-
Notifications
You must be signed in to change notification settings - Fork 8
/
nginx-full.conf
157 lines (131 loc) · 4.73 KB
/
nginx-full.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
upstream hhvm_default {
#server unix:/var/run/php5-fpm.sock;
server localhost:9001;
}
server {
listen 80;
add_header Strict-Transport-Security max-age=31536000;
server_name muenchen-transparent.de www.muenchen-transparent.de xn--mnchen-transparent-m6b.de www.xn--mnchen-transparent-m6b.de ratsinformant.de www.ratsinformant.de;
rewrite ^ https://www.muenchen-transparent.de$request_uri? permanent;
}
server {
listen 443 ssl spdy;
ssl_certificate /etc/nginx/ssl-muenchen-transparent/certchain.pem;
ssl_certificate_key /etc/nginx/ssl-muenchen-transparent/myserver.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'AES256+EECDH:AES256+EDH';
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security max-age=31536000;
server_name muenchen-transparent.de;
rewrite ^ https://www.muenchen-transparent.de$request_uri? permanent;
}
server {
listen 443 ssl spdy;
ssl_certificate /etc/nginx/www_ratsinformant_de-201403.crt;
ssl_certificate_key /etc/nginx/www_ratsinformant_de-201403.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'AES256+EECDH:AES256+EDH';
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security max-age=31536000;
server_name ratsinformant.de www.ratsinformant.de;
rewrite ^ https://www.muenchen-transparent.de$request_uri? permanent;
}
server {
listen 443 ssl spdy;
ssl_certificate /etc/nginx/ssl-muenchen-transparent/certchain.pem;
ssl_certificate_key /etc/nginx/ssl-muenchen-transparent/myserver.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'AES256+EECDH:AES256+EDH';
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security max-age=31536000;
server_name www.muenchen-transparent.de;
root /var/www/ris3/html;
set $yii_bootstrap "index.php";
charset utf-8;
access_log /var/log/nginx/access_ris.log;
error_log /var/log/nginx/error_ris.log;
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
fastcgi_send_timeout 600s;
fastcgi_read_timeout 600s;
location /solr {
proxy_pass http://127.0.0.1:8983/;
rewrite /solr/(.*) /solr/$1 break;
proxy_redirect / /solr/;
#proxy_set_header Host $host;
proxy_buffering off;
auth_basic "Solr Auth";
auth_basic_user_file /var/www/intern/ris-solr-users;
}
location @ris_tiles_notfound {
root /var/www/ris3/html;
fastcgi_split_path_info ^(.+\.php)(.*)$;
# Yii soll Aufrufe von nicht existierenden PHP-Dateien abfangen
set $fsn /$yii_bootstrap;
if (-f $document_root$fastcgi_script_name){
set $fsn $fastcgi_script_name;
}
fastcgi_pass hhvm_default;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fsn;
# PATH_INFO und PATH_TRANSLATED müssen nicht angegeben werden,
# sind aber in RFC 3875 für CGI definiert:
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fsn;
}
location /tiles {
root /var/www/ris3-data/tile-cache/;
expires 1w;
error_page 404 = @ris_tiles_notfound;
}
location /pdf_proxy {
resolver 127.0.0.1 ipv6=off;
proxy_pass http://www.ris-muenchen.de/;
proxy_redirect http://www.ris-muenchen.de/ /pdf_proxy/;
}
location / {
index index.html $yii_bootstrap;
try_files $uri $uri/ /$yii_bootstrap?$args;
}
location ~ \/assets\/.*(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar|woff|svg)$ {
try_files $uri =404;
expires 7d;
}
location /css/ {
expires 7d;
}
location /js/ {
expires 7d;
}
location /bower/ {
expires 7d;
}
location /images/ {
expires 7d;
}
location /fonts/ {
expires 31d;
}
location ~ \.php {
fastcgi_split_path_info ^(.+\.php)(.*)$;
# Yii soll Aufrufe von nicht existierenden PHP-Dateien abfangen
set $fsn /$yii_bootstrap;
if (-f $document_root$fastcgi_script_name){
set $fsn $fastcgi_script_name;
}
fastcgi_pass hhvm_default;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fsn;
# PATH_INFO und PATH_TRANSLATED müssen nicht angegeben werden,
# sind aber in RFC 3875 für CGI definiert:
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fsn;
}
location ~ /\.ht {
deny all;
}
}