summaryrefslogtreecommitdiffstats
path: root/nginx
diff options
context:
space:
mode:
Diffstat (limited to 'nginx')
-rw-r--r--nginx/base.sls73
-rw-r--r--nginx/git_kyriasis_com.sls93
-rw-r--r--nginx/grafana_kyriasis_com.sls77
-rw-r--r--nginx/kyriasis_com.sls93
-rw-r--r--nginx/matrix_kyriasis_com.sls123
-rw-r--r--nginx/miniflux_kyriasis_com.sls91
-rw-r--r--nginx/remmy_io.sls85
-rw-r--r--nginx/repsys_kyriasis_com.sls83
-rw-r--r--nginx/riot_kyriasis_com.sls81
-rw-r--r--nginx/theos_kyriasis_com.sls211
-rw-r--r--nginx/xan_kyriasis_com.sls117
11 files changed, 558 insertions, 569 deletions
diff --git a/nginx/base.sls b/nginx/base.sls
index 47f430a..587ac71 100644
--- a/nginx/base.sls
+++ b/nginx/base.sls
@@ -1,42 +1,41 @@
nginx:
- ng:
- source:
- opts: {}
- service:
- enable: True
- opts: {}
- server:
- config:
- events:
- worker_connections: 1024
- http:
- sendfile: 'on'
- aio: 'on'
- directio: 4m
- keepalive_timeout: 65
- gzip: 'on'
- gzip_proxied: 'any'
- gzip_types: '*'
- gzip_vary: 'on'
- charset: utf-8
- charset_types: text/xml text/plain application/javascript application/rss+xml
- server_tokens: 'off'
- etag: 'on'
- ssi: 'on'
+ source:
+ opts: {}
+ service:
+ enable: True
+ opts: {}
+ server:
+ config:
+ events:
+ worker_connections: 1024
+ http:
+ sendfile: 'on'
+ aio: 'on'
+ directio: 4m
+ keepalive_timeout: 65
+ gzip: 'on'
+ gzip_proxied: 'any'
+ gzip_types: '*'
+ gzip_vary: 'on'
+ charset: utf-8
+ charset_types: text/xml text/plain application/javascript application/rss+xml
+ server_tokens: 'off'
+ etag: 'on'
+ ssi: 'on'
- include:
- - /etc/nginx/mime.types
- - /etc/nginx/conf.d/*.conf
- - /etc/nginx/sites-enabled/*
+ include:
+ - /etc/nginx/mime.types
+ - /etc/nginx/conf.d/*.conf
+ - /etc/nginx/sites-enabled/*
- servers:
- managed_opts:
- require_in:
- - file: nginx_server_available_dir
- symlink_opts:
- require_in:
- - file: nginx_server_enabled_dir
- dir_opts:
- clean: 'on'
+ servers:
+ managed_opts:
+ require_in:
+ - file: nginx_server_available_dir
+ symlink_opts:
+ require_in:
+ - file: nginx_server_enabled_dir
+ dir_opts:
+ clean: 'on'
# vim: ft=yaml et:
diff --git a/nginx/git_kyriasis_com.sls b/nginx/git_kyriasis_com.sls
index 74e0442..b151af7 100644
--- a/nginx/git_kyriasis_com.sls
+++ b/nginx/git_kyriasis_com.sls
@@ -1,66 +1,65 @@
nginx:
- ng:
- servers:
- managed:
- git.kyriasis.com:
- enabled: True
- config:
- - server:
- - server_name: git.kyriasis.com
- - listen: 80
- - listen: '[::]:80'
+ servers:
+ managed:
+ git.kyriasis.com:
+ enabled: True
+ config:
+ - server:
+ - server_name: git.kyriasis.com
+ - listen: 80
+ - listen: '[::]:80'
- - location /.well-known/acme-challenge:
- - root: /srv/http/
+ - location /.well-known/acme-challenge:
+ - root: /srv/http/
- - location /:
- - return: '301 https://$server_name$request_uri'
+ - location /:
+ - return: '301 https://$server_name$request_uri'
- - server:
- - server_name: git.kyriasis.com
- - listen: 443 ssl http2
- - listen: '[::]:443 ssl http2'
+ - server:
+ - server_name: git.kyriasis.com
+ - listen: 443 ssl http2
+ - listen: '[::]:443 ssl http2'
- - ssl: 'on'
- - ssl_certificate: /etc/letsencrypt/live/git.kyriasis.com/fullchain.pem
- - ssl_certificate_key: /etc/letsencrypt/live/git.kyriasis.com/privkey.pem
- - ssl_dhparam: /etc/nginx/dhparam.pem
+ - ssl: 'on'
+ - ssl_certificate: /etc/letsencrypt/live/git.kyriasis.com/fullchain.pem
+ - ssl_certificate_key: /etc/letsencrypt/live/git.kyriasis.com/privkey.pem
+ - ssl_dhparam: /etc/nginx/dhparam.pem
- - ssl_stapling: 'on'
- - ssl_stapling_verify: 'on'
- - ssl_trusted_certificate: /etc/letsencrypt/live/git.kyriasis.com/fullchain.pem
+ - ssl_stapling: 'on'
+ - ssl_stapling_verify: 'on'
+ - ssl_trusted_certificate: /etc/letsencrypt/live/git.kyriasis.com/fullchain.pem
- # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
- - add_header: 'Strict-Transport-Security "max-age=31536000"'
+ # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
+ - add_header: 'Strict-Transport-Security "max-age=31536000"'
- # Tell browsers not to render the page inside a frame, and avoid clickjacking.
- - add_header: X-Frame-Options SAMEORIGIN
+ # Tell browsers not to render the page inside a frame, and avoid clickjacking.
+ - add_header: X-Frame-Options SAMEORIGIN
- # Tell browsers to not try to auto-detect the Content-Type.
- - add_header: X-Content-Type-Options nosniff
+ # Tell browsers to not try to auto-detect the Content-Type.
+ - add_header: X-Content-Type-Options nosniff
- # Enable the Cross-site scripting filter in most recent browsers.
- # Normally enabled by default, but enable it anyway if user has disabled it.
- - add_header: 'X-XSS-Protection "1; mode=block"'
+ # Enable the Cross-site scripting filter in most recent browsers.
+ # Normally enabled by default, but enable it anyway if user has disabled it.
