From b794f84da1aaf446a3965f9b9363f997b3183872 Mon Sep 17 00:00:00 2001 From: "Suren A. Chilingaryan" Date: Sun, 6 Oct 2019 05:53:11 +0200 Subject: Initial configuration --- conf.d/00_network.conf | 1 + conf.d/01_ipranges.conf | 5 +++++ conf.d/02_ssl.conf | 8 ++++++++ conf.d/03_config.conf | 1 + conf.d/fossils.conf | 6 ++++++ conf.d/git.conf | 13 +++++++++++++ conf.d/ipepdv.conf | 6 ++++++ conf.d/katrin.conf | 10 ++++++++++ conf.d/ufo.conf | 10 ++++++++++ 9 files changed, 60 insertions(+) create mode 100644 conf.d/00_network.conf create mode 100644 conf.d/01_ipranges.conf create mode 100644 conf.d/02_ssl.conf create mode 100644 conf.d/03_config.conf create mode 100644 conf.d/fossils.conf create mode 100644 conf.d/git.conf create mode 100644 conf.d/ipepdv.conf create mode 100644 conf.d/katrin.conf create mode 100644 conf.d/ufo.conf (limited to 'conf.d') diff --git a/conf.d/00_network.conf b/conf.d/00_network.conf new file mode 100644 index 0000000..0fd88b0 --- /dev/null +++ b/conf.d/00_network.conf @@ -0,0 +1 @@ +resolver 141.52.3.3 141.52.8.18; diff --git a/conf.d/01_ipranges.conf b/conf.d/01_ipranges.conf new file mode 100644 index 0000000..5bf8ba9 --- /dev/null +++ b/conf.d/01_ipranges.conf @@ -0,0 +1,5 @@ +geo $kit_client { + default 0; + 141.52.64.0/23 1; + 192.168.26.0/24 1; +} diff --git a/conf.d/02_ssl.conf b/conf.d/02_ssl.conf new file mode 100644 index 0000000..3b00354 --- /dev/null +++ b/conf.d/02_ssl.conf @@ -0,0 +1,8 @@ +ssl_certificate /etc/nginx/certs/localhost.crt; +ssl_certificate_key /etc/nginx/certs/localhost.key; +ssl_session_timeout 5m; +ssl_prefer_server_ciphers on; +ssl_protocols TLSv1 TLSv1.1 TLSv1.2; +ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; + +proxy_ssl_server_name on; diff --git a/conf.d/03_config.conf b/conf.d/03_config.conf new file mode 100644 index 0000000..2de9b28 --- /dev/null +++ b/conf.d/03_config.conf @@ -0,0 +1 @@ +sub_filter_once off; diff --git a/conf.d/fossils.conf b/conf.d/fossils.conf new file mode 100644 index 0000000..a1f47bc --- /dev/null +++ b/conf.d/fossils.conf @@ -0,0 +1,6 @@ +server { + listen 80; + server_name www.fossils.kit.edu; + + return 301 http://fossils.kaas.kit.edu$request_uri; +} diff --git a/conf.d/git.conf b/conf.d/git.conf new file mode 100644 index 0000000..24fbde0 --- /dev/null +++ b/conf.d/git.conf @@ -0,0 +1,13 @@ +server { + listen 80; + listen 141.52.64.105:443 ssl; + server_name git.ipe.kit.edu; + + location / { + proxy_pass https://gogs.kaas.kit.edu; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + +} diff --git a/conf.d/ipepdv.conf b/conf.d/ipepdv.conf new file mode 100644 index 0000000..3654561 --- /dev/null +++ b/conf.d/ipepdv.conf @@ -0,0 +1,6 @@ +server { + listen 80; + server_name ipepdv.ipe.kit.edu; + + include /etc/nginx/pdv.d/*.conf; +} diff --git a/conf.d/katrin.conf b/conf.d/katrin.conf new file mode 100644 index 0000000..420f457 --- /dev/null +++ b/conf.d/katrin.conf @@ -0,0 +1,10 @@ +server { + listen 80; + listen 141.52.64.14:443 ssl; + server_name katrin.kit.edu; + + include /etc/nginx/katrin.d/*.conf; + + ssl_certificate /etc/letsencrypt/live/katrin.kit.edu/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/katrin.kit.edu/privkey.pem; # managed by Certbot +} diff --git a/conf.d/ufo.conf b/conf.d/ufo.conf new file mode 100644 index 0000000..cfb2ee1 --- /dev/null +++ b/conf.d/ufo.conf @@ -0,0 +1,10 @@ +server { + listen 80; + listen 141.52.64.54:443 ssl; + server_name ufo.kit.edu; + + ssl_certificate /etc/letsencrypt/live/ufo.kit.edu/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/ufo.kit.edu/privkey.pem; # managed by Certbot + + include /etc/nginx/ufo.d/*.conf; +} -- cgit v1.2.1