 @@
-# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american"
-*-
-### Nginx configuration for Drupal. This configuration makes use of
-### drush (http:///drupal.org/project/drush) for site maintenance
-### and like tasks:
-###
-### 1. Run the cronjobs.
-### 2. Run the DB and code updates: drush up or drush upc followed by
-### drush updb to run any DB updates required by the code upgrades
-### that were performed.
-### 3. Disabling of xmlrpc.xml, install.php (needed only for
-### installing the site) and update.php: all updates are now
-### handled through drush.
-
-## To avoid the ugly rewrite we use Lua to escape the URI.
-set_by_lua $escaped_uri 'return ngx.escape_uri(ngx.var.uri)';
-
-## The 'default' location.
-location / {
-
- ## Drupal 404 from can impact performance. If using a module like
- ## search404 then 404's *have *to be handled by Drupal. Uncomment to
- ## relay the handling of 404's to Drupal.
- ## error_page 404 /index.php;
-
- ## Using a nested location is the 'correct' way to use regexes.
-
- ## Regular private file serving (i.e. handled by Drupal).
- location ^~ /system/files/ {
- ## Include the specific FastCGI configuration. This is for a
- ## FCGI backend like php-cgi or php-fpm.
- include apps/drupal/fastcgi_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## If proxying to apache comment the two lines above and
- ## uncomment the line below.
- #proxy_pass http://phpapache/index.php?q=$escaped_uri;
- #proxy_set_header Connection '';
-
- ## For not signaling a 404 in the error log whenever the
- ## system/files directory is accessed add the line below.
- ## Note that the 404 is the intended behavior.
- log_not_found off;
- }
-
- ## Trying to access private files directly returns a 404.
- location ^~ /sites/default/files/private/ {
- internal;
- }
-
- ## Support for the file_force module
- ## http://drupal.org/project/file_force.
- location ^~ /system/files_force/ {
- ## Include the specific FastCGI configuration. This is for a
- ## FCGI backend like php-cgi or php-fpm.
- include apps/drupal/fastcgi_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## If proxying to apache comment the two lines above and
- ## uncomment the line below.
- #proxy_pass http://phpapache/index.php?q=$no_slash_uri;
- #proxy_set_header Connection '';
-
- ## For not signaling a 404 in the error log whenever the
- ## system/files directory is accessed add the line below.
- ## Note that the 404 is the intended behavior.
- log_not_found off;
- }
-
- ## If accessing an image generated by Drupal 6 imagecache, serve it
- ## directly if available, if not relay the request to Drupal to
(re)generate
- ## the image.
- location ~* /imagecache/ {
- ## Image hotlinking protection. If you want hotlinking
- ## protection for your images uncomment the following line.
- #include apps/drupal/hotlinking_protection.conf;
-
- access_log off;
- expires 30d;
- try_files $escaped_uri @drupal;
- }
-
- ## Drupal 7 generated image handling, i.e., imagecache in core. See:
- ## http://drupal.org/node/371374.
- location ~* /files/styles/ {
- ## Image hotlinking protection. If you want hotlinking
- ## protection for your images uncomment the following line.
- #include apps/drupal/hotlinking_protection.conf;
-
- access_log off;
- expires 30d;
- try_files $escaped_uri @drupal;
- }
-
- ## Advanced Aggregation module CSS
- ## support. http://drupal.org/project/advagg.
- location ^~ /sites/default/files/advagg_css/ {
- expires max;
- add_header ETag '';
- add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT';
- add_header Accept-Ranges '';
-
- location ~* /sites/default/files/advagg_css/css[_[:alnum:]]+\.css$ {
- access_log off;
- try_files $escaped_uri @drupal;
- }
- }
-
- ## Advanced Aggregation module JS
- ## support. http://drupal.org/project/advagg.
- location ^~ /sites/default/files/advagg_js/ {
- expires max;
- add_header ETag '';
- add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT';
- add_header Accept-Ranges '';
-
- location ~* /sites/default/files/advagg_js/js[_[:alnum:]]+\.js$ {
- access_log off;
- try_files $escaped_uri @drupal;
- }
- }
-
- ## All static files will be served directly.
- location ~*
^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|svg)$ {
- access_log off;
- expires 30d;
- ## No need to bleed constant updates. Send the all shebang in one
- ## fell swoop.
- tcp_nodelay off;
- ## Set the OS file cache.
- open_file_cache max=3000 inactive=120s;
- open_file_cache_valid 45s;
- open_file_cache_min_uses 2;
- open_file_cache_errors off;
- }
-
- ## PDFs and powerpoint files handling.
- location ~* ^.+\.(?:pdf|pptx?)$ {
- expires 30d;
- ## No need to bleed constant updates. Send the all shebang in one
- ## fell swoop.
- tcp_nodelay off;
- }
-
- ## MP3 and Ogg/Vorbis files are served using AIO when supported. Your OS
must support it.
- location ^~ /sites/default/files/audio/mp3 {
- location ~* ^/sites/default/files/audio/mp3/.*\.mp3$ {
- directio 4k; # for XFS
- ## If you're using ext3 or similar uncomment the line below and
comment the above.
- #directio 512; # for ext3 or similar (block alignments)
- tcp_nopush off;
- aio on;
- output_buffers 1 2M;
- }
- }
-
- location ^~ /sites/default/files/audio/ogg {
- location ~* ^/sites/default/files/audio/ogg/.*\.ogg$ {
- directio 4k; # for XFS
- ## If you're using ext3 or similar uncomment the line below and
comment the above.
- #directio 512; # for ext3 or similar (block alignments)
- tcp_nopush off;
- aio on;
- output_buffers 1 2M;
- }
- }
-
- ## Pseudo streaming of FLV files:
- ## http://wiki.nginx.org/HttpFlvStreamModule.
- ## If pseudo streaming isn't working, try to comment
- ## out in nginx.conf line with:
- ## add_header X-Frame-Options SAMEORIGIN;
- location ^~ /sites/default/files/video/flv {
- location ~* ^/sites/default/files/video/flv/.*\.flv$ {
- flv;
- }
- }
-
- ## Pseudo streaming of H264/AAC files. This requires an Nginx
- ## version greater or equal to 1.0.7 for the stable branch and
- ## greater or equal to 1.1.3 for the development branch.
- ## Cf. http://nginx.org/en/docs/http/ngx_http_mp4_module.html.
- location ^~ /sites/default/files/video/mp4 { # videos
- location ~* ^/sites/default/files/video/mp4/.*\.(?:mp4|mov)$ {
- mp4;
- mp4_buffer_size 1M;
- mp4_max_buffer_size 5M;
- }
- }
-
- location ^~ /sites/default/files/audio/m4a { # audios
- location ~* ^/sites/default/files/audio/m4a/.*\.m4a$ {
- mp4;
- mp4_buffer_size 1M;
- mp4_max_buffer_size 5M;
- }
- }
-
- ## Advanced Help module makes each module provided README available.
- location ^~ /help/ {
- location ~* ^/help/[^/]*/README\.txt$ {
- ## Include the specific FastCGI configuration. This is for a
- ## FCGI backend like php-cgi or php-fpm.
- include apps/drupal/fastcgi_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## If proxying to apache comment the two lines above and
- ## uncomment the line below.
- #proxy_pass http://phpapache/index.php?q=$escaped_uri;
- }
- }
-
- ## Replicate the Apache <FilesMatch> directive of Drupal standard
- ## .htaccess. Disable access to any code files. Return a 404 to curtail
- ## information disclosure. Hide also the text files.
- location ~*
^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|pot|sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$
{
- return 404;
- }
-
- ## First we try the URI and relay to the /index.php?q=$escaped_uri&$args
if not found.
- try_files $escaped_uri @drupal;
-}
-
-########### Security measures ##########
-
-## Uncomment the line below if you want to enable basic auth for
-## access to all /admin URIs. Note that this provides much better
-## protection if use HTTPS. Since it can easily be eavesdropped if you
-## use HTTP.
-#include apps/drupal/admin_basic_auth.conf;
-
-## Restrict access to the strictly necessary PHP files. Reducing the
-## scope for exploits. Handling of PHP code and the Drupal event loop.
-location @drupal {
- ## Include the FastCGI config.
- include apps/drupal/fastcgi_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## FastCGI microcache.
- include apps/drupal/microcache_fcgi.conf;
- ## FCGI microcache for authenticated users also.
- #include apps/drupal/microcache_fcgi_auth.conf;
-
- ## To use Apache for serving PHP uncomment the line bellow and
- ## comment out the above.
- #proxy_pass http://phpapache/index.php?q=$escaped_uri&$args;
- #proxy_set_header Connection '';
- ## Proxy microcache.
- #include apps/drupal/microcache_proxy.conf;
- ## Proxy microcache for authenticated users also.
- #include apps/drupal/microcache_proxy_auth.conf;
-
- ## Filefield Upload progress
- ## http://drupal.org/project/filefield_nginx_progress support
- ## through the NginxUploadProgress modules.
- track_uploads uploads 60s;
-}
-
-location @drupal-no-args {
- ## Include the specific FastCGI configuration. This is for a
- ## FCGI backend like php-cgi or php-fpm.
- include apps/drupal/fastcgi_no_args_drupal.conf;
- fastcgi_pass phpcgi;
-
- ## FastCGI microcache.
- include apps/drupal/microcache_fcgi.conf;
- ## FCGI microcache for authenticated users also.
- #include apps/drupal/microcache_fcgi_auth.conf;
-
- ## If proxying to apache comment the two lines above and
- ## uncomment the line below.
- #proxy_pass http://phpapache/index.php?q=$escaped_uri;
- #proxy_set_header Connection '';
-
- ## Proxy microcache.
- #include apps/drupal/microcache_proxy.conf;
- ## Proxy microcache for authenticated users also.
- #include apps/drupal/microcache_proxy_auth.conf;
-}
-
-## Disallow access to .bzr, .git, .hg, .svn, .cvs directories: return
-## 404 as not to disclose information.
-location ^~ /.bzr {
- return 404;
-}
-
-location ^~ /.git {
- return 404;
-}
-
-location ^~ /.hg {
- return 404;
-}
-
-location ^~ /.svn {
- return 404;
-}
-
-location ^~ /.cvs {
- return 404;
-}
-
-## Disallow access to patches directory.
-location ^~ /patches {
- return 404;
-}
-
-## Disallow access to drush backup directory.
-location ^~ /backup {
- return 404;
-}
-
-## Disable access logs for robots.txt.
-location = /robots.txt {
- access_log off;
- ## Add support for the robotstxt module
- ## http://drupal.org/project/robotstxt.
- try_files $uri @drupal-no-args;
-}
-
-## RSS feed support.
-location = /rss.xml {
- try_files $escaped_uri @drupal-no-args;
-}
-
-## XML Sitemap support.
-location = /sitemap.xml {
- try_files $escaped_uri @drupal-no-args;
-}
-
-## Support for favicon. Return an 1x1 transparent GIF if it doesn't
-## exist.
-location = /favicon.ico {
- expires 30d;
- try_files /favicon.ico @empty;
-}
-
-## Return an in memory 1x1 transparent GIF.
-location @empty {
- expires 30d;
- empty_gif;
-}
-
-## Any other attempt to access PHP files returns a 404.
-location ~* ^.+\.php$ {
- return 404;
-}
-
diff --git a/etc/nginx/apps/drupal/drupal_install.conf
b/etc/nginx/apps/drupal/drupal_install.conf
deleted file mode 100644
index 1f4f11b..0000000
--- a/etc/nginx/apps/drupal/drupal_install.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american"
-*-
-
-### Directives for installing drupal. This is for drupal 6 and 7.
-
-location = /install.php {
- auth_basic "Restricted Access"; # auth realm
- auth_basic_user_file .htpasswd-users; # htpasswd file
- fastcgi_pass phpcgi;
-}
-
-## This is for drupal 8. There's a new location for the install file.
-location = /core/install.php {
- auth_basic "Restricted Access"; # auth realm
- auth_basic_user_file .htpasswd-users; # htpasswd file
- fastcgi_pass phpcgi;
-}
diff --git a/etc/nginx/apps/drupal/drupal_upload_progress.conf
b/etc/nginx/apps/drupal/drupal_upload_progress.conf
deleted file mode 100644
index 843fb06..0000000
--- a/etc/nginx/apps/drupal/drupal_upload_progress.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# -*- mode: nginx; mode: flyspell-prog; ispell-current-dictionary: american
-*-
-
-### Drupal 7 configuration for the Nginx Upload Progress module:
-### https://github.com/masterzen/nginx-upload-progress-module
-### This requires the Filefield Nginx Progress module:
-### http://drupal.org/project/filefield_nginx_progress.
-
-## The Nginx module wants ?X-Progress-ID query parameter so
-## that it report the progress of the upload through a GET
-## request. But the drupal form element makes use of clean
-## URLs in the POST.