+ - add_header: 'X-XSS-Protection "1; mode=block"'
- # http://www.gnuterrypratchett.com/
- - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
+ # http://www.gnuterrypratchett.com/
+ - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
- - error_log: /var/log/nginx/git.error.log
+ - error_log: /var/log/nginx/git.error.log
- - root: /usr/share/webapps/cgit
+ - root: /usr/share/webapps/cgit
- - try_files: $uri @cgit
+ - try_files: $uri @cgit
- - location @cgit:
- - include: fastcgi_params
- - fastcgi_param: SCRIPT_FILENAME $document_root/cgit.cgi
- - fastcgi_param: PATH_INFO $uri
- - fastcgi_param: QUERY_STRING $args
- - fastcgi_pass: unix:/run/fcgiwrap.sock
+ - location @cgit:
+ - include: fastcgi_params
+ - fastcgi_param: SCRIPT_FILENAME $document_root/cgit.cgi
+ - fastcgi_param: PATH_INFO $uri
+ - fastcgi_param: QUERY_STRING $args
+ - fastcgi_pass: unix:/run/fcgiwrap.sock
- - location /.well-known/acme-challenge:
- - root: /srv/http/
+ - location /.well-known/acme-challenge:
+ - root: /srv/http/
# vim: ft=yaml et:
diff --git a/nginx/grafana_kyriasis_com.sls b/nginx/grafana_kyriasis_com.sls
index a2cdb0a..2a512fd 100644
--- a/nginx/grafana_kyriasis_com.sls
+++ b/nginx/grafana_kyriasis_com.sls
@@ -1,55 +1,54 @@
nginx:
- ng:
- servers:
- managed:
- grafana.kyriasis.com:
- enabled: True
- config:
- - server:
- - server_name: grafana.kyriasis.com
- - listen: 80
- - listen: '[::]:80'
+ servers:
+ managed:
+ grafana.kyriasis.com:
+ enabled: True
+ config:
+ - server:
+ - server_name: grafana.kyriasis.com
+ - listen: 80
+ - listen: '[::]:80'
- - location /.well-known/acme-challenge:
- - root: /srv/http
+ - location /.well-known/acme-challenge:
+ - root: /srv/http
- - location /:
- - return: '301 https://$server_name$request_uri'
+ - location /:
+ - return: '301 https://$server_name$request_uri'
- - server:
- - server_name: grafana.kyriasis.com
- - listen: 443 ssl http2
- - listen: '[::]:443 ssl http2'
+ - server:
+ - server_name: grafana.kyriasis.com
+ - listen: 443 ssl http2
+ - listen: '[::]:443 ssl http2'
- - ssl: 'on'
- - ssl_certificate: /etc/letsencrypt/live/grafana.kyriasis.com/fullchain.pem
- - ssl_certificate_key: /etc/letsencrypt/live/grafana.kyriasis.com/privkey.pem
- - ssl_dhparam: /etc/nginx/dhparam.pem
+ - ssl: 'on'
+ - ssl_certificate: /etc/letsencrypt/live/grafana.kyriasis.com/fullchain.pem
+ - ssl_certificate_key: /etc/letsencrypt/live/grafana.kyriasis.com/privkey.pem
+ - ssl_dhparam: /etc/nginx/dhparam.pem
- - ssl_stapling: 'on'
- - ssl_stapling_verify: 'on'
- - ssl_trusted_certificate: /etc/letsencrypt/live/grafana.kyriasis.com/fullchain.pem
+ - ssl_stapling: 'on'
+ - ssl_stapling_verify: 'on'
+ - ssl_trusted_certificate: /etc/letsencrypt/live/grafana.kyriasis.com/fullchain.pem
- # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
- - add_header: 'Strict-Transport-Security "max-age=31536000"'
+ # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
+ - add_header: 'Strict-Transport-Security "max-age=31536000"'
- # Tell browsers not to render the page inside a frame, and avoid clickjacking.
- - add_header: X-Frame-Options SAMEORIGIN
+ # Tell browsers not to render the page inside a frame, and avoid clickjacking.
+ - add_header: X-Frame-Options SAMEORIGIN
- # Tell browsers to not try to auto-detect the Content-Type.
- - add_header: X-Content-Type-Options nosniff
+ # Tell browsers to not try to auto-detect the Content-Type.
+ - add_header: X-Content-Type-Options nosniff
- # Enable the Cross-site scripting filter in most recent browsers.
- # Normally enabled by default, but enable it anyway if user has disabled it.
- - add_header: 'X-XSS-Protection "1; mode=block"'
+ # Enable the Cross-site scripting filter in most recent browsers.
+ # Normally enabled by default, but enable it anyway if user has disabled it.
+ - add_header: 'X-XSS-Protection "1; mode=block"'
- # http://www.gnuterrypratchett.com/
- - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
+ # http://www.gnuterrypratchett.com/
+ - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
- - error_log: /var/log/nginx/grafana.kyriasis.com.error.log
+ - error_log: /var/log/nginx/grafana.kyriasis.com.error.log
- - location /:
- - proxy_pass: http://localhost:3000/
+ - location /:
+ - proxy_pass: http://localhost:3000/
# vim: ft=yaml et:
diff --git a/nginx/kyriasis_com.sls b/nginx/kyriasis_com.sls
index 17f80fd..0f10e8e 100644
--- a/nginx/kyriasis_com.sls
+++ b/nginx/kyriasis_com.sls
@@ -1,65 +1,64 @@
nginx:
- ng:
- servers:
- managed:
- kyriasis.com:
- enabled: True
- config:
- - server:
- - server_name: kyriasis.com
- - listen: 80
- - listen: '[::]:80'
+ servers:
+ managed:
+ kyriasis.com:
+ enabled: True
+ config:
+ - server:
+ - server_name: kyriasis.com
+ - listen: 80
+ - listen: '[::]:80'
- - location /.well-known/acme-challenge:
- - root: /srv/http/
+ - location /.well-known/acme-challenge:
+ - root: /srv/http/
- - location /:
- - return: '301 https://$server_name$request_uri'
+ - location /:
+ - return: '301 https://$server_name$request_uri'
- - server:
- - server_name: kyriasis.com
- - listen: 443 ssl http2
- - listen: '[::]:443 ssl http2'
+ - server:
+ - server_name: kyriasis.com
+ - listen: 443 ssl http2
+ - listen: '[::]:443 ssl http2'
- - ssl: 'on'
- - ssl_certificate: /etc/letsencrypt/live/kyriasis.com/fullchain.pem
- - ssl_certificate_key: /etc/letsencrypt/live/kyriasis.com/privkey.pem
- - ssl_dhparam: /etc/nginx/dhparam.pem
+ - ssl: 'on'
+ - ssl_certificate: /etc/letsencrypt/live/kyriasis.com/fullchain.pem
+ - ssl_certificate_key: /etc/letsencrypt/live/kyriasis.com/privkey.pem
+ - ssl_dhparam: /etc/nginx/dhparam.pem
- - ssl_stapling: 'on'
- - ssl_stapling_verify: 'on'
- - ssl_trusted_certificate: /etc/letsencrypt/live/kyriasis.com/fullchain.pem
+ - ssl_stapling: 'on'
+ - ssl_stapling_verify: 'on'
+ - ssl_trusted_certificate: /etc/letsencrypt/live/kyriasis.com/fullchain.pem
- # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
- - add_header: 'Strict-Transport-Security "max-age=31536000"'
+ # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
+ - add_header: 'Strict-Transport-Security "max-age=31536000"'
- # Tell browsers not to render the page inside a frame, and avoid clickjacking.
