- # File managed by Puppet: pvl::frontend::http: ranssi
- server {
- listen 80;
- listen 443 ssl;
- listen [::]:80;
- listen [::]:443 ssl;
- server_name ranssi2.paivola.fi ranssi ranssi2 ranssi.paivola.fi ranssi2.paivola.fi ranssi-new.paivola.fi ranssi.paivola.net;
- location /.well-known/acme-challenge/ {
- alias /var/lib/acme/acme-challenge/;
- }
- # Redirect to main name
- if ($host != 'ranssi2.paivola.fi') {
- return 301 https://ranssi2.paivola.fi$request_uri;
- }
- # Force https
- if ($scheme != 'https') {
- return 301 https://$server_name$request_uri;
- }
- # SNI cert
- ssl_certificate /var/lib/acme/live/ranssi2.paivola.fi/fullchain;
- ssl_certificate_key /var/lib/acme/live/ranssi2.paivola.fi/privkey;
- location / {
- ## Host-based access control
- allow 10.6.0.0/16;
- allow 10.7.7.0/24;
- allow 194.197.235.0/25;
- allow 2001:2060:41:a06::/64;
- deny all; # Default
- ## Authentication
- auth_basic "ranssi2.paivola.fi";
- auth_basic_user_file /etc/nginx/auth/ranssi;
- # Auth for blacklist
- satisfy any;
- proxy_pass http://docker-matikka.ranssi.pvl:5005;
- ## Request -> upstream
- proxy_http_version 1.1;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header Via "$server_protocol $server_addr:$server_port ($server_name nginx/$nginx_version)";
- proxy_set_header X-Forwarded-For "$remote_addr";
- # http/https
- proxy_set_header X-Forwarded-Proto "$scheme";
- ## Response -> Client
- proxy_pass_header Server;
- proxy_pass_header Date;
- add_header Via "HTTP/1.1 $hostname (nginx)";
- add_header X-Backend-Server "$proxy_host";
- }
- location ~ ^/(~.*) {
- return 301 http://users.paivola.fi/$1;
- }
- }
Untitled
From Idiotic Goose, 1 Year ago, written in Plain Text, viewed 2 times.
This paste will give up the ghost in 1 Second.
URL https://paste.paivola.fi/view/349c89e6
Embed
Download Paste or View Raw
— Expand Paste to full width of browser