-
-location ~ (?<upload_form_uri>.*)/x-progress-id:(?<upload_id>\d*) {
- rewrite ^ $upload_form_uri?X-Progress-ID=$upload_id;
-}
-
-## Now the above rewrite must be matched by a location that
-## activates it and references the above defined upload
-## tracking zone.
-location ^~ /progress {
- upload_progress_json_output;
- report_uploads uploads;
-}
diff --git a/etc/nginx/apps/drupal/fastcgi_drupal.conf
b/etc/nginx/apps/drupal/fastcgi_drupal.conf
deleted file mode 100644
index be59f85..0000000
--- a/etc/nginx/apps/drupal/fastcgi_drupal.conf
+++ /dev/null
@@ -1,43 +0,0 @@
-#-*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*-
-### fastcgi configuration for serving private files.
-## 1. Parameters.
-fastcgi_param QUERY_STRING q=$uri&$args;
-fastcgi_param REQUEST_METHOD $request_method;
-fastcgi_param CONTENT_TYPE $content_type;
-fastcgi_param CONTENT_LENGTH $content_length;
-
-fastcgi_param SCRIPT_NAME /index.php;
-fastcgi_param REQUEST_URI $request_uri;
-fastcgi_param DOCUMENT_URI $document_uri;
-fastcgi_param DOCUMENT_ROOT $document_root;
-fastcgi_param SERVER_PROTOCOL $server_protocol;
-
-fastcgi_param GATEWAY_INTERFACE CGI/1.1;
-fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
-
-fastcgi_param REMOTE_ADDR $remote_addr;
-fastcgi_param REMOTE_PORT $remote_port;
-fastcgi_param SERVER_ADDR $server_addr;
-fastcgi_param SERVER_PORT $server_port;
-fastcgi_param SERVER_NAME $server_name;
-## PHP only, required if PHP was built with --enable-force-cgi-redirect
-fastcgi_param REDIRECT_STATUS 200;
-fastcgi_param SCRIPT_FILENAME $document_root/index.php;
-## HTTPS 'on' parameter. This requires Nginx version 1.1.11 or
-## later. The if_not_empty flag was introduced in 1.1.11. See:
-## http://nginx.org/en/CHANGES. If using a version that doesn't
-## support this comment out the line below.
-fastcgi_param HTTPS $fastcgi_https if_not_empty;
-## For Nginx versions below 1.1.11 uncomment the line below after commenting
out the above.
-#fastcgi_param HTTPS $fastcgi_https;
-
-## 2. Nginx FCGI specific directives.
-fastcgi_buffers 256 4k;
-fastcgi_intercept_errors on;
-## Allow 4 hrs - pass timeout responsibility to upstream.
-fastcgi_read_timeout 14400;
-fastcgi_index index.php;
-## Hide the X-Drupal-Cache header provided by Pressflow.
-fastcgi_hide_header 'X-Drupal-Cache';
-## Hide the Drupal 7 header X-Generator.
-fastcgi_hide_header 'X-Generator';
diff --git a/etc/nginx/apps/drupal/fastcgi_no_args_drupal.conf
b/etc/nginx/apps/drupal/fastcgi_no_args_drupal.conf
deleted file mode 100644
index 683e4ce..0000000
--- a/etc/nginx/apps/drupal/fastcgi_no_args_drupal.conf
+++ /dev/null
@@ -1,43 +0,0 @@
-#-*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*-
-### fastcgi configuration for serving private files.
-## 1. Parameters.
-fastcgi_param QUERY_STRING q=$uri;
-fastcgi_param REQUEST_METHOD $request_method;
-fastcgi_param CONTENT_TYPE $content_type;
-fastcgi_param CONTENT_LENGTH $content_length;
-
-fastcgi_param SCRIPT_NAME /index.php;
-fastcgi_param REQUEST_URI $request_uri;
-fastcgi_param DOCUMENT_URI $document_uri;
-fastcgi_param DOCUMENT_ROOT $document_root;
-fastcgi_param SERVER_PROTOCOL $server_protocol;
-
-fastcgi_param GATEWAY_INTERFACE CGI/1.1;
-fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
-
-fastcgi_param REMOTE_ADDR $remote_addr;
-fastcgi_param REMOTE_PORT $remote_port;
-fastcgi_param SERVER_ADDR $server_addr;
-fastcgi_param SERVER_PORT $server_port;
-fastcgi_param SERVER_NAME $server_name;
-## PHP only, required if PHP was built with --enable-force-cgi-redirect
-fastcgi_param REDIRECT_STATUS 200;
-fastcgi_param SCRIPT_FILENAME $document_root/index.php;
-## HTTPS 'on' parameter. This requires Nginx version 1.1.11 or
-## later. The if_not_empty flag was introduced in 1.1.11. See:
-## http://nginx.org/en/CHANGES. If using a version that doesn't
-## support this comment out the line below.
-fastcgi_param HTTPS $fastcgi_https if_not_empty;
-## For Nginx versions below 1.1.11 uncomment the line below after commenting
out the above.
-#fastcgi_param HTTPS $fastcgi_https;
-
-## 2. Nginx FCGI specific directives.
-fastcgi_buffers 256 4k;
-fastcgi_intercept_errors on;
-## Allow 4 hrs - pass timeout responsibility to upstream.
-fastcgi_read_timeout 14400;
-fastcgi_index index.php;
-## Hide the X-Drupal-Cache header provided by Pressflow.
-fastcgi_hide_header 'X-Drupal-Cache';
-## Hide the Drupal 7 header X-Generator.
-fastcgi_hide_header 'X-Generator';
diff --git a/etc/nginx/apps/drupal/hotlinking_protection.conf
b/etc/nginx/apps/drupal/hotlinking_protection.conf
deleted file mode 100644
index f2926e1..0000000
--- a/etc/nginx/apps/drupal/hotlinking_protection.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american"
-*-
-
-### Hotlinking protection for images. Include it in any context you
-### want. Adjust the list of allowed referers to your liking.
-
-valid_referers none blocked *.example.com *.google.com my.site.com;
-
-if ($invalid_referer) {
- return 200 "No image hotlinking allowed!\n";
-}
diff --git a/etc/nginx/apps/drupal/map_cache.conf
b/etc/nginx/apps/drupal/map_cache.conf
deleted file mode 100644
index 8166fcd..0000000
--- a/etc/nginx/apps/drupal/map_cache.conf
+++ /dev/null
@@ -1,39 +0,0 @@
-# -*- mode: nginx; mode: flyspell-prog; ispell-current-dictionary: american
-*-
-
-### Testing if we should be serving content from cache or not. This is
-### needed for any Drupal setup that uses an external cache.
-
-## Let Ajax calls go through.
-map $uri $no_cache_ajax {
- default 0;
- /system/ajax 1;
-}
-
-## Testing for the session cookie being present. If there is then no
-## caching is to be done. Note that this is for someone using either
-## Drupal 7 pressflow or stock Drupal 6 core with no_anon
-## (http://drupal.org/project/no_anon).
-map $http_cookie $no_cache_cookie {
- default 0;
- ~SESS 1; # PHP session cookie
-}
-
-## Combine both results to get the cache bypassing mapping.
-map $no_cache_ajax$no_cache_cookie $no_cache {
- default 1;
- 00 0;
-}
-
-## If you're using stock Drupal 6 without no_anon, i.e., there's a
-## session cookie being served even to anonymous users, then uncomment
-## the three lines below and comment the above map directive
-# map $http_cookie $no_cache {
-# default 0;
-# ~DRUPAL_UID 1; # DRUPAL_UID cookie set by Boost
-# }
-
-## Set a cache_uid variable for authenticated users.
-map $http_cookie $cache_uid {
- default nil; # hommage to Lisp :)
- ~SESS[[:alnum:]]+=(?<session_id>[[:graph:]]+) $session_id;
-}
diff --git a/etc/nginx/apps/drupal/microcache_fcgi.conf
b/etc/nginx/apps/drupal/microcache_fcgi.conf
deleted file mode 100644
index e7e8184..0000000
--- a/etc/nginx/apps/drupal/microcache_fcgi.conf
+++ /dev/null
@@ -1,39 +0,0 @@
-# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american"
-*-
-
-### Implementation of the microcache concept as presented here:
-### http://fennb.com/microcaching-speed-your-app-up-250x-with-no-n
-
-## The cache zone referenced.
-fastcgi_cache microcache;
-## The cache key.
-fastcgi_cache_key $scheme$request_method$host$request_uri;
-
-## For 200 and 301 make the cache valid for 1s seconds.
-fastcgi_cache_valid 200 301 1s;
-## For 302 make it valid for 1 minute.
-fastcgi_cache_valid 302 1m;
-## For 404 make it valid 1 second.
-fastcgi_cache_valid 404 1s;
-## If there are any upstream errors or the item has expired use
-## whatever it is available.
-fastcgi_cache_use_stale error timeout invalid_header updating http_500;
-## The Cache-Control and Expires headers should be delivered untouched
-## from the upstream to the client.
-fastcgi_ignore_headers Cache-Control Expires;
-## Bypass the cache.
-fastcgi_cache_bypass $no_cache;
-fastcgi_no_cache $no_cache;
-
-## To avoid any interaction with the cache control headers we expire
-## everything on this location immediately.
-expires epoch;
-
-## If you're using a Nginx version greater than 1.1.11 then uncomment
-## the line below. See:
-##
http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache_lock
-## Cache locking mechanism for protecting the backend of too many
-## simultaneous requests.
-#fastcgi_cache_lock on;
-## The default timeout, i.e., the time to way before forwarding the
-## second request upstream if no reply as arrived in the meantime is 5s.
-#fastcgi_cache_lock_timeout 8000; # in miliseconds.
diff --git a/etc/nginx/apps/drupal/microcache_fcgi_auth.conf
b/etc/nginx/apps/drupal/microcache_fcgi_auth.conf
deleted file mode 100644
index 7b2b7c3..0000000
--- a/etc/nginx/apps/drupal/microcache_fcgi_auth.conf
+++ /dev/null
@@ -1,51 +0,0 @@
-# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american"
-*-
-
-## The cache zone referenced.
-fastcgi_cache microcache;
-## The cache key.
-fastcgi_cache_key $cache_uid@$scheme$request_method$host$request_uri;
-
-## For 200 and 301 make the cache valid for 15s.
-fastcgi_cache_valid 200 301 15s;
-## For 302 make it valid for 1 minute.
-fastcgi_cache_valid 302 1m;
-## For 404 make it valid 1 second.
-fastcgi_cache_valid 404 1s;
-## If there are any upstream errors use whatever it is available.
-fastcgi_cache_use_stale error timeout invalid_header updating http_500;
-## The Cache-Control and Expires headers should be delivered untouched
-## from the upstream to the client.
-fastcgi_ignore_headers Cache-Control Expires;
-fastcgi_pass_header Set-Cookie;
-fastcgi_pass_header Cookie;
-## Bypass the cache.
-# fastcgi_cache_bypass $no_auth_cache;
-# fastcgi_no_cache $no_auth_cache;
-## Add a cache miss/hit status header.
-add_header X-Micro-Cache $upstream_cache_status;
-## To avoid any interaction with the cache control headers we expire
-## everything on this location immediately.
-expires epoch;
-
-## Enable clickjacking protection in modern browsers. Available in
-## IE8 also. See
-## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
-## This may conflicts with pseudo streaming (at least with Nginx version
1.0.12).
-## Uncomment the line below if you're not using media streaming.
-## For sites *not* using frames uncomment the line below.
-#add_header X-Frame-Options DENY;
-## For sites *using* frames uncomment the line below.
-#add_header X-Frame-Options SAMEORIGIN;
-
-## Block MIME type sniffing on IE.
-add_header X-Content-Options nosniff;
-
-## If you're using a Nginx version greater than 1.1.11 then uncomment
-## the line below. See:
-##
http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache_lock
-## Cache locking mechanism for protecting the backend of too many
-## simultaneous requests.
-#fastcgi_cache_lock on;
-## The default timeout, i.e., the time to way before forwarding the
-## second request upstream if no reply as arrived in the meantime is 5s.
-#fastcgi_cache_lock_timeout 8000; # in miliseconds.
diff --git a/etc/nginx/apps/drupal/microcache_proxy.conf
b/etc/nginx/apps/drupal/microcache_proxy.conf
deleted file mode 100644
index 6708684..0000000
--- a/etc/nginx/apps/drupal/microcache_proxy.conf
+++ /dev/null
@@ -1,53 +0,0 @@
-# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american"
-*-
-
-### Implementation of the microcache concept as presented here:
-### http://fennb.com/microcaching-speed-your-app-up-250x-with-no-n
-
-## The cache zone referenced.
-proxy_cache microcache;
-## The cache key.
-proxy_cache_key $host$request_uri;
-
-## For 200 and 301 make the cache valid for 15 seconds.
-proxy_cache_valid 200 301 15s;
-## For 302 make it valid for 1 minute.
-proxy_cache_valid 302 1m;
-## For 404 make it valid 1 second.