- - add_header: X-Frame-Options SAMEORIGIN
+ # Tell browsers not to render the page inside a frame, and avoid clickjacking.
+ - add_header: X-Frame-Options SAMEORIGIN
- # Tell browsers to not try to auto-detect the Content-Type.
- - add_header: X-Content-Type-Options nosniff
+ # Tell browsers to not try to auto-detect the Content-Type.
+ - add_header: X-Content-Type-Options nosniff
- # Enable the Cross-site scripting filter in most recent browsers.
- # Normally enabled by default, but enable it anyway if user has disabled it.
- - add_header: 'X-XSS-Protection "1; mode=block"'
+ # Enable the Cross-site scripting filter in most recent browsers.
+ # Normally enabled by default, but enable it anyway if user has disabled it.
+ - add_header: 'X-XSS-Protection "1; mode=block"'
- # http://www.gnuterrypratchett.com/
- - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
+ # http://www.gnuterrypratchett.com/
+ - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
- - client_max_body_size: 128m
+ - client_max_body_size: 128m
- - error_log: /var/log/nginx/kyriasis.com.error.log
+ - error_log: /var/log/nginx/kyriasis.com.error.log
- - location /.well-known/acme-challenge:
- - root: /srv/http/
+ - location /.well-known/acme-challenge:
+ - root: /srv/http/
- - location /.well-known/matrix/client:
- - proxy_pass: https://matrix.kyriasis.com:8448
- - proxy_buffering: "off"
- - proxy_set_header: X-Forwarded-For $remote_addr
- - proxy_set_header: Host $host
- - add_header: "'Access-Control-Allow-Origin' '*'"
- - add_header: "'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, HEAD, OPTIONS'"
+ - location /.well-known/matrix/client:
+ - proxy_pass: https://matrix.kyriasis.com:8448
+ - proxy_buffering: "off"
+ - proxy_set_header: X-Forwarded-For $remote_addr
+ - proxy_set_header: Host $host
+ - add_header: "'Access-Control-Allow-Origin' '*'"
+ - add_header: "'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, HEAD, OPTIONS'"
# vim: ft=yaml et:
diff --git a/nginx/matrix_kyriasis_com.sls b/nginx/matrix_kyriasis_com.sls
index 8db809c..782149b 100644
--- a/nginx/matrix_kyriasis_com.sls
+++ b/nginx/matrix_kyriasis_com.sls
@@ -1,85 +1,84 @@
nginx:
- ng:
- servers:
- managed:
- matrix.kyriasis.com:
- enabled: True
- config:
- - upstream matrix_backend:
- - server: 127.0.0.1:8448
+ servers:
+ managed:
+ matrix.kyriasis.com:
+ enabled: True
+ config:
+ - upstream matrix_backend:
+ - server: 127.0.0.1:8448
- - upstream synapse_metrics:
- - server: 127.0.0.1:9091
+ - upstream synapse_metrics:
+ - server: 127.0.0.1:9091
- - server:
- - server_name: matrix.kyriasis.com
- - listen: 80
- - listen: '[::]:80'
+ - server:
+ - server_name: matrix.kyriasis.com
+ - listen: 80
+ - listen: '[::]:80'
- - location /.well-known/acme-challenge:
- - root: /srv/http/
+ - location /.well-known/acme-challenge:
+ - root: /srv/http/
- - location /:
- - return: '301 https://$server_name$request_uri'
+ - location /:
+ - return: '301 https://$server_name$request_uri'
- - server:
- - server_name: matrix.kyriasis.com kyriasis.com
- - listen: 443 ssl http2 default_server
- - listen: '[::]:443 ssl http2 default_server'
+ - server:
+ - server_name: matrix.kyriasis.com kyriasis.com
+ - listen: 443 ssl http2 default_server
+ - listen: '[::]:443 ssl http2 default_server'
- - ssl: 'on'
- - ssl_certificate: /etc/letsencrypt/live/matrix.kyriasis.com/fullchain.pem
- - ssl_certificate_key: /etc/letsencrypt/live/matrix.kyriasis.com/privkey.pem
- - ssl_dhparam: /etc/nginx/dhparam.pem
+ - ssl: 'on'
+ - ssl_certificate: /etc/letsencrypt/live/matrix.kyriasis.com/fullchain.pem
+ - ssl_certificate_key: /etc/letsencrypt/live/matrix.kyriasis.com/privkey.pem
+ - ssl_dhparam: /etc/nginx/dhparam.pem
- - ssl_stapling: 'on'
- - ssl_stapling_verify: 'on'
- - ssl_trusted_certificate: /etc/letsencrypt/live/matrix.kyriasis.com/fullchain.pem
+ - ssl_stapling: 'on'
+ - ssl_stapling_verify: 'on'
+ - ssl_trusted_certificate: /etc/letsencrypt/live/matrix.kyriasis.com/fullchain.pem
- # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
- - add_header: 'Strict-Transport-Security "max-age=31536000"'
+ # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
+ - add_header: 'Strict-Transport-Security "max-age=31536000"'
- # Tell browsers to not try to auto-detect the Content-Type.
- - add_header: X-Content-Type-Options nosniff
+ # Tell browsers to not try to auto-detect the Content-Type.
+ - add_header: X-Content-Type-Options nosniff
- # Enable the Cross-site scripting filter in most recent browsers.
- # Normally enabled by default, but enable it anyway if user has disabled it.
- - add_header: 'X-XSS-Protection "1; mode=block"'
+ # Enable the Cross-site scripting filter in most recent browsers.
+ # Normally enabled by default, but enable it anyway if user has disabled it.
