From b8f5d5769068ee6e34fa1c82a740a6d16d9836ad Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Mon, 25 Apr 2022 14:30:06 +0200
Subject: Add fedi.tyil.nl as a potential website

---
 .../share/sites.d/http/nl.tyil.fedi                | 13 +++++
 .../share/sites.d/https/nl.tyil.fedi               | 62 ++++++++++++++++++++++
 2 files changed, 75 insertions(+)
 create mode 100644 playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.fedi
 create mode 100644 playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.fedi

(limited to 'playbooks.d/webserver-nginx')

diff --git a/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.fedi b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.fedi
new file mode 100644
index 0000000..a736d91
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/http/nl.tyil.fedi
@@ -0,0 +1,13 @@
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name fedi.tyil.nl;
+
+	include /etc/nginx/snippets.d/certbot.conf;
+	include /etc/nginx/snippets.d/headers.conf;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}
diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.fedi b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.fedi
new file mode 100644
index 0000000..8d4930e
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.fedi
@@ -0,0 +1,62 @@
+server {
+	listen 443 ssl http2; # managed by Certbot
+	listen [::]:443 ssl http2; # managed by Certbot
+
+	server_name fedi.tyil.nl;
+
+	ssl_certificate /etc/letsencrypt/live/fedi.tyil.nl/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/fedi.tyil.nl/privkey.pem;
+
+	include /etc/nginx/snippets.d/certbot.conf;
+	include /etc/nginx/snippets.d/ssl.conf;
+	include mime.types;
+
+	root /var/www/nl.tyil.fedi;
+	index index.php;
+
+	autoindex off;
+	fastcgi_param HTTPS on;
+	client_max_body_size 10m;
+	client_body_buffer_size 128k;
+
+	location / {
+		try_files $uri /index.php?pagename=$uri&$args;
+	}
+
+	location ^~ /.well-known/ {
+		allow all;
+		rewrite ^ /index.php?pagename=$uri;
+	}
+
+	location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
+		expires 30d;
+		try_files $uri /index.php?pagename=$uri&$args;
+	}
+
+	location ~* \.php$ {
+		try_files $uri =404;
+
+		fastcgi_split_path_info ^(.+\.php)(/.+)$;
+
+		fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
+
+		include /etc/nginx/snippets.d/fcgi.conf;
+		fastcgi_index index.php;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+
+		fastcgi_buffers 16 16k; 
+		fastcgi_buffer_size 32k;
+	}
+
+	location ~* \.(tpl|md|tgz|log|out)$ {
+		deny all;
+	}
+
+	location ~ /\. {
+		deny all;
+	}
+
+	location ^~ /bin {
+		deny all;
+	}
+}
-- 
cgit v1.1