-proxy_cache_valid 404 1s;
-## If there are any upstream errors or the item has expired use
-## whatever it is available.
-proxy_cache_use_stale error timeout invalid_header updating http_500 http_502
http_503 http_504;
-## The Cache-Control and Expires headers should be delivered untouched
-## from the upstream to the client.
-proxy_ignore_headers Cache-Control Expires;
-## Bypass the cache.
-proxy_cache_bypass $no_cache;
-proxy_no_cache $no_cache;
-## Add a cache miss/hit status header.
-add_header X-Micro-Cache $upstream_cache_status;
-## To avoid any interaction with the cache control headers we expire
-## everything on this location immediately.
-expires epoch;
-
-## Enable clickjacking protection in modern browsers. Available in
-## IE8 also. See
-## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
-## This may conflicts with pseudo streaming (at least with Nginx version
1.0.12).
-## Uncomment the line below if you're not using media streaming.
-## For sites *not* using frames uncomment the line below.
-#add_header X-Frame-Options DENY;
-## For sites *using* frames uncomment the line below.
-#add_header X-Frame-Options SAMEORIGIN;
-
-## Block MIME type sniffing on IE.
-add_header X-Content-Options nosniff;
-
-## If you're using a Nginx version greater than 1.1.11 then uncomment
-## the line below. See:
-## http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_lock.
-## Cache locking mechanism for protecting the backendof too many
-## simultaneous requests.
-#proxy_cache_lock on;
-## The default timeout, i.e., the time to way before forwarding the
-## second request upstream if no reply as arrived in the meantime is 5s.
-# proxy_cache_lock_timeout 8000; # in miliseconds.
diff --git a/etc/nginx/apps/drupal/microcache_proxy_auth.conf
b/etc/nginx/apps/drupal/microcache_proxy_auth.conf
deleted file mode 100644
index e351b1b..0000000
--- a/etc/nginx/apps/drupal/microcache_proxy_auth.conf
+++ /dev/null
@@ -1,54 +0,0 @@
-# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american"
-*-
-
-### Implementation of the microcache concept as presented here:
-### http://fennb.com/microcaching-speed-your-app-up-250x-with-no-n
-
-## The cache zone referenced.
-proxy_cache microcache;
-## The cache key.
-proxy_cache_key $cache_uid@$host$request_uri;
-
-## For 200 and 301 make the cache valid for 15 seconds.
-proxy_cache_valid 200 301 15s;
-## For 302 make it valid for 1 minute.
-proxy_cache_valid 302 1m;
-## For 404 make it valid 1 second.
-proxy_cache_valid 404 1s;
-## If there are any upstream errors or the item has expired use
-## whatever it is available.
-proxy_cache_use_stale error timeout invalid_header updating http_500 http_502
http_503 http_504;
-## The Cache-Control and Expires headers should be delivered untouched
-## from the upstream to the client.
-proxy_ignore_headers Cache-Control Expires;
-proxy_pass_header Set-Cookie;
-proxy_pass_header Cookie;
-## Bypass the cache.
-proxy_cache_bypass $no_auth_cache;
-proxy_no_cache $no_auth_cache;
-## Add a cache miss/hit status header.
-add_header X-Micro-Cache $upstream_cache_status;
-## To avoid any interaction with the cache control headers we expire
-## everything on this location immediately.
-expires epoch;
-## Enable clickjacking protection in modern browsers. Available in
-## IE8 also. See
-## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
-## This may conflicts with pseudo streaming (at least with Nginx version
1.0.12).
-## Uncomment the line below if you're not using media streaming.
-## For sites *not* using frames uncomment the line below.
-#add_header X-Frame-Options DENY;
-## For sites *using* frames uncomment the line below.
-#add_header X-Frame-Options SAMEORIGIN;
-
-## Block MIME type sniffing on IE.
-add_header X-Content-Options nosniff;
-
-## If you're using a Nginx version greater than 1.1.11 then uncomment
-## the line below. See:
-## http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_lock.
-## Cache locking mechanism for protecting the backendof too many
-## simultaneous requests.
-#proxy_cache_lock on;
-## The default timeout, i.e., the time to way before forwarding the
-## second request upstream if no reply as arrived in the meantime is 5s.
-# proxy_cache_lock_timeout 8000; # in miliseconds.
diff --git a/etc/nginx/conf.d/favicon_robots b/etc/nginx/conf.d/favicon_robots
deleted file mode 100644
index 3c6e417..0000000
--- a/etc/nginx/conf.d/favicon_robots
+++ /dev/null
@@ -1,11 +0,0 @@
-location = /robots.txt {
- root /var/www/robots-favicon;
-}
-
-location = /favicon.ico {
- root /var/www/robots-favicon;
-}
-
-location = /static/web-common/favicon-taler.ico {
- alias /var/www/robots-favicon/favicon.ico;
-}
diff --git a/etc/nginx/conf.d/talerssl b/etc/nginx/conf.d/talerssl
deleted file mode 100644
index 71ad727..0000000
--- a/etc/nginx/conf.d/talerssl
+++ /dev/null
@@ -1,14 +0,0 @@
-ssl_certificate /etc/letsencrypt/live/api.taler.net/fullchain.pem;
-ssl_certificate_key /etc/letsencrypt/live/api.taler.net/privkey.pem;
-ssl_prefer_server_ciphers on;
-ssl_session_cache shared:SSL:10m;
-ssl_dhparam /etc/ssl/certs/dhparam.pem;
-ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
-ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
-
-add_header Strict-Transport-Security "max-age=63072000; includeSubDomains;
preload";
-add_header X-XSS-Protection "1; mode=block";
-add_header X-Frame-Options "SAMEORIGIN";
-add_header X-Content-Type-Options "nosniff";
-add_header Content-Security-Policy "default-src 'self'
https://www.taler.net/dist/; img-src 'self' data:; script-src 'self'
'unsafe-inline' 'unsafe-eval' https://www.taler.net/dist/js/; style-src 'self'
'unsafe-inline' https://www.taler.net/dist/css/; connect-src 'self'
wss://buildbot.taler.net";
-add_header Referrer-Policy "same-origin";
diff --git a/etc/nginx/fastcgi.conf b/etc/nginx/fastcgi.conf
deleted file mode 100644
index 091738c..0000000
--- a/etc/nginx/fastcgi.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-
-fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-fastcgi_param QUERY_STRING $query_string;
-fastcgi_param REQUEST_METHOD $request_method;
-fastcgi_param CONTENT_TYPE $content_type;
-fastcgi_param CONTENT_LENGTH $content_length;
-
-fastcgi_param SCRIPT_NAME $fastcgi_script_name;
-fastcgi_param REQUEST_URI $request_uri;
-fastcgi_param DOCUMENT_URI $document_uri;
-fastcgi_param DOCUMENT_ROOT $document_root;
-fastcgi_param SERVER_PROTOCOL $server_protocol;
-fastcgi_param REQUEST_SCHEME $scheme;
-fastcgi_param HTTPS $https if_not_empty;
-
-fastcgi_param GATEWAY_INTERFACE CGI/1.1;
-fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
-
-fastcgi_param REMOTE_ADDR $remote_addr;
-fastcgi_param REMOTE_PORT $remote_port;
-fastcgi_param SERVER_ADDR $server_addr;
-fastcgi_param SERVER_PORT $server_port;
-fastcgi_param SERVER_NAME $server_name;
-
-# PHP only, required if PHP was built with --enable-force-cgi-redirect
-fastcgi_param REDIRECT_STATUS 200;
diff --git a/etc/nginx/fastcgi_params b/etc/nginx/fastcgi_params
deleted file mode 100644
index 28decb9..0000000
--- a/etc/nginx/fastcgi_params
+++ /dev/null
@@ -1,25 +0,0 @@
-
-fastcgi_param QUERY_STRING $query_string;
-fastcgi_param REQUEST_METHOD $request_method;
-fastcgi_param CONTENT_TYPE $content_type;
-fastcgi_param CONTENT_LENGTH $content_length;
-
-fastcgi_param SCRIPT_NAME $fastcgi_script_name;
-fastcgi_param REQUEST_URI $request_uri;
-fastcgi_param DOCUMENT_URI $document_uri;
-fastcgi_param DOCUMENT_ROOT $document_root;
-fastcgi_param SERVER_PROTOCOL $server_protocol;
-fastcgi_param REQUEST_SCHEME $scheme;
-fastcgi_param HTTPS $https if_not_empty;
-
-fastcgi_param GATEWAY_INTERFACE CGI/1.1;
-fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
-
-fastcgi_param REMOTE_ADDR $remote_addr;
-fastcgi_param REMOTE_PORT $remote_port;
-fastcgi_param SERVER_ADDR $server_addr;
-fastcgi_param SERVER_PORT $server_port;
-fastcgi_param SERVER_NAME $server_name;
-
-# PHP only, required if PHP was built with --enable-force-cgi-redirect
-fastcgi_param REDIRECT_STATUS 200;
diff --git a/etc/nginx/koi-utf b/etc/nginx/koi-utf
deleted file mode 100644
index e7974ff..0000000
--- a/etc/nginx/koi-utf
+++ /dev/null
@@ -1,109 +0,0 @@
-
-# This map is not a full koi8-r <> utf8 map: it does not contain
-# box-drawing and some other characters. Besides this map contains
-# several koi8-u and Byelorussian letters which are not in koi8-r.
-# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
-# map instead.