+ - add_header: 'X-XSS-Protection "1; mode=block"'
- # http://www.gnuterrypratchett.com/
- - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
+ # http://www.gnuterrypratchett.com/
+ - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
- - client_max_body_size: 128m
+ - client_max_body_size: 128m
- - error_log: /var/log/nginx/matrix.error.log
+ - error_log: /var/log/nginx/matrix.error.log
- - location /:
- - return: 301 https://riot.kyriasis.com
+ - location /:
+ - return: 301 https://riot.kyriasis.com
- - location /_matrix:
- - proxy_pass: https://matrix_backend
- - proxy_buffering: "off"
- - proxy_set_header: X-Forwarded-For $remote_addr
- - proxy_set_header: Host $host
+ - location /_matrix:
+ - proxy_pass: https://matrix_backend
+ - proxy_buffering: "off"
+ - proxy_set_header: X-Forwarded-For $remote_addr
+ - proxy_set_header: Host $host
- - location /_synapse:
- - proxy_pass: http://synapse_metrics
- - proxy_buffering: "off"
- - proxy_set_header: X-Forwarded-For $remote_addr
- - proxy_set_header: Host $host
- - proxy_http_version: 1.1
+ - location /_synapse:
+ - proxy_pass: http://synapse_metrics
+ - proxy_buffering: "off"
+ - proxy_set_header: X-Forwarded-For $remote_addr
+ - proxy_set_header: Host $host
+ - proxy_http_version: 1.1
- - location /.well-known/acme-challenge:
- - root: /srv/http/
+ - location /.well-known/acme-challenge:
+ - root: /srv/http/
- - location /.well-known/matrix/client:
- - proxy_pass: https://matrix_backend
- - proxy_buffering: "off"
- - proxy_set_header: X-Forwarded-For $remote_addr
- - proxy_set_header: Host $host
- - add_header: "'Access-Control-Allow-Origin' '*'"
- - add_header: "'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, HEAD, OPTIONS'"
+ - location /.well-known/matrix/client:
+ - proxy_pass: https://matrix_backend
+ - proxy_buffering: "off"
+ - proxy_set_header: X-Forwarded-For $remote_addr
+ - proxy_set_header: Host $host
+ - add_header: "'Access-Control-Allow-Origin' '*'"
+ - add_header: "'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, HEAD, OPTIONS'"
# vim: ft=yaml et:
diff --git a/nginx/miniflux_kyriasis_com.sls b/nginx/miniflux_kyriasis_com.sls
index 290c59f..b2d3a80 100644
--- a/nginx/miniflux_kyriasis_com.sls
+++ b/nginx/miniflux_kyriasis_com.sls
@@ -1,64 +1,63 @@
nginx:
- ng:
- servers:
- managed:
- miniflux.kyriasis.com:
- enabled: True
- config:
- - server:
- - server_name: miniflux.kyriasis.com
- - listen: 80
- - listen: '[::]:80'
+ servers:
+ managed:
+ miniflux.kyriasis.com:
+ enabled: True
+ config:
+ - server:
+ - server_name: miniflux.kyriasis.com
+ - listen: 80
+ - listen: '[::]:80'
- - location /.well-known/acme-challenge:
- - root: /srv/http/
+ - location /.well-known/acme-challenge:
+ - root: /srv/http/
- - location /:
- - return: '301 https://$server_name$request_uri'
+ - location /:
+ - return: '301 https://$server_name$request_uri'
- - server:
- - server_name: miniflux.kyriasis.com
- - listen: 443 ssl http2
- - listen: '[::]:443 ssl http2'
+ - server:
+ - server_name: miniflux.kyriasis.com
+ - listen: 443 ssl http2
+ - listen: '[::]:443 ssl http2'
- - ssl: 'on'
- - ssl_certificate: /etc/letsencrypt/live/miniflux.kyriasis.com/fullchain.pem
- - ssl_certificate_key: /etc/letsencrypt/live/miniflux.kyriasis.com/privkey.pem
- - ssl_dhparam: /etc/nginx/dhparam.pem
+ - ssl: 'on'
+ - ssl_certificate: /etc/letsencrypt/live/miniflux.kyriasis.com/fullchain.pem
+ - ssl_certificate_key: /etc/letsencrypt/live/miniflux.kyriasis.com/privkey.pem
+ - ssl_dhparam: /etc/nginx/dhparam.pem
- - ssl_stapling: 'on'
- - ssl_stapling_verify: 'on'
- - ssl_trusted_certificate: /etc/letsencrypt/live/miniflux.kyriasis.com/fullchain.pem
+ - ssl_stapling: 'on'
+ - ssl_stapling_verify: 'on'
+ - ssl_trusted_certificate: /etc/letsencrypt/live/miniflux.kyriasis.com/fullchain.pem
- # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
- - add_header: 'Strict-Transport-Security "max-age=31536000"'
+ # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
+ - add_header: 'Strict-Transport-Security "max-age=31536000"'
- # Tell browsers not to render the page inside a frame, and avoid clickjacking.
- - add_header: X-Frame-Options SAMEORIGIN
+ # Tell browsers not to render the page inside a frame, and avoid clickjacking.
+ - add_header: X-Frame-Options SAMEORIGIN
- # Tell browsers to not try to auto-detect the Content-Type.
- - add_header: X-Content-Type-Options nosniff
+ # Tell browsers to not try to auto-detect the Content-Type.
+ - add_header: X-Content-Type-Options nosniff
- # Enable the Cross-site scripting filter in most recent browsers.
- # Normally enabled by default, but enable it anyway if user has disabled it.
- - add_header: 'X-XSS-Protection "1; mode=block"'
+ # Enable the Cross-site scripting filter in most recent browsers.
+ # Normally enabled by default, but enable it anyway if user has disabled it.
