Untitled

From Idiotic Goose, 1 Year ago, written in Plain Text, viewed 2 times. This paste will give up the ghost in 1 Second.

URL https://paste.paivola.fi/view/349c89e6 Embed

Download Paste or View Raw

# File managed by Puppet: pvl::frontend::http: ranssi
 
server {
        listen  80;
        listen  443     ssl;
        listen  [::]:80;
        listen  [::]:443 ssl;
        server_name     ranssi2.paivola.fi ranssi ranssi2 ranssi.paivola.fi ranssi2.paivola.fi ranssi-new.paivola.fi ranssi.paivola.net;
 
        location /.well-known/acme-challenge/ {
                alias /var/lib/acme/acme-challenge/;
        }
 
        # Redirect to main name
        if ($host != 'ranssi2.paivola.fi') {
                return 301 https://ranssi2.paivola.fi$request_uri;
        }
 
        # Force https
        if ($scheme != 'https') {
                return 301 https://$server_name$request_uri;
        }
 
        # SNI cert
        ssl_certificate         /var/lib/acme/live/ranssi2.paivola.fi/fullchain;
        ssl_certificate_key     /var/lib/acme/live/ranssi2.paivola.fi/privkey;
 
        location / {
                ## Host-based access control
                allow           10.6.0.0/16;
                allow           10.7.7.0/24;
                allow           194.197.235.0/25;
                allow           2001:2060:41:a06::/64;
                deny            all;    # Default
 
                ## Authentication
                auth_basic              "ranssi2.paivola.fi";
                auth_basic_user_file    /etc/nginx/auth/ranssi;
 
                # Auth for blacklist
                satisfy                 any;
 
                proxy_pass              http://docker-matikka.ranssi.pvl:5005;
 
                ## Request -> upstream
                proxy_http_version      1.1;
 
                proxy_set_header        Connection      "";
                proxy_set_header        Host            $host;
                proxy_set_header        Via             "$server_protocol $server_addr:$server_port ($server_name nginx/$nginx_version)";
 
                proxy_set_header        X-Forwarded-For         "$remote_addr";
 
                # http/https
                proxy_set_header        X-Forwarded-Proto       "$scheme";
 
                ## Response -> Client
                proxy_pass_header       Server;
                proxy_pass_header       Date;
                add_header              Via             "HTTP/1.1 $hostname (nginx)";
                add_header              X-Backend-Server        "$proxy_host";
        }
 
        location ~ ^/(~.*) {
                return 301 http://users.paivola.fi/$1;
        }
}
 

Reply to "Untitled"

Here you can reply to the paste above

Author What's your name?

Title Give your paste a title.

Language What language is your paste written in?

Your paste Paste your paste here

# File managed by Puppet: pvl::frontend::http: ranssi

server {
        listen  80;
        listen  443     ssl;
        listen  [::]:80;
        listen  [::]:443 ssl;
        server_name     ranssi2.paivola.fi ranssi ranssi2 ranssi.paivola.fi ranssi2.paivola.fi ranssi-new.paivola.fi ranssi.paivola.net;

location /.well-known/acme-challenge/ {
                alias /var/lib/acme/acme-challenge/;
        }

# Redirect to main name
        if ($host != 'ranssi2.paivola.fi') {
                return 301 https://ranssi2.paivola.fi$request_uri;
        }

# Force https
        if ($scheme != 'https') {
                return 301 https://$server_name$request_uri;
        }

# SNI cert
        ssl_certificate         /var/lib/acme/live/ranssi2.paivola.fi/fullchain;
        ssl_certificate_key     /var/lib/acme/live/ranssi2.paivola.fi/privkey;

location / {
                ## Host-based access control
                allow           10.6.0.0/16;
                allow           10.7.7.0/24;
                allow           194.197.235.0/25;
                allow           2001:2060:41:a06::/64;
                deny            all;    # Default

## Authentication
                auth_basic              &quot;ranssi2.paivola.fi&quot;;
                auth_basic_user_file    /etc/nginx/auth/ranssi;

# Auth for blacklist
                satisfy                 any;

proxy_pass              http://docker-matikka.ranssi.pvl:5005;

## Request -&gt; upstream
                proxy_http_version      1.1;

proxy_set_header        Connection      &quot;&quot;;
                proxy_set_header        Host            $host;
                proxy_set_header        Via             &quot;$server_protocol $server_addr:$server_port ($server_name nginx/$nginx_version)&quot;;

proxy_set_header        X-Forwarded-For         &quot;$remote_addr&quot;;

# http/https
                proxy_set_header        X-Forwarded-Proto       &quot;$scheme&quot;;

## Response -&gt; Client
                proxy_pass_header       Server;
                proxy_pass_header       Date;
                add_header              Via             &quot;HTTP/1.1 $hostname (nginx)&quot;;
                add_header              X-Backend-Server        &quot;$proxy_host&quot;;
        }

location ~ ^/(~.*) {
                return 301 http://users.paivola.fi/$1;
        }
}

Create Shorturl Create a shorter url that redirects to your paste?

Private Private paste aren't shown in recent listings.

Delete After When should we delete your paste?