-
-charset_map koi8-r utf-8 {
-
- 80 E282AC ; # euro
-
- 95 E280A2 ; # bullet
-
- 9A C2A0 ; #
-
- 9E C2B7 ; # ·
-
- A3 D191 ; # small yo
- A4 D194 ; # small Ukrainian ye
-
- A6 D196 ; # small Ukrainian i
- A7 D197 ; # small Ukrainian yi
-
- AD D291 ; # small Ukrainian soft g
- AE D19E ; # small Byelorussian short u
-
- B0 C2B0 ; # °
-
- B3 D081 ; # capital YO
- B4 D084 ; # capital Ukrainian YE
-
- B6 D086 ; # capital Ukrainian I
- B7 D087 ; # capital Ukrainian YI
-
- B9 E28496 ; # numero sign
-
- BD D290 ; # capital Ukrainian soft G
- BE D18E ; # capital Byelorussian short U
-
- BF C2A9 ; # (C)
-
- C0 D18E ; # small yu
- C1 D0B0 ; # small a
- C2 D0B1 ; # small b
- C3 D186 ; # small ts
- C4 D0B4 ; # small d
- C5 D0B5 ; # small ye
- C6 D184 ; # small f
- C7 D0B3 ; # small g
- C8 D185 ; # small kh
- C9 D0B8 ; # small i
- CA D0B9 ; # small j
- CB D0BA ; # small k
- CC D0BB ; # small l
- CD D0BC ; # small m
- CE D0BD ; # small n
- CF D0BE ; # small o
-
- D0 D0BF ; # small p
- D1 D18F ; # small ya
- D2 D180 ; # small r
- D3 D181 ; # small s
- D4 D182 ; # small t
- D5 D183 ; # small u
- D6 D0B6 ; # small zh
- D7 D0B2 ; # small v
- D8 D18C ; # small soft sign
- D9 D18B ; # small y
- DA D0B7 ; # small z
- DB D188 ; # small sh
- DC D18D ; # small e
- DD D189 ; # small shch
- DE D187 ; # small ch
- DF D18A ; # small hard sign
-
- E0 D0AE ; # capital YU
- E1 D090 ; # capital A
- E2 D091 ; # capital B
- E3 D0A6 ; # capital TS
- E4 D094 ; # capital D
- E5 D095 ; # capital YE
- E6 D0A4 ; # capital F
- E7 D093 ; # capital G
- E8 D0A5 ; # capital KH
- E9 D098 ; # capital I
- EA D099 ; # capital J
- EB D09A ; # capital K
- EC D09B ; # capital L
- ED D09C ; # capital M
- EE D09D ; # capital N
- EF D09E ; # capital O
-
- F0 D09F ; # capital P
- F1 D0AF ; # capital YA
- F2 D0A0 ; # capital R
- F3 D0A1 ; # capital S
- F4 D0A2 ; # capital T
- F5 D0A3 ; # capital U
- F6 D096 ; # capital ZH
- F7 D092 ; # capital V
- F8 D0AC ; # capital soft sign
- F9 D0AB ; # capital Y
- FA D097 ; # capital Z
- FB D0A8 ; # capital SH
- FC D0AD ; # capital E
- FD D0A9 ; # capital SHCH
- FE D0A7 ; # capital CH
- FF D0AA ; # capital hard sign
-}
diff --git a/etc/nginx/koi-win b/etc/nginx/koi-win
deleted file mode 100644
index 72afabe..0000000
--- a/etc/nginx/koi-win
+++ /dev/null
@@ -1,103 +0,0 @@
-
-charset_map koi8-r windows-1251 {
-
- 80 88 ; # euro
-
- 95 95 ; # bullet
-
- 9A A0 ; #
-
- 9E B7 ; # ·
-
- A3 B8 ; # small yo
- A4 BA ; # small Ukrainian ye
-
- A6 B3 ; # small Ukrainian i
- A7 BF ; # small Ukrainian yi
-
- AD B4 ; # small Ukrainian soft g
- AE A2 ; # small Byelorussian short u
-
- B0 B0 ; # °
-
- B3 A8 ; # capital YO
- B4 AA ; # capital Ukrainian YE
-
- B6 B2 ; # capital Ukrainian I
- B7 AF ; # capital Ukrainian YI
-
- B9 B9 ; # numero sign
-
- BD A5 ; # capital Ukrainian soft G
- BE A1 ; # capital Byelorussian short U
-
- BF A9 ; # (C)
-
- C0 FE ; # small yu
- C1 E0 ; # small a
- C2 E1 ; # small b
- C3 F6 ; # small ts
- C4 E4 ; # small d
- C5 E5 ; # small ye
- C6 F4 ; # small f
- C7 E3 ; # small g
- C8 F5 ; # small kh
- C9 E8 ; # small i
- CA E9 ; # small j
- CB EA ; # small k
- CC EB ; # small l
- CD EC ; # small m
- CE ED ; # small n
- CF EE ; # small o
-
- D0 EF ; # small p
- D1 FF ; # small ya
- D2 F0 ; # small r
- D3 F1 ; # small s
- D4 F2 ; # small t
- D5 F3 ; # small u
- D6 E6 ; # small zh
- D7 E2 ; # small v
- D8 FC ; # small soft sign
- D9 FB ; # small y
- DA E7 ; # small z
- DB F8 ; # small sh
- DC FD ; # small e
- DD F9 ; # small shch
- DE F7 ; # small ch
- DF FA ; # small hard sign
-
- E0 DE ; # capital YU
- E1 C0 ; # capital A
- E2 C1 ; # capital B
- E3 D6 ; # capital TS
- E4 C4 ; # capital D
- E5 C5 ; # capital YE
- E6 D4 ; # capital F
- E7 C3 ; # capital G
- E8 D5 ; # capital KH
- E9 C8 ; # capital I
- EA C9 ; # capital J
- EB CA ; # capital K
- EC CB ; # capital L
- ED CC ; # capital M
- EE CD ; # capital N
- EF CE ; # capital O
-
- F0 CF ; # capital P
- F1 DF ; # capital YA
- F2 D0 ; # capital R
- F3 D1 ; # capital S
- F4 D2 ; # capital T
- F5 D3 ; # capital U
- F6 C6 ; # capital ZH
- F7 C2 ; # capital V
- F8 DC ; # capital soft sign
- F9 DB ; # capital Y
- FA C7 ; # capital Z
- FB D8 ; # capital SH
- FC DD ; # capital E
- FD D9 ; # capital SHCH
- FE D7 ; # capital CH
- FF DA ; # capital hard sign
-}
diff --git a/etc/nginx/mime.types b/etc/nginx/mime.types
deleted file mode 100644
index 89be9a4..0000000
--- a/etc/nginx/mime.types
+++ /dev/null
@@ -1,89 +0,0 @@
-
-types {
- text/html html htm shtml;
- text/css css;
- text/xml xml;
- image/gif gif;
- image/jpeg jpeg jpg;
- application/javascript js;
- application/atom+xml atom;
- application/rss+xml rss;
-
- text/mathml mml;
- text/plain txt;
- text/vnd.sun.j2me.app-descriptor jad;
- text/vnd.wap.wml wml;
- text/x-component htc;
-
- image/png png;
- image/tiff tif tiff;
- image/vnd.wap.wbmp wbmp;
- image/x-icon ico;
- image/x-jng jng;
- image/x-ms-bmp bmp;
- image/svg+xml svg svgz;
- image/webp webp;
-
- application/font-woff woff;
- application/java-archive jar war ear;
- application/json json;
- application/mac-binhex40 hqx;
- application/msword doc;
- application/pdf pdf;
- application/postscript ps eps ai;
- application/rtf rtf;
- application/vnd.apple.mpegurl m3u8;
- application/vnd.ms-excel xls;
- application/vnd.ms-fontobject eot;
- application/vnd.ms-powerpoint ppt;
- application/vnd.wap.wmlc wmlc;
- application/vnd.google-earth.kml+xml kml;
- application/vnd.google-earth.kmz kmz;
- application/x-7z-compressed 7z;
- application/x-cocoa cco;
- application/x-java-archive-diff jardiff;
- application/x-java-jnlp-file jnlp;
- application/x-makeself run;
- application/x-perl pl pm;
- application/x-pilot prc pdb;
- application/x-rar-compressed rar;
- application/x-redhat-package-manager rpm;
- application/x-sea sea;
- application/x-shockwave-flash swf;
- application/x-stuffit sit;
- application/x-tcl tcl tk;
- application/x-x509-ca-cert der pem crt;
- application/x-xpinstall xpi;
- application/xhtml+xml xhtml;
- application/xspf+xml xspf;
- application/zip zip;
-
- application/octet-stream bin exe dll;
- application/octet-stream deb;
- application/octet-stream dmg;
- application/octet-stream iso img;
- application/octet-stream msi msp msm;
-
- application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
- application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
- application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
-
- audio/midi mid midi kar;
- audio/mpeg mp3;
- audio/ogg ogg;
- audio/x-m4a m4a;
- audio/x-realaudio ra;
-
- video/3gpp 3gpp 3gp;
- video/mp2t ts;
- video/mp4 mp4;
- video/mpeg mpeg mpg;
- video/quicktime mov;
- video/webm webm;
- video/x-flv flv;
- video/x-m4v m4v;
- video/x-mng mng;
- video/x-ms-asf asx asf;
- video/x-ms-wmv wmv;
- video/x-msvideo avi;
-}
diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf
deleted file mode 100644
index 1fe517d..0000000
--- a/etc/nginx/nginx.conf
+++ /dev/null
@@ -1,79 +0,0 @@
-user www-data;
-worker_processes 4;
-pid /var/run/nginx.pid;
-
-include /etc/nginx/modules-enabled/*.conf;
-
-events {
- worker_connections 768;
- # multi_accept on;
-}
-
-http {
-
- ##
- # Basic Settings
- ##
-
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- keepalive_timeout 65;
- types_hash_max_size 2048;
- server_tokens off;
-
- # server_names_hash_bucket_size 64;
- # server_name_in_redirect off;
-
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- ##
- # Logging Settings
- ##
-
- log_format main '$remote_addr - $remote_user [$time_local] $host '
- '"$request" $status $body_bytes_sent '
- '"$http_referer" "$http_user_agent"';
-
- access_log /var/log/nginx/access.log main;
- error_log /var/log/nginx/error.log notice;
-
- ##
- # Gzip Settings
- ##
-
- gzip on;
- gzip_disable "msie6";
-
- # gzip_vary on;
- # gzip_proxied any;
- # gzip_comp_level 6;
- # gzip_buffers 16 8k;
- # gzip_http_version 1.1;
- # gzip_types text/plain text/css application/json
application/x-javascript text/xml application/xml application/xml+rss
text/javascript;
-
- # This isn't entirely correct since it does
- # not consider the weighting of languages, but
- # for now it's good enough.
- map $http_accept_language $index_redirect_uri {
- default "en";
- # prefer language that's first in the list
- ~^en "en";
- ~^de "de";
- ~^fr "fr";
- ~^es "it";
- # if none matches, take one later in the list
- ~,en "en";
- ~,de "de";
- ~,fr "fr";
- ~,es "it";
- }
-
- ##
- # Virtual Host Configs
- ##
-
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*.site;
-}
diff --git a/etc/nginx/proxy_params b/etc/nginx/proxy_params
deleted file mode 100644
index df75bc5..0000000
--- a/etc/nginx/proxy_params
+++ /dev/null
@@ -1,4 +0,0 @@
-proxy_set_header Host $http_host;
-proxy_set_header X-Real-IP $remote_addr;
-proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-proxy_set_header X-Forwarded-Proto $scheme;
diff --git a/etc/nginx/scgi_params b/etc/nginx/scgi_params
deleted file mode 100644
index 6d4ce4f..0000000
--- a/etc/nginx/scgi_params
+++ /dev/null
@@ -1,17 +0,0 @@
-
-scgi_param REQUEST_METHOD $request_method;
-scgi_param REQUEST_URI $request_uri;
-scgi_param QUERY_STRING $query_string;
-scgi_param CONTENT_TYPE $content_type;
-
-scgi_param DOCUMENT_URI $document_uri;
-scgi_param DOCUMENT_ROOT $document_root;
-scgi_param SCGI 1;
-scgi_param SERVER_PROTOCOL $server_protocol;
-scgi_param REQUEST_SCHEME $scheme;
-scgi_param HTTPS $https if_not_empty;
-
-scgi_param REMOTE_ADDR $remote_addr;
-scgi_param REMOTE_PORT $remote_port;
-scgi_param SERVER_PORT $server_port;
-scgi_param SERVER_NAME $server_name;
diff --git a/etc/nginx/sites-available/blog-demo.site
b/etc/nginx/sites-available/blog-demo.site
deleted file mode 100644
index a48a036..0000000
--- a/etc/nginx/sites-available/blog-demo.site
+++ /dev/null
@@ -1,43 +0,0 @@
-server {
- listen 80; ## listen for ipv4; this line is default and implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- server_name blog.demo.taler.net;
-
- root /home/demo/merchant/src/frontend_blog;
- index index.html;
-
- # Make site accessible from http://localhost/
-
- location / {
- try_files $uri $uri/ =404;
- rewrite /taler/pay /pay.php;
- rewrite /taler/contract /generate_taler_contract.php;
-
- }
-
- location /fullfillment {
- rewrite /(.*) /$1.php;
-
- }
-
- location /articles {
-
- internal;
- }
-
- location ~ \.php$ {
-
- fastcgi_pass unix:/var/run/php5-fpm.sock;
- fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
- include fastcgi_params;
-
- }
-
- location /backend {
- rewrite /backend/(.*) /$1 break;
- proxy_pass http://127.0.0.1:19966;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-}
diff --git a/etc/nginx/sites-available/default.site
b/etc/nginx/sites-available/default.site
deleted file mode 100644
index 79e41e8..0000000
--- a/etc/nginx/sites-available/default.site
+++ /dev/null
@@ -1,86 +0,0 @@
-##
-# You should look at the following URL's in order to grasp a solid
understanding
-# of Nginx configuration files in order to fully unleash the power of Nginx.
-# http://wiki.nginx.org/Pitfalls
-# http://wiki.nginx.org/QuickStart
-# http://wiki.nginx.org/Configuration
-#
-# Generally, you will want to move this file somewhere, and start with a clean
-# file but keep this around for reference. Or just disable in sites-enabled.
-#
-# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
-##
-
-# Default server configuration
-#
-server {
- listen 80 default_server;
- listen [::]:80 default_server;
-
- # SSL configuration
- #
- # listen 443 ssl default_server;
- # listen [::]:443 ssl default_server;
- #
- # Note: You should disable gzip for SSL traffic.
- # See: https://bugs.debian.org/773332
- #
- # Read up on ssl_ciphers to ensure a secure configuration.
- # See: https://bugs.debian.org/765782
- #
- # Self signed certs generated by the ssl-cert package
- # Don't use them in a production server!
- #
- # include snippets/snakeoil.conf;
-
- root /var/www/html;
-
- # Add index.php to the list if you are using PHP
- index index.html index.htm index.nginx-debian.html;
-
- server_name _;
-
- location / {
- # First attempt to serve request as file, then
- # as directory, then fall back to displaying a 404.
- try_files $uri $uri/ =404;
- }
-
- # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
- #
- #location ~ \.php$ {
- # include snippets/fastcgi-php.conf;
- #
- # # With php5-cgi alone:
- # fastcgi_pass 127.0.0.1:9000;
- # # With php5-fpm:
- # fastcgi_pass unix:/var/run/php5-fpm.sock;
- #}
-
- # deny access to .htaccess files, if Apache's document root
- # concurs with nginx's one
- #
- #location ~ /\.ht {
- # deny all;
- #}
-}
-
-
-# Virtual Host configuration for example.com
-#
-# You can move that to a different file under sites-available/ and symlink that
-# to sites-enabled/ to enable it.