+ - add_header: 'X-XSS-Protection "1; mode=block"'
- # http://www.gnuterrypratchett.com/
- - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
+ # http://www.gnuterrypratchett.com/
+ - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
- - client_max_body_size: 128m
+ - client_max_body_size: 128m
- - error_log: /var/log/nginx/miniflux.error.log
+ - error_log: /var/log/nginx/miniflux.error.log
- - location /:
- - proxy_pass: http://127.0.0.1:8080
- - proxy_redirect: 'off'
- - proxy_set_header: X-Real-IP $remote_addr
- - proxy_set_header: X-Forwarded-For $proxy_add_x_forwarded_for
- - proxy_set_header: X-Forwarded-Host $server_name
+ - location /:
+ - proxy_pass: http://127.0.0.1:8080
+ - proxy_redirect: 'off'
+ - proxy_set_header: X-Real-IP $remote_addr
+ - proxy_set_header: X-Forwarded-For $proxy_add_x_forwarded_for
+ - proxy_set_header: X-Forwarded-Host $server_name
- - location /.well-known/acme-challenge:
- - root: /srv/http/
+ - location /.well-known/acme-challenge:
+ - root: /srv/http/
# vim: ft=yaml et:
diff --git a/nginx/remmy_io.sls b/nginx/remmy_io.sls
index d240e98..d8d36c6 100644
--- a/nginx/remmy_io.sls
+++ b/nginx/remmy_io.sls
@@ -1,60 +1,59 @@
nginx:
- ng:
- servers:
- managed:
- remmy.io:
- enabled: True
- config:
- - server:
- - server_name: remmy.io
- - listen: 80
- - listen: '[::]:80'
+ servers:
+ managed:
+ remmy.io:
+ enabled: True
+ config:
+ - server:
+ - server_name: remmy.io
+ - listen: 80
+ - listen: '[::]:80'
- - location /.well-known/acme-challenge:
- - root: /srv/http
+ - location /.well-known/acme-challenge:
+ - root: /srv/http
- - location /:
- - return: '301 https://$server_name$request_uri'
+ - location /:
+ - return: '301 https://$server_name$request_uri'
- - server:
- - server_name: remmy.io
- - listen: 443 ssl http2
- - listen: '[::]:443 ssl http2'
+ - server:
+ - server_name: remmy.io
+ - listen: 443 ssl http2
+ - listen: '[::]:443 ssl http2'
- - ssl: 'on'
- - ssl_certificate: /etc/letsencrypt/live/remmy.io/fullchain.pem
- - ssl_certificate_key: /etc/letsencrypt/live/remmy.io/privkey.pem
- - ssl_dhparam: /etc/nginx/dhparam.pem
+ - ssl: 'on'
+ - ssl_certificate: /etc/letsencrypt/live/remmy.io/fullchain.pem
+ - ssl_certificate_key: /etc/letsencrypt/live/remmy.io/privkey.pem
+ - ssl_dhparam: /etc/nginx/dhparam.pem
- - ssl_stapling: 'on'
- - ssl_stapling_verify: 'on'
- - ssl_trusted_certificate: /etc/letsencrypt/live/remmy.io/fullchain.pem
+ - ssl_stapling: 'on'
+ - ssl_stapling_verify: 'on'
+ - ssl_trusted_certificate: /etc/letsencrypt/live/remmy.io/fullchain.pem
- # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
- - add_header: 'Strict-Transport-Security "max-age=31536000"'
+ # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
+ - add_header: 'Strict-Transport-Security "max-age=31536000"'
- # Tell browsers not to render the page inside a frame, and avoid clickjacking.
- - add_header: X-Frame-Options SAMEORIGIN
+ # Tell browsers not to render the page inside a frame, and avoid clickjacking.
+ - add_header: X-Frame-Options SAMEORIGIN
- # Tell browsers to not try to auto-detect the Content-Type.
- - add_header: X-Content-Type-Options nosniff
+ # Tell browsers to not try to auto-detect the Content-Type.
+ - add_header: X-Content-Type-Options nosniff
- # Enable the Cross-site scripting filter in most recent browsers.
- # Normally enabled by default, but enable it anyway if user has disabled it.
- - add_header: 'X-XSS-Protection "1; mode=block"'
+ # Enable the Cross-site scripting filter in most recent browsers.
+ # Normally enabled by default, but enable it anyway if user has disabled it.
+ - add_header: 'X-XSS-Protection "1; mode=block"'
- # http://www.gnuterrypratchett.com/
- - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
+ # http://www.gnuterrypratchett.com/
+ - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
- - error_log: /var/log/nginx/remmy_io.error.log
+ - error_log: /var/log/nginx/remmy_io.error.log
- - root: /home/kyrias/public_html/
- - index: index.html
- - autoindex: 'on'
- - try_files: $uri $uri.html $uri/ =404
+ - root: /home/kyrias/public_html/
+ - index: index.html
+ - autoindex: 'on'
+ - try_files: $uri $uri.html $uri/ =404
- - location ~ \.(js|css|png):
- - expires: modified +7d
+ - location ~ \.(js|css|png):
+ - expires: modified +7d
# vim: ft=yaml et:
diff --git a/nginx/repsys_kyriasis_com.sls b/nginx/repsys_kyriasis_com.sls
index 3b8b548..e2e7a65 100644
--- a/nginx/repsys_kyriasis_com.sls
+++ b/nginx/repsys_kyriasis_com.sls
@@ -1,59 +1,58 @@
nginx:
- ng:
- servers:
- managed:
- repsys.kyriasis.com:
- enabled: True
- config:
- - server:
- - server_name: repsys.kyriasis.com
- - listen: 80
- - listen: '[::]:80'
+ servers:
+ managed:
+ repsys.kyriasis.com:
+ enabled: True
+ config:
+ - server:
+ - server_name: repsys.kyriasis.com
+ - listen: 80
+ - listen: '[::]:80'
- - location /.well-known/acme-challenge:
- - root: /srv/http
+ - location /.well-known/acme-challenge:
+ - root: /srv/http
- - location /:
- - return: '301 https://$server_name$request_uri'
+ - location /:
+ - return: '301 https://$server_name$request_uri'
- - server:
- - server_name: repsys.kyriasis.com
- - listen: 443 ssl http2
- - listen: '[::]:443 ssl http2'
+ - server:
+ - server_name: repsys.kyriasis.com
+ - listen: 443 ssl http2
+ - listen: '[::]:443 ssl http2'
- - ssl: 'on'
- - ssl_certificate: /etc/letsencrypt/live/repsys.kyriasis.com/fullchain.pem
- - ssl_certificate_key: /etc/letsencrypt/live/repsys.kyriasis.com/privkey.pem
- - ssl_dhparam: /etc/nginx/dhparam.pem
+ - ssl: 'on'
+ - ssl_certificate: /etc/letsencrypt/live/repsys.kyriasis.com/fullchain.pem
+ - ssl_certificate_key: /etc/letsencrypt/live/repsys.kyriasis.com/privkey.pem
+ - ssl_dhparam: /etc/nginx/dhparam.pem
- - ssl_stapling: 'on'
- - ssl_stapling_verify: 'on'
- - ssl_trusted_certificate: /etc/letsencrypt/live/repsys.kyriasis.com/fullchain.pem
+ - ssl_stapling: 'on'
+ - ssl_stapling_verify: 'on'
+ - ssl_trusted_certificate: /etc/letsencrypt/live/repsys.kyriasis.com/fullchain.pem
- # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
- - add_header: 'Strict-Transport-Security "max-age=31536000"'
+ # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
+ - add_header: 'Strict-Transport-Security "max-age=31536000"'
- # Tell browsers not to render the page inside a frame, and avoid clickjacking.
- - add_header: X-Frame-Options SAMEORIGIN
+ # Tell browsers not to render the page inside a frame, and avoid clickjacking.
+ - add_header: X-Frame-Options SAMEORIGIN
- # Tell browsers to not try to auto-detect the Content-Type.
- - add_header: X-Content-Type-Options nosniff
+ # Tell browsers to not try to auto-detect the Content-Type.
+ - add_header: X-Content-Type-Options nosniff
- # Enable the Cross-site scripting filter in most recent browsers.
- # Normally enabled by default, but enable it anyway if user has disabled it.
