From 3b4cd4b9a454a7dd7a4afd7e6d46572d4059f300 Mon Sep 17 00:00:00 2001 From: viveksantayana Date: Mon, 6 Dec 2021 13:29:20 +0000 Subject: [PATCH] Nginx Server --- certbot/.gitignore | 2 + nginx/certbot-challenge.conf | 6 ++ nginx/conf.d/common-location.conf | 6 ++ nginx/conf.d/default.conf | 33 +++++++++++ nginx/fastcgi.conf | 26 ++++++++ nginx/fastcgi_params | 25 ++++++++ nginx/mime.types | 98 +++++++++++++++++++++++++++++++ nginx/nginx.conf | 33 +++++++++++ nginx/scgi_params | 17 ++++++ nginx/uwsgi_params | 17 ++++++ src/html/robots.txt | 2 + 11 files changed, 265 insertions(+) create mode 100644 certbot/.gitignore create mode 100644 nginx/certbot-challenge.conf create mode 100644 nginx/conf.d/common-location.conf create mode 100644 nginx/conf.d/default.conf create mode 100644 nginx/fastcgi.conf create mode 100644 nginx/fastcgi_params create mode 100644 nginx/mime.types create mode 100644 nginx/nginx.conf create mode 100644 nginx/scgi_params create mode 100644 nginx/uwsgi_params diff --git a/certbot/.gitignore b/certbot/.gitignore new file mode 100644 index 0000000..c96a04f --- /dev/null +++ b/certbot/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore \ No newline at end of file diff --git a/nginx/certbot-challenge.conf b/nginx/certbot-challenge.conf new file mode 100644 index 0000000..80f60d6 --- /dev/null +++ b/nginx/certbot-challenge.conf @@ -0,0 +1,6 @@ +# Certbot Renewal +location ^~ /.well-known/acme-challenge/ { + root /usr/share/nginx/html; + allow all; + default_type "text/plain"; +} \ No newline at end of file diff --git a/nginx/conf.d/common-location.conf b/nginx/conf.d/common-location.conf new file mode 100644 index 0000000..a2f48d3 --- /dev/null +++ b/nginx/conf.d/common-location.conf @@ -0,0 +1,6 @@ +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header Host $host; +proxy_set_header X-Forwarded-Host $host; +proxy_set_header X-Forwarded-Port $server_port; \ No newline at end of file diff --git a/nginx/conf.d/default.conf b/nginx/conf.d/default.conf new file mode 100644 index 0000000..447440c --- /dev/null +++ b/nginx/conf.d/default.conf @@ -0,0 +1,33 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + + # listen 443 ssl http2 default_server; + # listen [::]:443 ssl http2 default_server; + + access_log /var/log/nginx/host.access.log main; + + #SSL configuration + # include /etc/nginx/ssl.conf; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + # Default catch all to 404 + # Added from Serverfault support https://serverfault.com/questions/994141/nginx-redirecting-the-wrong-subdomains + server_name _; + server_name_in_redirect off; + location / { + return 404; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + +} \ No newline at end of file diff --git a/nginx/fastcgi.conf b/nginx/fastcgi.conf new file mode 100644 index 0000000..091738c --- /dev/null +++ b/nginx/fastcgi.conf @@ -0,0 +1,26 @@ + +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/nginx/fastcgi_params b/nginx/fastcgi_params new file mode 100644 index 0000000..28decb9 --- /dev/null +++ b/nginx/fastcgi_params @@ -0,0 +1,25 @@ + +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/nginx/mime.types b/nginx/mime.types new file mode 100644 index 0000000..b53f7f7 --- /dev/null +++ b/nginx/mime.types @@ -0,0 +1,98 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/wasm wasm; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 0000000..19809fa --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,33 @@ + +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + server_tokens off; + #gzip on; + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/conf.d/sites-enabled/*.conf; +} diff --git a/nginx/scgi_params b/nginx/scgi_params new file mode 100644 index 0000000..6d4ce4f --- /dev/null +++ b/nginx/scgi_params @@ -0,0 +1,17 @@ + +scgi_param REQUEST_METHOD $request_method; +scgi_param REQUEST_URI $request_uri; +scgi_param QUERY_STRING $query_string; +scgi_param CONTENT_TYPE $content_type; + +scgi_param DOCUMENT_URI $document_uri; +scgi_param DOCUMENT_ROOT $document_root; +scgi_param SCGI 1; +scgi_param SERVER_PROTOCOL $server_protocol; +scgi_param REQUEST_SCHEME $scheme; +scgi_param HTTPS $https if_not_empty; + +scgi_param REMOTE_ADDR $remote_addr; +scgi_param REMOTE_PORT $remote_port; +scgi_param SERVER_PORT $server_port; +scgi_param SERVER_NAME $server_name; diff --git a/nginx/uwsgi_params b/nginx/uwsgi_params new file mode 100644 index 0000000..09c732c --- /dev/null +++ b/nginx/uwsgi_params @@ -0,0 +1,17 @@ + +uwsgi_param QUERY_STRING $query_string; +uwsgi_param REQUEST_METHOD $request_method; +uwsgi_param CONTENT_TYPE $content_type; +uwsgi_param CONTENT_LENGTH $content_length; + +uwsgi_param REQUEST_URI $request_uri; +uwsgi_param PATH_INFO $document_uri; +uwsgi_param DOCUMENT_ROOT $document_root; +uwsgi_param SERVER_PROTOCOL $server_protocol; +uwsgi_param REQUEST_SCHEME $scheme; +uwsgi_param HTTPS $https if_not_empty; + +uwsgi_param REMOTE_ADDR $remote_addr; +uwsgi_param REMOTE_PORT $remote_port; +uwsgi_param SERVER_PORT $server_port; +uwsgi_param SERVER_NAME $server_name; diff --git a/src/html/robots.txt b/src/html/robots.txt index e69de29..14267e9 100644 --- a/src/html/robots.txt +++ b/src/html/robots.txt @@ -0,0 +1,2 @@ +User-agent: * +Allow: / \ No newline at end of file