-#
-#server {
-# listen 80;
-# listen [::]:80;
-#
-# server_name example.com;
-#
-# root /var/www/example.com;
-# index index.html;
-#
-# location / {
-# try_files $uri $uri/ =404;
-# }
-#}
diff --git a/etc/nginx/sites-available/drupal-demo-ssl.site
b/etc/nginx/sites-available/drupal-demo-ssl.site
deleted file mode 100644
index 400020e..0000000
--- a/etc/nginx/sites-available/drupal-demo-ssl.site
+++ /dev/null
@@ -1,49 +0,0 @@
-server {
- listen 443 ssl; ## listen for ipv4; this line is default and implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- server_name drupal.demo.taler.net;
-
- root /home/demo/drupal-demo;
-
- ssl_certificate /etc/letsencrypt/live/taler.net/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/taler.net/privkey.pem;
- ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:10m;
- ssl_dhparam /etc/ssl/certs/dhparam.pem;
- ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
- ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
-
- add_header Strict-Transport-Security "max-age=63072000; preload";
-
- # Make site accessible from http://localhost/
-
-# location / {
-# try_files $uri $uri/ =404;
-# rewrite /taler/pay /pay.php;
-# rewrite /taler/contract /generate_taler_contract.php;
-# }
-
-# location /fullfillment {
-# rewrite /(.*) /$1.php;
-# }
-
- location ~ \.php$ {
- fastcgi_index index.php;
- fastcgi_pass unix:/var/run/php5-fpm.sock;
- fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
- include fastcgi_params;
- }
-
-# location /backend {
-# rewrite /backend/(.*) /$1 break;
-# proxy_pass http://127.0.0.1:19966;
-# proxy_redirect off;
-# proxy_set_header Host $host;
-# }
-
- client_max_body_size 10M;
- client_body_buffer_size 128k;
-
- include apps/drupal/drupal.conf;
-}
diff --git a/etc/nginx/sites-available/drupal-demo.site
b/etc/nginx/sites-available/drupal-demo.site
deleted file mode 100644
index d91c3f7..0000000
--- a/etc/nginx/sites-available/drupal-demo.site
+++ /dev/null
@@ -1,40 +0,0 @@
-server {
- listen 80; ## listen for ipv4; this line is default and implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- server_name drupal.demo.taler.net;
-
- root /home/demo/drupal-demo;
-
- # Make site accessible from http://localhost/
-
-# location / {
-# try_files $uri $uri/ =404;
-# rewrite /taler/pay /pay.php;
-# rewrite /taler/contract /generate_taler_contract.php;
-# }
-
-# location /fullfillment {
-# rewrite /(.*) /$1.php;
-# }
-
-
- location ~ \.php$ {
- fastcgi_index index.php;
- fastcgi_pass unix:/var/run/php5-fpm.sock;
- fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
- include fastcgi_params;
- }
-
-# location /backend {
-# rewrite /backend/(.*) /$1 break;
-# proxy_pass http://127.0.0.1:19966;
-# proxy_redirect off;
-# proxy_set_header Host $host;
-# }
-
- client_max_body_size 10M;
- client_body_buffer_size 128k;
-
- include apps/drupal/drupal.conf;
-}
diff --git a/etc/nginx/sites-available/ghm_videos.site
b/etc/nginx/sites-available/ghm_videos.site
deleted file mode 100644
index c438e7f..0000000
--- a/etc/nginx/sites-available/ghm_videos.site
+++ /dev/null
@@ -1,25 +0,0 @@
-server {
- listen 80; ## listen for ipv4; this line is default and implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /var/www/taler.net;
-
- # Make site accessible from http://localhost/
- server_name taler.net;
- server_name www.taler.net;
-
- rewrite ^ https://$server_name$request_uri? permanent;
-
-# location / {
-# autoindex off;
-# ssi on;
-## ssi_last_modified on;
-# rewrite /citizens /citizens.html break;
-# rewrite /developers /developers.html break;
-# rewrite /merchants /merchants.html break;
-# rewrite /governments /governments.html break;
-# rewrite /investors /investors.html break;
-# rewrite /about /about.html break;
-# rewrite /news /news.html break;
-# }
-}
diff --git a/etc/nginx/sites-available/www.git-ssl.site
b/etc/nginx/sites-available/www.git-ssl.site
deleted file mode 100644
index 4ac7cfa..0000000
--- a/etc/nginx/sites-available/www.git-ssl.site
+++ /dev/null
@@ -1,25 +0,0 @@
-server {
- listen 443 ssl;
- listen [::]:443 ssl; ## listen for ipv4; this line is default and
implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- # Make site accessible from http://localhost/
- server_name www.git.taler.net;
-
- include conf.d/talerssl;
-
- location /index.cgi {
- root /usr/share/gitweb/;
-
- include fastcgi_params;
- gzip off;
- fastcgi_param SCRIPT_NAME $uri;
- fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
- fastcgi_pass unix:/var/run/fcgiwrap.socket;
- }
-
- location / {
- root /usr/share/gitweb/;
- index index.cgi;
- }
-}
diff --git a/etc/nginx/sites-available/www.git.site
b/etc/nginx/sites-available/www.git.site
deleted file mode 100644
index 26679be..0000000
--- a/etc/nginx/sites-available/www.git.site
+++ /dev/null
@@ -1,24 +0,0 @@
-server {
- listen 80;
- listen [::]:80; ## listen for ipv4; this line is default and implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- # Make site accessible from http://localhost/
- server_name www.git.taler.net;
-
-
- location /index.cgi {
- root /usr/share/gitweb/;
-
- include fastcgi_params;
- gzip off;
- fastcgi_param SCRIPT_NAME $uri;
- fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
- fastcgi_pass unix:/var/run/fcgiwrap.socket;
- }
-
- location / {
- root /usr/share/gitweb/;
- index index.cgi;
- }
-}
diff --git a/etc/nginx/sites-enabled/api-ssl.site
b/etc/nginx/sites-enabled/api-ssl.site
deleted file mode 100644
index 6f5fd69..0000000
--- a/etc/nginx/sites-enabled/api-ssl.site
+++ /dev/null
@@ -1,9 +0,0 @@
-server {
- listen 443 ssl;
- listen [::]:443 ssl; ## listen for ipv4; this line is default and
implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- server_name api.taler.net
- www.api.taler.net;
- rewrite ^ https://docs.taler.net$request_uri? permanent;
-}
diff --git a/etc/nginx/sites-enabled/api.site b/etc/nginx/sites-enabled/api.site
deleted file mode 100644
index 21e7efe..0000000
--- a/etc/nginx/sites-enabled/api.site
+++ /dev/null
@@ -1,8 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
- server_name api.taler.net
- www.api.taler.net;
-
- rewrite ^ https://docs.taler.net$request_uri? permanent;
-}
diff --git a/etc/nginx/sites-enabled/buildbot-ssl.site
b/etc/nginx/sites-enabled/buildbot-ssl.site
deleted file mode 100644
index ba998bb..0000000
--- a/etc/nginx/sites-enabled/buildbot-ssl.site
+++ /dev/null
@@ -1,23 +0,0 @@
-server {
- listen 443 ssl;
- listen [::]:443 ssl; ## listen for ipv4; this line is default and
implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /var/www/buildbot/;
-
- # Make site accessible from http://localhost/
- server_name buildbot.taler.net;
- server_name www.buildbot.taler.net;
- server_name bb.taler.net;
- include conf.d/talerssl;
-
- location / {
- proxy_pass http://127.0.0.1:8010;
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- }
-
- include conf.d/favicon_robots;
-}
diff --git a/etc/nginx/sites-enabled/buildbot.site
b/etc/nginx/sites-enabled/buildbot.site
deleted file mode 100644
index 77eb805..0000000
--- a/etc/nginx/sites-enabled/buildbot.site
+++ /dev/null
@@ -1,14 +0,0 @@
-server {
- listen 80;
- listen [::]:80; ## listen for ipv4; this line is default and implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /var/www/buildbot/;
-
- # Make site accessible from http://localhost/
- server_name buildbot.taler.net;
- server_name www.buildbot.taler.net;
- server_name bb.taler.net;
-
- rewrite ^ https://$server_name$request_uri? permanent;
-}
diff --git a/etc/nginx/sites-enabled/decentralise-ssl.site
b/etc/nginx/sites-enabled/decentralise-ssl.site
deleted file mode 100644
index 9dd0470..0000000
--- a/etc/nginx/sites-enabled/decentralise-ssl.site
+++ /dev/null
@@ -1,14 +0,0 @@
-server {
- listen 443 ssl;
- listen [::]:443 ssl; ## listen for ipv4; this line is default and
implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /var/www/decentralise;
-
- # Make site accessible from http://localhost/
- server_name www.decentralise.rennes.inria.fr;
- server_name decentralise.rennes.inria.fr;
- include conf.d/talerssl;
-
- rewrite / http://www.inria.fr/en/teams/decentralise redirect;
-}
diff --git a/etc/nginx/sites-enabled/decentralise.site
b/etc/nginx/sites-enabled/decentralise.site
deleted file mode 100644
index b92fb0f..0000000
--- a/etc/nginx/sites-enabled/decentralise.site
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80; ## listen for ipv4; this line is default and implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /var/www/decentralise;
-
- # Make site accessible from http://localhost/
- server_name www.decentralise.rennes.inria.fr;
- server_name decentralise.rennes.inria.fr;
-
- rewrite / http://www.inria.fr/en/teams/decentralise redirect;
-}
diff --git a/etc/nginx/sites-enabled/default.site
b/etc/nginx/sites-enabled/default.site
deleted file mode 100644
index e295383..0000000
--- a/etc/nginx/sites-enabled/default.site
+++ /dev/null
@@ -1,18 +0,0 @@
-# matched when no other server name matches
-server {
- listen 80 default_server;
- listen [::]:80 default_server;
- # server name must simply something invalid ...
- server_name _;
- # drop connection, special nginx status code
- return 444;
-}
-server {
- listen 443 ssl default_server;
- listen [::]:443 ssl default_server;
- include conf.d/talerssl;
- # server name must simply something invalid ...
- server_name _;
- # drop connection, special nginx status code
- return 444;
-}
diff --git a/etc/nginx/sites-enabled/demo.site
b/etc/nginx/sites-enabled/demo.site
deleted file mode 100644
index 288ac65..0000000
--- a/etc/nginx/sites-enabled/demo.site
+++ /dev/null
@@ -1,169 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
- server_name demo.taler.net
- bank.demo.taler.net
- shop.demo.taler.net
- donations.demo.taler.net
- survey.demo.taler.net
- auditor.demo.taler.net
- exchange.demo.taler.net;
-
- # 301-based ridirects allows the user agent to *change* the
- # method used in the second request. This breaks all the API
- # using POST, as some user agents do the second request using
- # GET. 307 is meant to tell the user agent to not change the
- # method in the second request.
- if ($request_method = POST) { return 307 https://$host$request_uri; }
- return 301 https://$host$request_uri;
-
-}
-
-
-server {
- listen 443 ssl;
- listen [::]:443 ssl;
- server_name auditor.demo.taler.net;
- include conf.d/talerssl;
-
- location /service {
- proxy_pass http://unix:/home/demo/sockets/auditor.http:/;
- }
-
- location /reports {
- rewrite "^/reports/(.*)" /$1 break;
- root /home/demo/reports;
- }
-
- location / {
- rewrite ^/$ /en/ redirect;
- rewrite ^/(..)/$ /$1/index.html break;
- recursive_error_pages on;
- root /home/demo/auditor;
- }
- include conf.d/favicon_robots;
-}
-
-
-server {
- listen 443 ssl;
- listen [::]:443 ssl;
- server_name demo.taler.net www.demo.taler.net;
- rewrite /javascript /javascript.html break;
- include conf.d/talerssl;
- location / {
- rewrite ^/$ /en/ redirect;
- rewrite ^/(..)/$ /$1/index.html break;
- root /home/demo/landing/demo;
- }
-
- include conf.d/favicon_robots;
-}
-
-
-server {
- listen 443 ssl;
- listen [::]:443 ssl;
- server_name exchange.demo.taler.net;
- root /dev/null;
- include conf.d/talerssl;
-
- location /admin {
- proxy_pass http://unix:/home/demo/sockets/exchange-admin.http;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-
- location / {
- proxy_pass http://unix:/home/demo/sockets/exchange.http:/;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-}
-
-server {
- listen 443 ssl;
- listen 80;
- listen [::]:443 ssl;
- listen [::]:80;
- server_name backend.demo.taler.net;
- include conf.d/talerssl;
-
- location /public {
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Host "backend.demo.taler.net";
- proxy_set_header X-Forwarded-Proto "https";
- proxy_pass http://unix:/home/demo/sockets/merchant.http:/public;
- }
-
- location / {
- # match the ApiKey part ignoring case, and the actual key
- # with case-sensitivity on.