- - add_header: 'X-XSS-Protection "1; mode=block"'
+ # Enable the Cross-site scripting filter in most recent browsers.
+ # Normally enabled by default, but enable it anyway if user has disabled it.
+ - add_header: 'X-XSS-Protection "1; mode=block"'
- # http://www.gnuterrypratchett.com/
- - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
+ # http://www.gnuterrypratchett.com/
+ - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
- - error_log: /var/log/nginx/repsys.kyriasis.com.error.log
+ - error_log: /var/log/nginx/repsys.kyriasis.com.error.log
- - location ~ \.(js|css|png):
- - expires: modified +7d
+ - location ~ \.(js|css|png):
+ - expires: modified +7d
- - location /:
- - include: uwsgi_params
- - uwsgi_pass: localhost:3002
+ - location /:
+ - include: uwsgi_params
+ - uwsgi_pass: localhost:3002
# vim: ft=yaml et:
diff --git a/nginx/riot_kyriasis_com.sls b/nginx/riot_kyriasis_com.sls
index be37292..a2d7707 100644
--- a/nginx/riot_kyriasis_com.sls
+++ b/nginx/riot_kyriasis_com.sls
@@ -1,59 +1,58 @@
nginx:
- ng:
- servers:
- managed:
- riot.kyriasis.com:
- enabled: True
- config:
- - server:
- - server_name: riot.kyriasis.com
- - listen: 80
- - listen: '[::]:80'
+ servers:
+ managed:
+ riot.kyriasis.com:
+ enabled: True
+ config:
+ - server:
+ - server_name: riot.kyriasis.com
+ - listen: 80
+ - listen: '[::]:80'
- - location /.well-known/acme-challenge:
- - root: /srv/http/
+ - location /.well-known/acme-challenge:
+ - root: /srv/http/
- - location /:
- - return: '301 https://$server_name$request_uri'
+ - location /:
+ - return: '301 https://$server_name$request_uri'
- - server:
- - server_name: riot.kyriasis.com
- - listen: 443 ssl http2
- - listen: '[::]:443 ssl http2'
+ - server:
+ - server_name: riot.kyriasis.com
+ - listen: 443 ssl http2
+ - listen: '[::]:443 ssl http2'
- - ssl: 'on'
- - ssl_certificate: /etc/letsencrypt/live/riot.kyriasis.com/fullchain.pem
- - ssl_certificate_key: /etc/letsencrypt/live/riot.kyriasis.com/privkey.pem
- - ssl_dhparam: /etc/nginx/dhparam.pem
+ - ssl: 'on'
+ - ssl_certificate: /etc/letsencrypt/live/riot.kyriasis.com/fullchain.pem
+ - ssl_certificate_key: /etc/letsencrypt/live/riot.kyriasis.com/privkey.pem
+ - ssl_dhparam: /etc/nginx/dhparam.pem
- - ssl_stapling: 'on'
- - ssl_stapling_verify: 'on'
- - ssl_trusted_certificate: /etc/letsencrypt/live/riot.kyriasis.com/fullchain.pem
+ - ssl_stapling: 'on'
+ - ssl_stapling_verify: 'on'
+ - ssl_trusted_certificate: /etc/letsencrypt/live/riot.kyriasis.com/fullchain.pem
- # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
- - add_header: 'Strict-Transport-Security "max-age=31536000"'
+ # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
+ - add_header: 'Strict-Transport-Security "max-age=31536000"'
- # Tell browsers not to render the page inside a frame, and avoid clickjacking.
- - add_header: X-Frame-Options SAMEORIGIN
+ # Tell browsers not to render the page inside a frame, and avoid clickjacking.
+ - add_header: X-Frame-Options SAMEORIGIN
- # Tell browsers to not try to auto-detect the Content-Type.
- - add_header: X-Content-Type-Options nosniff
+ # Tell browsers to not try to auto-detect the Content-Type.
+ - add_header: X-Content-Type-Options nosniff
- # Enable the Cross-site scripting filter in most recent browsers.
- # Normally enabled by default, but enable it anyway if user has disabled it.
- - add_header: 'X-XSS-Protection "1; mode=block"'
+ # Enable the Cross-site scripting filter in most recent browsers.
+ # Normally enabled by default, but enable it anyway if user has disabled it.
+ - add_header: 'X-XSS-Protection "1; mode=block"'
- # http://www.gnuterrypratchett.com/
- - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
+ # http://www.gnuterrypratchett.com/
+ - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
- - client_max_body_size: 128m
+ - client_max_body_size: 128m
- - error_log: /var/log/nginx/riot.error.log
+ - error_log: /var/log/nginx/riot.error.log
- - root: /home/kyrias/code/vector/public
+ - root: /home/kyrias/code/vector/public
- - location /.well-known/acme-challenge:
- - root: /srv/http/
+ - location /.well-known/acme-challenge:
+ - root: /srv/http/
# vim: ft=yaml et:
diff --git a/nginx/theos_kyriasis_com.sls b/nginx/theos_kyriasis_com.sls
index 48c505f..06dd63c 100644
--- a/nginx/theos_kyriasis_com.sls
+++ b/nginx/theos_kyriasis_com.sls
@@ -1,140 +1,139 @@
nginx:
- ng:
- servers:
- managed:
- theos.kyriasis.com:
- enabled: True
- config:
- - server:
- - server_name: theos.kyriasis.com
- - listen: 80 default_server
- - listen: '[::]:80 default_server'
+ servers:
+ managed:
+ theos.kyriasis.com:
+ enabled: True
+ config:
+ - server:
+ - server_name: theos.kyriasis.com
+ - listen: 80 default_server
+ - listen: '[::]:80 default_server'
+
+ - location /.well-known/acme-challenge:
+ - root: /srv/http
- - location /.well-known/acme-challenge:
- - root: /srv/http
+ - location /:
+ - return: '301 https://$server_name$request_uri'
- - location /:
- - return: '301 https://$server_name$request_uri'
+ - server:
+ - server_name: theos.kyriasis.com
+ - listen: 443 ssl http2
+ - listen: '[::]:443 ssl http2'
- - server:
- - server_name: theos.kyriasis.com
- - listen: 443 ssl http2
- - listen: '[::]:443 ssl http2'
+ - ssl: 'on'
+ - ssl_certificate: /etc/letsencrypt/live/theos.kyriasis.com/fullchain.pem
+ - ssl_certificate_key: /etc/letsencrypt/live/theos.kyriasis.com/privkey.pem
+ - ssl_dhparam: /etc/nginx/dhparam.pem
- - ssl: 'on'
- - ssl_certificate: /etc/letsencrypt/live/theos.kyriasis.com/fullchain.pem
- - ssl_certificate_key: /etc/letsencrypt/live/theos.kyriasis.com/privkey.pem
- - ssl_dhparam: /etc/nginx/dhparam.pem
+ - ssl_stapling: 'on'
+ - ssl_stapling_verify: 'on'
+ - ssl_trusted_certificate: /etc/letsencrypt/live/theos.kyriasis.com/fullchain.pem
- - ssl_stapling: 'on'
- - ssl_stapling_verify: 'on'
- - ssl_trusted_certificate: /etc/letsencrypt/live/theos.kyriasis.com/fullchain.pem
+ # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
+ - add_header: 'Strict-Transport-Security "max-age=31536000"'
- # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
- - add_header: 'Strict-Transport-Security "max-age=31536000"'
+ # Tell browsers not to render the page inside a frame, and avoid clickjacking.
