gaja-group
/
server-configs-nginx
mirror of https://github.com/h5bp/server-configs-nginx
2
0
Fork 0
Code Issues Releases Wiki Activity

Move server config to conf.d folder 

Aligning with nginx docker image
Fix #95
This commit is contained in:
Léo Colombaro 2019-02-01 13:04:01 +01:00
parent d2531ac605
commit 306af367e9
9 changed files with 93 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sites-available/ssl.no-default → conf.d/.default.conf
View File

@ -1,3 +1,7 @@
# ----------------------------------------------------------------------
# | Default behavior for unknown hosts |
# ----------------------------------------------------------------------
#
# Drop requests for unknown hosts
#
# If no default server is defined, nginx will use the first found server.
@ -8,7 +12,12 @@
server {
listen [::]:443 ssl default_server;
listen 443 ssl default_server;
server_name _;
include h5bp/ssl/ssl_engine.conf;
include h5bp/ssl/certificate_files.conf;
include h5bp/ssl/policy_intermediate.conf;
return 444;
}

27
conf.d/no-ssl.default.conf Normal file
View File

@ -0,0 +1,27 @@
# ----------------------------------------------------------------------
# | Default behavior for unknown hosts |
# ----------------------------------------------------------------------
#
# Drop requests for unknown hosts
#
# If no default server is defined, nginx will use the first found server.
# To prevent host header attacks, or other potential problems when an unknown
# servername is used in a request, it's recommended to drop the request
# returning 444 "no response".
#
# (1) In production, only secure hosts should be used (all `no-ssl` disabled).
# If so, redirect first ANY request to a secure connexion before handling it
# even if the host is unknown.
#
# https://observatory.mozilla.org/faq/
server {
listen [::]:80 default_server deferred;
listen 80 default_server deferred;
server_name _;
# (1)
# return 301 https://$host$request_uri;
return 444;
}

30
sites-available/ssl.example.com → conf.d/templates/example.com.conf
View File

@ -1,34 +1,29 @@
# Choose between www and non-www, listen on the *wrong* one and redirect to
# the right one -- https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#server-name-if
# ----------------------------------------------------------------------
# | Config file for example.com host |
# ----------------------------------------------------------------------
#
server {
listen [::]:80;
listen 80;
# listen on both hosts
server_name example.com www.example.com;
# and redirect to the https host (declared below)
# avoiding http://www -> https://www -> https:// chain.
return 301 https://example.com$request_uri;
}
# This file is a template for a nginx server.
# This nginx server listen the `example.com` host and handle requests.
# Remplace `example.com` with your hostname before enabling.
# Choose between www and non-www, listen on the wrong one and redirect to
# the right one.
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#server-name-if
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
# listen on the wrong host
server_name www.example.com;
include h5bp/ssl/ssl_engine.conf;
include h5bp/ssl/certificate_files.conf;
include h5bp/ssl/policy_intermediate.conf;
# and redirect to the non-www host (declared below)
return 301 https://example.com$request_uri;
return 301 $scheme://example.com$request_uri;
}
server {
server {
# listen [::]:443 ssl http2 accept_filter=dataready; # for FreeBSD
# listen 443 ssl http2 accept_filter=dataready; # for FreeBSD
# listen [::]:443 ssl http2 deferred; # for Linux
@ -40,6 +35,7 @@ server {
server_name example.com;
include h5bp/ssl/ssl_engine.conf;
include h5bp/ssl/certificate_files.conf;
include h5bp/ssl/policy_intermediate.conf;
# Path for static files

40
conf.d/templates/no-ssl.example.com.conf Normal file
View File

@ -0,0 +1,40 @@
# ----------------------------------------------------------------------
# | Config file for non-secure example.com host |
# ----------------------------------------------------------------------
#
# This file is a template for a non-secure nginx server.
# This nginx server listen the `example.com` host and handle requests.
# Remplace `example.com` with your hostname before enabling.
# Choose between www and non-www, listen on the wrong one and redirect to
# the right one.
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#server-name-if
server {
listen [::]:80;
listen 80;
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
}
server {
# listen [::]:80 accept_filter=httpready; # for FreeBSD
# listen 80 accept_filter=httpready; # for FreeBSD
# listen [::]:80 deferred; # for Linux
# listen 80 deferred; # for Linux
listen [::]:80;
listen 80;
# The host name to respond to
server_name example.com;
# Path for static files
root /var/www/example.com/public;
# Custom error pages
include h5bp/errors/custom_errors.conf;
# Include the basic h5bp config set
include h5bp/basic.conf;
}

9
nginx.conf
View File

@ -111,10 +111,9 @@ http {
# Enable gzip compression.
include h5bp/web_performance/compression.conf;
# Include files in the sites-enabled folder. server{} configuration files should be
# placed in the sites-available folder, and then the configuration should be enabled
# by creating a symlink to it in the sites-enabled folder.
# See doc/sites-enabled.md for more info.
include sites-enabled/*;
# Include files in the conf.d folder.
# server{} configuration files should be placed in the conf.d folder.
# The configurations should be disabled by prefixing files with a dot.
include conf.d/*.conf;
}

12
sites-available/README.md
View File

@ -1,12 +0,0 @@
Sites Available
---------------
Define host definitions here.
It'd be a good thing if you keep your hosts indexed by domain name, eg:
```
example.com (handles traffic from both www.example.com and example.com)
foobar.com (as above)
test.foobar.com (handles traffic from both www.test.foobar.com and test.foobar.com)
```

36
sites-available/example.com
View File

@ -1,36 +0,0 @@
# www to non-www redirect -- duplicate content is BAD:
# https://github.com/h5bp/html5-boilerplate/blob/5370479476dceae7cc3ea105946536d6bc0ee468/.htaccess#L362
# Choose between www and non-www, listen on the *wrong* one and redirect to
# the right one -- https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#server-name-if
server {
# don't forget to tell on which port this server listens
listen [::]:80;
listen 80;
# listen on the www host
server_name www.example.com;
# and redirect to the non-www host (declared below)
return 301 $scheme://example.com$request_uri;
}
server {
# listen [::]:80 accept_filter=httpready; # for FreeBSD
# listen 80 accept_filter=httpready; # for FreeBSD
# listen [::]:80 deferred; # for Linux
# listen 80 deferred; # for Linux
listen [::]:80;
listen 80;
# The host name to respond to
server_name example.com;
# Path for static files
root /sites/example.com/public;
# Custom 404 page
error_page 404 /404.html;
# Include the basic h5bp config set
include h5bp/basic.conf;
}

12
sites-available/no-default
View File

@ -1,12 +0,0 @@
# Drop requests for unknown hosts
#
# If no default server is defined, nginx will use the first found server.
# To prevent host header attacks, or other potential problems when an unknown
# servername is used in a request, it's recommended to drop the request
# returning 444 "no response".
server {
listen [::]:80 default_server deferred;
listen :80 default_server deferred;
return 444;
}

0
sites-enabled/.gitkeep
View File