- if ($http_authorization !~ "(?i)ApiKey (?-i)sandbox") {
- return 401;
- }
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Host "backend.demo.taler.net";
- proxy_set_header X-Forwarded-Proto "https";
- proxy_pass http://unix:/home/demo/sockets/merchant.http:/;
- }
-}
-
-
-server {
- listen 443 ssl;
- listen [::]:443 ssl;
- server_name donations.demo.taler.net;
- include conf.d/talerssl;
-
- location / {
- uwsgi_pass unix:/home/demo/sockets/donations.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
-
- include conf.d/favicon_robots;
-}
-
-
-server {
- listen 443 ssl;
- listen [::]:443 ssl;
- server_name shop.demo.taler.net;
- include conf.d/talerssl;
-
- location / {
- uwsgi_pass unix:/home/demo/sockets/shop.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
-
- include conf.d/favicon_robots;
-}
-
-
-server {
- server_name survey.demo.taler.net;
- listen 443 ssl;
- listen [::]:443 ssl;
- include conf.d/talerssl;
-
- location / {
- uwsgi_pass unix:/home/demo/sockets/survey.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
-}
-
-server {
- listen 443 ssl;
- listen [::]:443 ssl;
- server_name bank.demo.taler.net;
- include conf.d/talerssl;
-
- location / {
- uwsgi_pass unix:/home/demo/sockets/bank.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
-
- include conf.d/favicon_robots;
-}
diff --git a/etc/nginx/sites-enabled/docs-ssl.site
b/etc/nginx/sites-enabled/docs-ssl.site
deleted file mode 100644
index 923d703..0000000
--- a/etc/nginx/sites-enabled/docs-ssl.site
+++ /dev/null
@@ -1,69 +0,0 @@
-server {
- listen 443 ssl;
- listen [::]:443 ssl; ## listen for ipv4; this line is default and
implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- # Temporary, as this doesn't do i18n
- root /home/docbuilder/build/docs-landing/;
-
- # Make site accessible from http://localhost/
- server_name docs.taler.net
- www.docs.taler.net;
-
- include conf.d/talerssl;
-
- location / {
- autoindex off;
- ssi off;
-# ssi_last_modified on;
-
-
- rewrite ^/$ /$index_redirect_uri/ redirect;
- rewrite ^/(..)/$ /$1/index.html break;
- }
-
-
- location /code/exchange {
- alias /home/docbuilder/build/exchange/doxygen;
- }
-
- location /code/merchant {
- alias /home/docbuilder/build/merchant-backend/doxygen;
- }
-
- location /onboarding {
- alias /home/docbuilder/build/onboarding/;
- }
-
- location /bank {
- alias /home/docbuilder/build/bank/manual;
- }
-
- location /backoffice {
- alias /home/docbuilder/build/backoffice/;
- }
-
- location /exchange {
- alias /home/docbuilder/build/exchange/manual;
- }
-
- location /merchant/backend {
- alias /home/docbuilder/build/merchant-backend/manual;
- }
-
- location /merchant/frontend {
- alias /home/docbuilder/build/merchant-frontend/;
- }
-
- location /api {
- autoindex off;
- alias /home/docbuilder/build/api/html;
- }
-
- # Associated to /api route.
- location /_static {
- alias /home/docbuilder/api/html/_static;
- }
-
- include conf.d/favicon_robots;
-}
diff --git a/etc/nginx/sites-enabled/docs.site
b/etc/nginx/sites-enabled/docs.site
deleted file mode 100644
index 8e01608..0000000
--- a/etc/nginx/sites-enabled/docs.site
+++ /dev/null
@@ -1,7 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
- server_name docs.taler.net;
-
- rewrite ^ https://$host$request_uri? permanent;
-}
diff --git a/etc/nginx/sites-enabled/env.site b/etc/nginx/sites-enabled/env.site
deleted file mode 100644
index fbe31aa..0000000
--- a/etc/nginx/sites-enabled/env.site
+++ /dev/null
@@ -1,85 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
- server_name env.taler.net;
- rewrite ^ https://$host$request_uri? permanent;
-}
-
-server {
- listen 443 ssl;
- listen [::]:443 ssl;
- server_name env.taler.net;
- include conf.d/talerssl;
- root /dev/null;
- # rewrite_log on;
-
- # add trailing slashes to apps
- rewrite ^/(?<user>[a-zA-Z0-9-_]+)/(?<app>[a-zA-Z0-9-_]+)$ /$user/$app/
redirect;
- # add trailing slashes to user
- rewrite ^/(?<user>[a-zA-Z0-9-_]+)$ /$user/ redirect;
- rewrite ^/(?<user>[a-zA-Z0-9-_]+)/$ /$user/en/ redirect;
-
- # aliases to get from one page to the other
- rewrite ^/(?<user>[a-zA-Z0-9-_]+)/(?<app>[a-zA-Z0-9-_]+)/landing /$user/
redirect;
- rewrite ^/(?<user>[a-zA-Z0-9-_]+)/(?<app>[a-zA-Z0-9-_]+)/bank /$user/bank
redirect;
- rewrite ^/(?<user>[a-zA-Z0-9-_]+)/(?<app>[a-zA-Z0-9-_]+)/shop /$user/shop
redirect;
- rewrite ^/(?<user>[a-zA-Z0-9-_]+)/(?<app>[a-zA-Z0-9-_]+)/donations
/$user/donations redirect;
- rewrite ^/(?<user>[a-zA-Z0-9-_]+)/(?<app>[a-zA-Z0-9-_]+)/survey
/$user/survey redirect;
-
- location ~ ^/(?<user>[a-zA-Z0-9-_]+)/exchange/(?<req>.*) {
- proxy_pass
http://unix:/home/$user/sockets/exchange.http:/$req$is_args$args;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-
- location ~ ^/(?<user>[a-zA-Z0-9-_]+)/merchant-backend/(?<req>.*) {
- proxy_pass http://unix:/home/$user/sockets/merchant.http:/$req;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-
- location ~ ^/(?<user>[a-zA-Z0-9-_]+)/bank(?<req>/?.*|)$ {
- uwsgi_pass unix:/home/$user/sockets/bank.uwsgi;
- include /etc/nginx/uwsgi_params;
- uwsgi_param SCRIPT_NAME "/$user/bank/";
- uwsgi_param PATH_INFO "$req";
- }
-
- location ~ ^/(?<user>[a-zA-Z0-9-_]+)/shop(?<req>/?.*|)$ {
- uwsgi_pass unix:/home/$user/sockets/shop.uwsgi;
- include /etc/nginx/uwsgi_params;
- uwsgi_param SCRIPT_NAME "/$user/shop/";
- uwsgi_param PATH_INFO "$req";
- }
-
- location ~ ^/(?<user>[a-zA-Z0-9-_]+)/donations(?<req>/.*|)$ {
- uwsgi_pass unix:/home/$user/sockets/donations.uwsgi;
- include /etc/nginx/uwsgi_params;
- uwsgi_param SCRIPT_NAME "/$user/donations/";
- uwsgi_param PATH_INFO "$req";
- }
-
- location ~ ^/(?<user>[a-zA-Z0-9-_]+)(?<req>/.*|)$ {
- # add index.html
- rewrite ^/(.*)/(..)/$ /$1/$2/index.html last;
- # strip /user/
- rewrite ^/([a-zA-Z0-9-_]+)/(.*)$ /$2 break;
- root /home/$user/landing/demo;
- }
-
- location ~ ^/(?<user>[a-zA-Z0-9-_]+)/auditor(?<req>/.*|)$ {
- uwsgi_pass unix:/home/$user/sockets/auditor.uwsgi;
- include /etc/nginx/uwsgi_params;
- uwsgi_param SCRIPT_NAME "/$user/";
- uwsgi_param PATH_INFO "$req";
- }
-
- location ~ ^/(?<user>[a-zA-Z0-9-_]+)/survey(?<req>/.*|)$ {
- uwsgi_pass unix:/home/$user/sockets/survey.uwsgi;
- include /etc/nginx/uwsgi_params;
- uwsgi_param SCRIPT_NAME "/$user/";
- uwsgi_param PATH_INFO "$req";
- }
-
- include conf.d/favicon_robots;
-}
diff --git a/etc/nginx/sites-enabled/gauger-ssl.site
b/etc/nginx/sites-enabled/gauger-ssl.site
deleted file mode 100644
index e889b59..0000000
--- a/etc/nginx/sites-enabled/gauger-ssl.site
+++ /dev/null
@@ -1,18 +0,0 @@
-server {
- listen 443 ssl;
- listen [::]:443 ssl; ## listen for ipv4; this line is default and
implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /var/www/gauger/;
-
- # Make site accessible from http://localhost/
- server_name gauger.taler.net;
- server_name www.gauger.taler.net;
- include conf.d/talerssl;
-
- location / {
- proxy_pass http://localhost:1801;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-}
diff --git a/etc/nginx/sites-enabled/gauger.site
b/etc/nginx/sites-enabled/gauger.site
deleted file mode 100644
index 967f9e9..0000000
--- a/etc/nginx/sites-enabled/gauger.site
+++ /dev/null
@@ -1,17 +0,0 @@
-server {
- listen 80;
- listen [::]:80; ## listen for ipv4; this line is default and implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /var/www/gauger/;
-
- # Make site accessible from http://localhost/
- server_name gauger.taler.net;
- server_name www.gauger.taler.net;
-
- location / {
- proxy_pass http://localhost:1801;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-}
diff --git a/etc/nginx/sites-enabled/git-ssl.site
b/etc/nginx/sites-enabled/git-ssl.site
deleted file mode 100644
index 673ced5..0000000
--- a/etc/nginx/sites-enabled/git-ssl.site
+++ /dev/null
@@ -1,31 +0,0 @@
-server {
- listen 443 ssl;
- listen [::]:443 ssl; ## listen for ipv4; this line is default and
implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /var/git;
- server_name git.taler.net;
- include conf.d/talerssl;
-
- access_log /var/log/nginx/git.taler.net_access.log;
- error_log /var/log/nginx/git.taler.net_error.log notice;
-
- location ~ ^(.*?)\.git/(HEAD|info/refs|objects/.*|git-upload-pack)$ {
- include /etc/nginx/fastcgi_params;
- fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
- fastcgi_param GIT_PROJECT_ROOT /home/git/repositories;
- fastcgi_param PATH_INFO $uri;
- fastcgi_pass unix:/var/run/fcgiwrap.socket;
- }
-
- location /cgit {
- root /var/www;
- }
-
- location / {
- include /etc/nginx/fastcgi_params;
- fastcgi_param SCRIPT_FILENAME /var/www/cgit/cgit.cgi;
- fastcgi_param PATH_INFO $uri;
- fastcgi_pass unix:/var/run/fcgiwrap.socket;
- }
-}
diff --git a/etc/nginx/sites-enabled/git.site b/etc/nginx/sites-enabled/git.site
deleted file mode 100644
index 4c0c9ea..0000000
--- a/etc/nginx/sites-enabled/git.site
+++ /dev/null
@@ -1,10 +0,0 @@
-server {
- listen 80;
- listen [::]:80; ## listen for ipv4; this line is default and implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /var/git;
- server_name git.taler.net;
-
- rewrite ^ https://$server_name$request_uri? permanent;
-}
diff --git a/etc/nginx/sites-enabled/intranet-ssl.site
b/etc/nginx/sites-enabled/intranet-ssl.site
deleted file mode 100644
index 3390403..0000000
--- a/etc/nginx/sites-enabled/intranet-ssl.site
+++ /dev/null
@@ -1,15 +0,0 @@
-server {
- listen 443 ssl;
- listen [::]:443 ssl; ## listen for ipv4; this line is default and
implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /var/git;
- server_name intranet.taler.net;
- include conf.d/talerssl;
- location / {
- proxy_pass http://127.0.0.1:8018;
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header HTTPS on;
- }
-}
diff --git a/etc/nginx/sites-enabled/intranet.site
b/etc/nginx/sites-enabled/intranet.site
deleted file mode 100644
index 66217db..0000000
--- a/etc/nginx/sites-enabled/intranet.site
+++ /dev/null
@@ -1,10 +0,0 @@
-server {
- listen 80;
- listen [::]:80; ## listen for ipv4; this line is default and implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- # Make site accessible from http://localhost/
- server_name intranet.taler.net;
-
- rewrite ^ https://$server_name$request_uri? permanent;
-}
diff --git a/etc/nginx/sites-enabled/lcov-ssl.site
b/etc/nginx/sites-enabled/lcov-ssl.site
deleted file mode 100644
index 0620bfe..0000000
--- a/etc/nginx/sites-enabled/lcov-ssl.site
+++ /dev/null
@@ -1,20 +0,0 @@
-server {
- listen 443 ssl;
- listen [::]:443 ssl; ## listen for ipv4; this line is default and
implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /var/www/lcov.taler.net/;
-
- # Make site accessible from http://localhost/
- server_name lcov.taler.net;
- server_name www.lcov.taler.net;
- include conf.d/talerssl;
-
- location / {
- autoindex on;
- ssi off;
-# ssi_last_modified on;
- }
-
- include conf.d/favicon_robots;
-}
diff --git a/etc/nginx/sites-enabled/lcov.site
b/etc/nginx/sites-enabled/lcov.site
deleted file mode 100644
index 979c387..0000000
--- a/etc/nginx/sites-enabled/lcov.site
+++ /dev/null
@@ -1,19 +0,0 @@
-server {
- listen 80;
- listen [::]:80; ## listen for ipv4; this line is default and implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /var/www/lcov.taler.net/;
-
- # Make site accessible from http://localhost/
- server_name lcov.taler.net;
- server_name www.lcov.taler.net;
-
- location / {
- autoindex on;
- ssi off;
-# ssi_last_modified on;
- }
-
- include conf.d/favicon_robots;
-}
diff --git a/etc/nginx/sites-enabled/sandbox.site
b/etc/nginx/sites-enabled/sandbox.site
deleted file mode 100644
index 9e32b17..0000000
--- a/etc/nginx/sites-enabled/sandbox.site
+++ /dev/null
@@ -1,20 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
- server_name sandbox.taler.net *.sandbox.taler.net;
- rewrite ^ https://$host$request_uri? permanent;
-}
-
-server {
- listen 443 ssl;
- listen [::]:443 ssl;
-
- server_name sandbox.taler.net;
- include conf.d/talerssl;
-
- location / {
- root /home/sandbox/sandbox_landing/;
- autoindex off;
- index index.html;
- }
-}
diff --git a/etc/nginx/sites-enabled/test.site
b/etc/nginx/sites-enabled/test.site
deleted file mode 100644
index 03a9d78..0000000
--- a/etc/nginx/sites-enabled/test.site
+++ /dev/null
@@ -1,391 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
- server_name test.taler.net
- bank.test.taler.net
- shop.test.taler.net
- donations.test.taler.net
- survey.test.taler.net
- auditor.test.taler.net
- exchange.test.taler.net
- backoffice.test.taler.net;
-
- # 301-based ridirects allows the user agent to *change* the
- # method used in the second request. This breaks all the API
- # using POST, as some user agents do the second request using
- # GET. 307 is meant to tell the user agent to not change the
- # method in the second request.