+ - add_header: X-Frame-Options SAMEORIGIN
- # Tell browsers not to render the page inside a frame, and avoid clickjacking.
- - add_header: X-Frame-Options SAMEORIGIN
+ # Tell browsers to not try to auto-detect the Content-Type.
+ - add_header: X-Content-Type-Options nosniff
- # Tell browsers to not try to auto-detect the Content-Type.
- - add_header: X-Content-Type-Options nosniff
+ # Enable the Cross-site scripting filter in most recent browsers.
+ # Normally enabled by default, but enable it anyway if user has disabled it.
+ - add_header: 'X-XSS-Protection "1; mode=block"'
- # Enable the Cross-site scripting filter in most recent browsers.
- # Normally enabled by default, but enable it anyway if user has disabled it.
- - add_header: 'X-XSS-Protection "1; mode=block"'
+ # http://www.gnuterrypratchett.com/
+ - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
- # http://www.gnuterrypratchett.com/
- - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
+ - error_log: /var/log/nginx/theos.error.log
- - error_log: /var/log/nginx/theos.error.log
+ - root: /srv/http
+ - index: index.html
+ - autoindex: 'on'
- - root: /srv/http
- - index: index.html
+ - location /repo/:
+ - root: /home/kyrias/packaging
- autoindex: 'on'
- - location /repo/:
- - root: /home/kyrias/packaging
- - autoindex: 'on'
+ - location /~kyrias:
+ - alias: /home/kyrias/public_html/
+ - index: index.html
+ - expires: modified +24h
- - location /~kyrias:
- - alias: /home/kyrias/public_html/
- - index: index.html
- - expires: modified +24h
+ - location = /~kyrias/journal/10-mercurian-pronouns.html:
+ - return: '301 https://web.archive.org/web/https://theos.kyriasis.com/~kyrias/journal/10-mercurian-pronouns.html'
+ - location ^~ /~kyrias/static:
+ - alias: /home/kyrias/code/kyrias-website/kyrias_website/static/
+ - expires: +30d
- - location = /~kyrias/journal/10-mercurian-pronouns.html:
- - return: '301 https://web.archive.org/web/https://theos.kyriasis.com/~kyrias/journal/10-mercurian-pronouns.html'
- - location ^~ /~kyrias/static:
- - alias: /home/kyrias/code/kyrias-website/kyrias_website/static/
- - expires: +30d
+ - location ^~ /~kyrias/d:
+ - autoindex: 'on'
- - location ^~ /~kyrias/d:
- - autoindex: 'on'
+ - location /~xanadu:
+ - alias: /home/xanadu/public_html/
+ - index: index.html
+ - try_files: $uri $uri.html $uri/ =404
+ - autoindex: 'on'
+ - expires: modified +24h
- - location /~xanadu:
- - alias: /home/xanadu/public_html/
- - index: index.html
- - try_files: $uri $uri.html $uri/ =404
- - autoindex: 'on'
- - expires: modified +24h
+ - location /vector:
+ - alias: /home/kyrias/code/vector/public/
+ - try_files: $uri $uri.html $uri/ =404
- - location /vector:
- - alias: /home/kyrias/code/vector/public/
- - try_files: $uri $uri.html $uri/ =404
+ - location /znc:
+ - proxy_pass: https://127.0.0.1:6697
+ - proxy_redirect: 'off'
+ - proxy_set_header: X-Real-IP $remote_addr
+ - proxy_set_header: X-Forwarded-For $proxy_add_x_forwarded_for
+ - proxy_set_header: X-Forwarded-Host $server_name
- - location /znc:
- - proxy_pass: https://127.0.0.1:6697
- - proxy_redirect: 'off'
- - proxy_set_header: X-Real-IP $remote_addr
- - proxy_set_header: X-Forwarded-For $proxy_add_x_forwarded_for
- - proxy_set_header: X-Forwarded-Host $server_name
+ - server:
+ - server_name: h.theos.kyriasis.com
+ - listen: 80
+ - listen: '[::]:80'
- - server:
- - server_name: h.theos.kyriasis.com
- - listen: 80
- - listen: '[::]:80'
+ - error_log: /var/log/nginx/theos.error.log
- - error_log: /var/log/nginx/theos.error.log
+ - root: /srv/http
+ - index: index.html
+ - autoindex: 'on'
- - root: /srv/http
- - index: index.html
+ - location /repo/:
+ - root: /home/kyrias/packaging
- autoindex: 'on'
- - location /repo/:
- - root: /home/kyrias/packaging
- - autoindex: 'on'
-
- - location /~kyrias:
- - alias: /home/kyrias/public_html/
- - index: index.html
- - try_files: $uri $uri.html $uri/ =404
- - autoindex: 'on'
- - expires: modified +24h
+ - location /~kyrias:
+ - alias: /home/kyrias/public_html/
+ - index: index.html
+ - try_files: $uri $uri.html $uri/ =404
+ - autoindex: 'on'
+ - expires: modified +24h
- - location = /~kyrias/journal/10-mercurian-pronouns.html:
- - return: '301 https://web.archive.org/web/https://theos.kyriasis.com/~kyrias/journal/10-mercurian-pronouns.html'
+ - location = /~kyrias/journal/10-mercurian-pronouns.html:
+ - return: '301 https://web.archive.org/web/https://theos.kyriasis.com/~kyrias/journal/10-mercurian-pronouns.html'
- - location ~ \.(js|css|png):
- - expires: modified +7d
+ - location ~ \.(js|css|png):
+ - expires: modified +7d
- - location /~xanadu:
- - alias: /home/xanadu/public_html/
- - index: index.html
- - try_files: $uri $uri.html $uri/ =404
- - autoindex: 'on'
- - expires: modified +24h
-
- - location /vector:
- - alias: /home/kyrias/code/vector/public/
- - try_files: $uri $uri.html $uri/ =404
-
- - location /znc:
- - proxy_pass: https://127.0.0.1:6697
- - proxy_redirect: 'off'
- - proxy_set_header: X-Real-IP $remote_addr
- - proxy_set_header: X-Forwarded-For $proxy_add_x_forwarded_for
- - proxy_set_header: X-Forwarded-Host $server_name
+ - location /~xanadu:
+ - alias: /home/xanadu/public_html/
+ - index: index.html