- if ($request_method = POST) { return 307 https://$host$request_uri; }
- return 301 https://$host$request_uri;
-}
-
-server {
- server_name test.taler.net www.test.taler.net;
- listen 443 ssl;
- listen [::]:443 ssl;
- rewrite /javascript /javascript.html break;
- include conf.d/talerssl;
- location @green {
- add_header X-Taler-Deployment-Color green;
- root /home/test-green/landing/demo;
- }
- location @blue {
- add_header X-Taler-Deployment-Color blue;
- root /home/test-blue/landing/demo;
- }
- location / {
- # Redirection technique explainted at
- # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
- error_page 418 = @blue;
- error_page 419 = @green;
- rewrite ^/$ /en/ redirect;
- rewrite ^/(..)/$ /$1/index.html break;
- recursive_error_pages on;
- if ($http_x_taler_deployment_color ~ "blue") { return 418; }
- if ($http_x_taler_deployment_color ~ "green") { return 419; }
- root /home/test/landing/demo;
- }
- include conf.d/favicon_robots;
-}
-
-
-server {
- server_name auditor.test.taler.net;
- listen 443 ssl;
- listen [::]:443 ssl;
- root /dev/null;
- include conf.d/talerssl;
- location @green {
- add_header X-Taler-Deployment-Color green;
- root /home/test-green/auditor;
- proxy_pass http://unix:/home/test-green/sockets/auditor.http;
- }
- location @blue {
- add_header X-Taler-Deployment-Color blue;
- root /home/test-blue/auditor;
- proxy_pass http://unix:/home/test-blue/sockets/auditor.http;
- }
- location /service {
- rewrite "^/service/(.*)" /$1 break;
- proxy_pass http://unix:/home/test/sockets/auditor.http:/;
- }
-
- location /reports {
- autoindex on;
- root /home/auditor-slave/;
- }
-
- location / {
- # Redirection technique explainted at
- # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
- error_page 418 = @blue;
- error_page 419 = @green;
- rewrite ^/$ /en/ redirect;
- rewrite ^/(..)/$ /$1/index.html break;
- recursive_error_pages on;
- if ($http_x_taler_deployment_color ~ "blue") { return 418; }
- if ($http_x_taler_deployment_color ~ "green") { return 419; }
- root /home/test/auditor;
- }
- include conf.d/favicon_robots;
-}
-
-
-server {
- server_name exchange.test.taler.net;
- listen 443 ssl;
- listen [::]:443 ssl;
- root /dev/null;
- include conf.d/talerssl;
- location @blue-admin {
- add_header X-Taler-Deployment-Color blue;
- proxy_pass http://unix:/home/test-blue/sockets/exchange-admin.http;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
- location @green-admin {
- add_header X-Taler-Deployment-Color green;
- proxy_pass http://unix:/home/test-green/sockets/exchange-admin.http;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-
- location @blue {
- add_header X-Taler-Deployment-Color blue;
- proxy_pass http://unix:/home/test-blue/sockets/exchange.http;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-
- location @green {
- add_header X-Taler-Deployment-Color green;
- proxy_pass http://unix:/home/test-green/sockets/exchange.http;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-
- location /admin {
- error_page 418 = @blue-admin;
- error_page 419 = @green-admin;
- recursive_error_pages on;
- if ($http_x_taler_deployment_color ~ "blue") { return 418; }
- if ($http_x_taler_deployment_color ~ "green") { return 419; }
- proxy_pass http://unix:/home/test/sockets/exchange-admin.http;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-
- location / {
- error_page 418 = @blue;
- error_page 419 = @green;
- recursive_error_pages on;
- if ($http_x_taler_deployment_color ~ "blue") { return 418; }
- if ($http_x_taler_deployment_color ~ "green") { return 419; }
- proxy_pass http://unix:/home/test/sockets/exchange.http:/;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-}
-
-
-server {
- server_name shop.test.taler.net;
- listen 443 ssl;
- listen [::]:443 ssl;
- root /dev/null;
- include conf.d/talerssl;
-
- location @blue {
- add_header X-Taler-Deployment-Color blue;
- uwsgi_pass unix:/home/test-blue/sockets/shop.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
- location @green {
- add_header X-Taler-Deployment-Color green;
- uwsgi_pass unix:/home/test-green/sockets/shop.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
-
- location / {
- # Redirection technique explainted at
- # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
- error_page 418 = @blue;
- error_page 419 = @green;
- recursive_error_pages on;
- if ($http_x_taler_deployment_color ~ "blue") { return 418; }
- if ($http_x_taler_deployment_color ~ "green") { return 419; }
- uwsgi_pass unix:/home/test/sockets/shop.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
-
- include conf.d/favicon_robots;
-}
-
-
-server {
- server_name playground.test.taler.net;
- listen 443 ssl;
- listen [::]:443 ssl;
- root /dev/null;
- include conf.d/talerssl;
-
- location @blue {
- add_header X-Taler-Deployment-Color blue;
- uwsgi_pass unix:/home/test-blue/sockets/playground.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
- location @green {
- add_header X-Taler-Deployment-Color green;
- uwsgi_pass unix:/home/test-green/sockets/playground.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
-
- location / {
- # Redirection technique explainted at
- # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
- error_page 418 = @blue;
- error_page 419 = @green;
- recursive_error_pages on;
- if ($http_x_taler_deployment_color ~ "blue") { return 418; }
- if ($http_x_taler_deployment_color ~ "green") { return 419; }
- uwsgi_pass unix:/home/test/sockets/playground.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
-
- include conf.d/favicon_robots;
-}
-
-
-server {
- server_name backend.test.taler.net;
- listen 443 ssl;
- listen 80;
- listen [::]:443 ssl;
- listen [::]:80;
- include conf.d/talerssl;
-
- location @blue {
- add_header X-Taler-Deployment-Color blue;
- proxy_pass http://unix:/home/test-blue/sockets/merchant.http;
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Host "backend.test.taler.net";
- proxy_set_header X-Forwarded-Proto "https";
- }
- location @green {
- add_header X-Taler-Deployment-Color green;
- proxy_pass http://unix:/home/test-green/sockets/merchant.http;
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Host "backend.test.taler.net";
- proxy_set_header X-Forwarded-Proto "https";
- }
-
- location /public {
- # Redirection technique explainted at
- # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
- error_page 418 = @blue;
- error_page 419 = @green;
- recursive_error_pages on;
-
- if ($http_x_taler_deployment_color ~ "blue") { return 418; }
- if ($http_x_taler_deployment_color ~ "green") { return 419; }
- proxy_set_header X-Forwarded-Host "backend.test.taler.net";
- proxy_set_header X-Forwarded-Proto "https";
- proxy_pass http://unix:/home/test/sockets/merchant.http:/public;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-
- location / {
- # Redirection technique explainted at
- # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
- error_page 418 = @blue;
- error_page 419 = @green;
- recursive_error_pages on;
-
- # match the ApiKey part ignoring case, and the actual key
- # with case-sensitivity on.
- if ($http_authorization !~ "(?i)ApiKey (?-i)sandbox") {
- return 401;
- }
-
- if ($http_x_taler_deployment_color ~ "blue") { return 418; }
- if ($http_x_taler_deployment_color ~ "green") { return 419; }
- proxy_set_header X-Forwarded-Host "backend.test.taler.net";
- proxy_set_header X-Forwarded-Proto "https";
- proxy_pass http://unix:/home/test/sockets/merchant.http:/;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-}
-
-
-server {
- server_name survey.test.taler.net;
- listen 443 ssl;
- listen [::]:443 ssl;
- include conf.d/talerssl;
-
- location / {
- uwsgi_pass unix:/home/test/sockets/survey.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
-}
-
-server {
- server_name donations.test.taler.net;
- listen 443 ssl;
- listen [::]:443 ssl;
- include conf.d/talerssl;
-
- location @blue {
- add_header X-Taler-Deployment-Color blue;
- uwsgi_pass unix:/home/test-blue/sockets/donations.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
- location @green {
- add_header X-Taler-Deployment-Color green;
- uwsgi_pass unix:/home/test-green/sockets/donations.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
-
- location / {
- # Redirection technique explainted at
- # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
- error_page 418 = @blue;
- error_page 419 = @green;
- recursive_error_pages on;
- if ($http_x_taler_deployment_color ~ "blue") { return 418; }
- if ($http_x_taler_deployment_color ~ "green") { return 419; }
- uwsgi_pass unix:/home/test/sockets/donations.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
-
- include conf.d/favicon_robots;
-}
-
-
-server {
- server_name bank.test.taler.net;
- listen 443 ssl;
- listen [::]:443 ssl;
- include conf.d/talerssl;
-
- location @blue {
- add_header X-Taler-Deployment-Color blue;
- uwsgi_pass unix:/home/test-blue/sockets/bank.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
- location @green {
- add_header X-Taler-Deployment-Color green;
- uwsgi_pass unix:/home/test-green/sockets/bank.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
-
- location / {
- # Redirection technique explainted at
- # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
- error_page 418 = @blue;
- error_page 419 = @green;
- recursive_error_pages on;
- if ($http_x_taler_deployment_color ~ "blue") { return 418; }
- if ($http_x_taler_deployment_color ~ "green") { return 419; }
- uwsgi_pass unix:/home/test/sockets/bank.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
-
- include conf.d/favicon_robots;
-}
-
-server {
- server_name backoffice.test.taler.net;
- listen 443 ssl;
- listen [::]:443 ssl;
- include conf.d/talerssl;
-
- location @blue {
- add_header X-Taler-Deployment-Color blue;
- uwsgi_pass unix:/home/test-blue/sockets/backoffice.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
- location @green {
- add_header X-Taler-Deployment-Color green;
- uwsgi_pass unix:/home/test-green/sockets/backoffice.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
-
- location / {
- # Redirection technique explainted at
- # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
- error_page 418 = @blue;
- error_page 419 = @green;
- recursive_error_pages on;
- if ($http_x_taler_deployment_color ~ "blue") { return 418; }
- if ($http_x_taler_deployment_color ~ "green") { return 419; }
- uwsgi_pass unix:/home/test/sockets/backoffice.uwsgi;
- include /etc/nginx/uwsgi_params;
- }
-
- include conf.d/favicon_robots;
-}
diff --git a/etc/nginx/sites-enabled/trollslayer.site
b/etc/nginx/sites-enabled/trollslayer.site
deleted file mode 100644
index 1767fe6..0000000
--- a/etc/nginx/sites-enabled/trollslayer.site
+++ /dev/null
@@ -1,16 +0,0 @@
-server {
- listen 80;
- listen [::]:80; ## listen for ipv4; this line is default and implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /var/www/trollslayer/;
-
- # Make site accessible from http://localhost/
- server_name trollslayer.decentralise.rennes.inria.fr;
-
- location / {
- proxy_pass http://gnunet.org:20070/shell/;
- proxy_redirect off;
- proxy_set_header Host $host;
- }
-}
diff --git a/etc/nginx/sites-enabled/www-ssl.site
b/etc/nginx/sites-enabled/www-ssl.site
deleted file mode 100644
index d7776b3..0000000
--- a/etc/nginx/sites-enabled/www-ssl.site
+++ /dev/null
@@ -1,59 +0,0 @@
-server {
- listen 443 ssl;
- listen [::]:443 ssl; ## listen for ipv4; this line is default and
implied
- #listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
-
- # Make site accessible from http://localhost/
- server_name taler.net;
- server_name www.taler.net;
- include conf.d/talerssl;
-
- location / {
- root /home/docbuilder/www.taler.net;
- autoindex off;
- ssi on;
- #ssi_last_modified on;
-
- rewrite ^/$ /$index_redirect_uri/ redirect;
-
- rewrite ^/(..)/$ /$1/index.html break;
-
- rewrite ^/(help/empty-wallet)$ /$1.html break;
- rewrite ^/wallet-installation\.html$ /en/wallet.html redirect;
- # just to get around cached old redirect
- rewrite ^/wallet\.en\.html$ /en/wallet.html redirect;
- rewrite ^/wallet$ /en/wallet.html redirect;
- rewrite ^/press$ /en/press.html redirect;
- }
-
- gzip on;
- gzip_disable "msie6";
- gzip_vary on;
- gzip_proxied any;
- gzip_comp_level 6;
- gzip_buffers 16 8k;
- gzip_http_version 1.1;
- gzip_types text/plain text/css application/json
application/x-javascript text/xml application/xml application/xml+rss
text/javascript application/javascript;
-
-
- # Note: this will go to /var/www/(videos|releases), which we took out
of Git
- location /videos {
- root /var/www;
- expires max;
- }
-
- location ~* /videos/.*\.(png|jpg|ogv|webm|gif|svg)$ {
- root /var/www;
- expires max;
- }
-
- location /releases {
- root /var/www;
- autoindex on;
- }
-
- location /files {
- root /var/www;
- }
-}
diff --git a/etc/nginx/sites-enabled/www-stage.site
b/etc/nginx/sites-enabled/www-stage.site
deleted file mode 100644
index e8a988b..0000000
--- a/etc/nginx/sites-enabled/www-stage.site
+++ /dev/null
@@ -1,78 +0,0 @@
-server {
- listen 80;
- listen [::]:80; ## listen for ipv4; this line is default and implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /home/docbuilder/stage.taler.net;
-
- # Make site accessible from http://localhost/
- server_name stage.taler.net;
-
- rewrite ^ https://$server_name$request_uri? permanent;
-}
-
-server {
- listen 443 ssl;
- listen [::]:443 ssl; ## listen for ipv4; this line is default and
implied
- #listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
-
- # Make site accessible from http://localhost/
- server_name stage.taler.net;
- include conf.d/talerssl;
-
- location / {
- root /home/docbuilder/stage.taler.net;
- autoindex off;
-
- rewrite ^/$ /$index_redirect_uri/ redirect;
-
- rewrite ^/(..)/$ /$1/index.html break;
-
- rewrite ^/(help/empty-wallet)$ /$1.html break;
- rewrite ^/wallet-installation\.html$ /en/wallet.html redirect;
- # just to get around cached old redirect
- rewrite ^/wallet\.en\.html$ /en/wallet.html redirect;
- rewrite ^/wallet$ /en/wallet.html redirect;
- rewrite ^/press$ /en/press.html redirect;
-
- }
-
- gzip on;
- gzip_disable "msie6";
- gzip_vary on;
- gzip_proxied any;
- gzip_comp_level 6;
- gzip_buffers 16 8k;
- gzip_http_version 1.1;
- gzip_types text/plain text/css application/json
application/x-javascript text/xml application/xml application/xml+rss
text/javascript application/javascript;
-
-
- # Note: this will go to /var/www/(videos|releases), which we took out
of Git
- location /videos {
- root /var/www;
- expires max;
- }
-
- location ~* /videos/.*\.(png|jpg|ogv|webm|gif|svg)$ {
- root /var/www;
- expires max;
- }
-
- # FIXME: this location newest files are from Oct'16
- location /releases {
- root /var/www;
- autoindex on;
- }
-
- location /files {
- root /var/www;
- }
-
- location ~* \.(png|jpg|jpeg|gif|ico|svg|js|css)$ {
- root /home/docbuilder/stage.taler.net;
- expires 1y;
- }
-
-
-}
diff --git a/etc/nginx/sites-enabled/www.git-ssl.site
b/etc/nginx/sites-enabled/www.git-ssl.site
deleted file mode 100644
index 5ba4831..0000000
--- a/etc/nginx/sites-enabled/www.git-ssl.site
+++ /dev/null
@@ -1,11 +0,0 @@
-server {
- listen 443 ssl;
- listen [::]:443 ssl; ## listen for ipv4; this line is default and
implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /var/git;
- server_name www.git.taler.net;
- include conf.d/talerssl;
-
- rewrite ^ https://git.taler.net/ permanent;
-}
diff --git a/etc/nginx/sites-enabled/www.git.site
b/etc/nginx/sites-enabled/www.git.site
deleted file mode 100644
index 645923f..0000000
--- a/etc/nginx/sites-enabled/www.git.site
+++ /dev/null
@@ -1,10 +0,0 @@
-server {
- listen 80;
- listen [::]:80; ## listen for ipv4; this line is default and implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /var/git;
- server_name www.git.taler.net;
-
- rewrite ^ https://git.taler.net/ permanent;
-}
diff --git a/etc/nginx/sites-enabled/www.site b/etc/nginx/sites-enabled/www.site
deleted file mode 100644
index ae178e5..0000000
--- a/etc/nginx/sites-enabled/www.site
+++ /dev/null
@@ -1,13 +0,0 @@
-server {
- listen 80;
- listen [::]:80; ## listen for ipv4; this line is default and implied
- # listen [::]:80 default_server ipv6only=on; ## listen for ipv6
-
- root /home/docbuilder/www.taler.net;
-
- # Make site accessible from http://localhost/
- server_name taler.net;
- server_name www.taler.net;
-
- rewrite ^ https://$server_name$request_uri? permanent;
-}
diff --git a/etc/nginx/uwsgi_params b/etc/nginx/uwsgi_params
deleted file mode 100644
index 3c01f66..0000000
--- a/etc/nginx/uwsgi_params
+++ /dev/null
@@ -1,25 +0,0 @@
-
-uwsgi_param QUERY_STRING $query_string;
-uwsgi_param REQUEST_METHOD $request_method;
-uwsgi_param CONTENT_TYPE $content_type;
-uwsgi_param CONTENT_LENGTH $content_length;
-
-uwsgi_param REQUEST_URI $request_uri;
-uwsgi_param PATH_INFO $document_uri;
-uwsgi_param DOCUMENT_ROOT $document_root;
-uwsgi_param SERVER_PROTOCOL $server_protocol;
-uwsgi_param REQUEST_SCHEME $scheme;
-uwsgi_param HTTPS $https if_not_empty;
-
-uwsgi_param REMOTE_ADDR $remote_addr;
-uwsgi_param REMOTE_PORT $remote_port;
-uwsgi_param SERVER_PORT $server_port;
-uwsgi_param SERVER_NAME $server_name;
-
-# fake HTTP Referer:-header. This is allowed since
-# all Taler sites run under HTTPS, and so that extra
-# check on the Referer:-header required by Django is
-# overkill. Link below has full story.
-#
https://security.stackexchange.com/questions/96114/why-is-referer-checking-needed-for-django-to-prevent-csrf
-
-uwsgi_param HTTP_REFERER $scheme://$host;
diff --git a/etc/nginx/win-utf b/etc/nginx/win-utf
deleted file mode 100644
index 774fd9f..0000000
--- a/etc/nginx/win-utf
+++ /dev/null
@@ -1,125 +0,0 @@
-# This map is not a full windows-1251 <> utf8 map: it does not
-# contain Serbian and Macedonian letters. If you need a full map,
-# use contrib/unicode2nginx/win-utf map instead.
-
-charset_map windows-1251 utf-8 {
-
- 82 E2809A; # single low-9 quotation mark
-
- 84 E2809E; # double low-9 quotation mark
- 85 E280A6; # ellipsis
- 86 E280A0; # dagger
- 87 E280A1; # double dagger
- 88 E282AC; # euro
- 89 E280B0; # per mille
-
- 91 E28098; # left single quotation mark
- 92 E28099; # right single quotation mark
- 93 E2809C; # left double quotation mark
- 94 E2809D; # right double quotation mark
- 95 E280A2; # bullet
- 96 E28093; # en dash
- 97 E28094; # em dash
-
- 99 E284A2; # trade mark sign
-
- A0 C2A0; #
- A1 D18E; # capital Byelorussian short U
- A2 D19E; # small Byelorussian short u
-
- A4 C2A4; # currency sign
- A5 D290; # capital Ukrainian soft G
- A6 C2A6; # borken bar
- A7 C2A7; # section sign
- A8 D081; # capital YO
- A9 C2A9; # (C)
- AA D084; # capital Ukrainian YE
- AB C2AB; # left-pointing double angle quotation mark
- AC C2AC; # not sign
- AD C2AD; # soft hypen
- AE C2AE; # (R)
- AF D087; # capital Ukrainian YI
-
- B0 C2B0; # °
- B1 C2B1; # plus-minus sign
- B2 D086; # capital Ukrainian I
- B3 D196; # small Ukrainian i
- B4 D291; # small Ukrainian soft g
- B5 C2B5; # micro sign
- B6 C2B6; # pilcrow sign
- B7 C2B7; # ·
- B8 D191; # small yo
- B9 E28496; # numero sign
- BA D194; # small Ukrainian ye
- BB C2BB; # right-pointing double angle quotation mark
-
- BF D197; # small Ukrainian yi
-
- C0 D090; # capital A
- C1 D091; # capital B
- C2 D092; # capital V
- C3 D093; # capital G
- C4 D094; # capital D
- C5 D095; # capital YE
- C6 D096; # capital ZH
- C7 D097; # capital Z
- C8 D098; # capital I
- C9 D099; # capital J
- CA D09A; # capital K
- CB D09B; # capital L
- CC D09C; # capital M
- CD D09D; # capital N
- CE D09E; # capital O
- CF D09F; # capital P
-
- D0 D0A0; # capital R
- D1 D0A1; # capital S
- D2 D0A2; # capital T
- D3 D0A3; # capital U
- D4 D0A4; # capital F
- D5 D0A5; # capital KH
- D6 D0A6; # capital TS
- D7 D0A7; # capital CH
- D8 D0A8; # capital SH
- D9 D0A9; # capital SHCH
- DA D0AA; # capital hard sign
- DB D0AB; # capital Y
- DC D0AC; # capital soft sign
- DD D0AD; # capital E
- DE D0AE; # capital YU
- DF D0AF; # capital YA
-
- E0 D0B0; # small a
- E1 D0B1; # small b
- E2 D0B2; # small v
- E3 D0B3; # small g
- E4 D0B4; # small d
- E5 D0B5; # small ye
- E6 D0B6; # small zh
- E7 D0B7; # small z
- E8 D0B8; # small i
- E9 D0B9; # small j
- EA D0BA; # small k
- EB D0BB; # small l
- EC D0BC; # small m
- ED D0BD; # small n
- EE D0BE; # small o
- EF D0BF; # small p
-
- F0 D180; # small r
- F1 D181; # small s
- F2 D182; # small t
- F3 D183; # small u
- F4 D184; # small f
- F5 D185; # small kh
- F6 D186; # small ts
- F7 D187; # small ch
- F8 D188; # small sh
- F9 D189; # small shch
- FA D18A; # small hard sign
- FB D18B; # small y
- FC D18C; # small soft sign
- FD D18D; # small e
- FE D18E; # small yu
- FF D18F; # small ya
-}
diff --git a/etc/sudoers.d/README b/etc/sudoers.d/README
deleted file mode 100644
index a221c34..0000000
--- a/etc/sudoers.d/README
+++ /dev/null
@@ -1,3 +0,0 @@
-This directory contains sudoers file used on Tripwrire in
-order to give the buildbot switcher script the rights to
-"sudo" as test-blue and test-green.
diff --git a/etc/sudoers.d/auditor_slave b/etc/sudoers.d/auditor_slave
deleted file mode 100644
index e15223f..0000000
--- a/etc/sudoers.d/auditor_slave
+++ /dev/null
@@ -1,3 +0,0 @@
-# From /etc/sudoers.d/ @taler.net
-
-auditor-slave ALL=(test-blue, test-green, test) NOPASSWD:ALL
diff --git a/etc/sudoers.d/test_switcher b/etc/sudoers.d/test_switcher
deleted file mode 100644
index 922d51c..0000000
--- a/etc/sudoers.d/test_switcher
+++ /dev/null
@@ -1,3 +0,0 @@
-# From /etc/sudoers.d/ @taler.net
-
-testswitcher ALL=(test-blue, test-green, test) NOPASSWD:ALL
--
To stop receiving notification emails like this one, please contact
address@hidden.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [taler-deployment] branch master updated: We have /etc in a separate repo for the server now.,
gnunet <=