+ - try_files: $uri $uri.html $uri/ =404
+ - autoindex: 'on'
+ - expires: modified +24h
+
+ - location /vector:
+ - alias: /home/kyrias/code/vector/public/
+ - try_files: $uri $uri.html $uri/ =404
+
+ - location /znc:
+ - proxy_pass: https://127.0.0.1:6697
+ - proxy_redirect: 'off'
+ - proxy_set_header: X-Real-IP $remote_addr
+ - proxy_set_header: X-Forwarded-For $proxy_add_x_forwarded_for
+ - proxy_set_header: X-Forwarded-Host $server_name
# vim: ft=yaml et:
diff --git a/nginx/xan_kyriasis_com.sls b/nginx/xan_kyriasis_com.sls
index c965c76..5835d9d 100644
--- a/nginx/xan_kyriasis_com.sls
+++ b/nginx/xan_kyriasis_com.sls
@@ -1,83 +1,82 @@
nginx:
- ng:
- servers:
- managed:
- xan.kyriasis.com:
- enabled: True
- config:
- - server:
- - server_name: xan.kyriasis.com
- - listen: 80
- - listen: '[::]:80'
+ servers:
+ managed:
+ xan.kyriasis.com:
+ enabled: True
+ config:
+ - server:
+ - server_name: xan.kyriasis.com
+ - listen: 80
+ - listen: '[::]:80'
- - location /.well-known/acme-challenge:
- - root: /srv/http/
+ - location /.well-known/acme-challenge:
+ - root: /srv/http/
- - location /:
- - return: '301 https://$server_name$request_uri'
+ - location /:
+ - return: '301 https://$server_name$request_uri'
- - server:
- - server_name: xan.kyriasis.com
- - listen: 443 ssl http2
- - listen: '[::]:443 ssl http2'
+ - server:
+ - server_name: xan.kyriasis.com
+ - listen: 443 ssl http2
+ - listen: '[::]:443 ssl http2'
- - ssl: 'on'
- - ssl_certificate: /etc/letsencrypt/live/xan.kyriasis.com/fullchain.pem
- - ssl_certificate_key: /etc/letsencrypt/live/xan.kyriasis.com/privkey.pem
- - ssl_dhparam: /etc/nginx/dhparam.pem
+ - ssl: 'on'
+ - ssl_certificate: /etc/letsencrypt/live/xan.kyriasis.com/fullchain.pem
+ - ssl_certificate_key: /etc/letsencrypt/live/xan.kyriasis.com/privkey.pem
+ - ssl_dhparam: /etc/nginx/dhparam.pem
- - ssl_stapling: 'on'
- - ssl_stapling_verify: 'on'
- - ssl_trusted_certificate: /etc/letsencrypt/live/xan.kyriasis.com/fullchain.pem
+ - ssl_stapling: 'on'
+ - ssl_stapling_verify: 'on'
+ - ssl_trusted_certificate: /etc/letsencrypt/live/xan.kyriasis.com/fullchain.pem
- - error_log: /var/log/nginx/xan.error.log
+ - error_log: /var/log/nginx/xan.error.log
- # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
- - add_header: 'Strict-Transport-Security "max-age=31536000"'
+ # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
+ - add_header: 'Strict-Transport-Security "max-age=31536000"'
- # Tell browsers not to render the page inside a frame, and avoid clickjacking.
- - add_header: X-Frame-Options SAMEORIGIN
+ # Tell browsers not to render the page inside a frame, and avoid clickjacking.
+ - add_header: X-Frame-Options SAMEORIGIN
- # Tell browsers to not try to auto-detect the Content-Type.
- - add_header: X-Content-Type-Options nosniff
+ # Tell browsers to not try to auto-detect the Content-Type.
+ - add_header: X-Content-Type-Options nosniff
- # Enable the Cross-site scripting filter in most recent browsers.
- # Normally enabled by default, but enable it anyway if user has disabled it.
- - add_header: 'X-XSS-Protection "1; mode=block"'
+ # Enable the Cross-site scripting filter in most recent browsers.
+ # Normally enabled by default, but enable it anyway if user has disabled it.
+ - add_header: 'X-XSS-Protection "1; mode=block"'
- # http://www.gnuterrypratchett.com/
- - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
+ # http://www.gnuterrypratchett.com/
+ - add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
- - root: /usr/share/webapps/xans-wiki
+ - root: /usr/share/webapps/xans-wiki
- - client_max_body_size: 100m
- - client_body_timeout: 60
+ - client_max_body_size: 100m
+ - client_body_timeout: 60
- - try_files: $uri $uri/ @mediawiki
- - index: index.php index.html
+ - try_files: $uri $uri/ @mediawiki
+ - index: index.php index.html
- - location @mediawiki:
- - rewrite: '^/(.*)$ /index.php?title=$1&$args'
+ - location @mediawiki:
+ - rewrite: '^/(.*)$ /index.php?title=$1&$args'
- - location ~ \.php5?$:
- - include: fastcgi.conf
- - fastcgi_pass: unix:/var/run/php-fpm/php-fpm.sock
- - fastcgi_index: index.php
- - try_files: $uri @mediawiki
+ - location ~ \.php5?$:
+ - include: fastcgi.conf
+ - fastcgi_pass: unix:/var/run/php-fpm/php-fpm.sock
+ - fastcgi_index: index.php
+ - try_files: $uri @mediawiki
- - location ~* \.(js|css|png|jpg|jpeg|gif|ico)$:
- - try_files: $uri /index.php
- - expires: max
+ - location ~* \.(js|css|png|jpg|jpeg|gif|ico)$:
+ - try_files: $uri /index.php
+ - expires: max
- # Restrictions based on default htaccess file
- - location ^~ ^/(cache|includes|maintenance|languages|serialized|tests|images/deleted)/:
- - deny: all
+ # Restrictions based on default htaccess file
+ - location ^~ ^/(cache|includes|maintenance|languages|serialized|tests|images/deleted)/:
+ - deny: all
- - location ^~ ^/(bin|docs|extensions|includes|maintenance|mw-config|resources|serialized|tests)/:
- - internal: ''
+ - location ^~ ^/(bin|docs|extensions|includes|maintenance|mw-config|resources|serialized|tests)/:
+ - internal: ''
- - location /.well-known/acme-challenge:
- - root: /srv/http/
+ - location /.well-known/acme-challenge:
+ - root: /srv/http/
# vim: ft=yaml et: