New nginx role

2018-11-03 16:20:39 +01:00 · 2018-11-03 16:20:39 +01:00 · 7956d09b3e
commit 7956d09b3e
parent 71caecc508
22 changed files with 122 additions and 130 deletions
--- a/roles/nginx/files/error-pages/502.html
+++ b/roles/nginx/files/error-pages/502.html
@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>502 Bad Gateway</title>
+  <link rel="stylesheet" href="/_error-pages/style.css">
+</head>
+<body>
+  <img src="/_error-pages/bad_gateway.png" alt="Bad Gateway Sign" class="singleton">
+</body>
--- a/roles/nginx/files/error-pages/bad_gateway.png
+++ b/roles/nginx/files/error-pages/bad_gateway.png
--- a/roles/nginx/files/error-pages/style.css
+++ b/roles/nginx/files/error-pages/style.css
@ -0,0 +1,4 @@
+img.singleton {
+  display: block;
+  margin: 10px auto;
+}
--- a/roles/nginx/files/etc/nginx/include/headers_hsts.conf
+++ b/roles/nginx/files/etc/nginx/include/headers_hsts.conf
@ -1,4 +0,0 @@
-# Header bitte nur auf "location" Ebene inkludieren:
-# https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
-
-add_header Strict-Transport-Security max-age=31536000;
--- a/roles/nginx/files/etc/nginx/include/letsencrypt_srv02.conf
+++ b/roles/nginx/files/etc/nginx/include/letsencrypt_srv02.conf
@ -1,5 +0,0 @@
-location ^~ /.well-known/acme-challenge {
-    proxy_set_header Host $host;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_pass http://srv02.hamburg.freifunk.net$request_uri;
-}
--- a/roles/nginx/files/etc/nginx/include/no_logging.conf
+++ b/roles/nginx/files/etc/nginx/include/no_logging.conf
@ -1,7 +0,0 @@
-# Deaktiviert Logging
-
-access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitors loggen.
-
-# Bitte nur zum Debuggen von schweren Fehlern das Log-File temporär setzen und dann anschließend die Logs löschen.
-# So stellen wir sicher, dass keine IPs geloggt werden.
-error_log /dev/null crit;
--- a/roles/nginx/files/etc/nginx/include/no_symlinks.conf
+++ b/roles/nginx/files/etc/nginx/include/no_symlinks.conf
@ -1 +0,0 @@
-disable_symlinks on from=$document_root;
--- a/roles/nginx/files/etc/nginx/include/ssl_rewrite.conf
+++ b/roles/nginx/files/etc/nginx/include/ssl_rewrite.conf
@ -1,4 +0,0 @@
-# Generischer Rewrite von HTTP nach HTTPS
-location / {
-    return 302 https://$server_name$request_uri;
-}
--- a/roles/nginx/files/etc/nginx/include/listing.conf
+++ b/roles/nginx/files/etc/nginx/include/listing.conf
--- a/roles/nginx/files/snippets/error-pages.conf
+++ b/roles/nginx/files/snippets/error-pages.conf
@ -0,0 +1,5 @@
+error_page 502 /_error-pages/502.html;
+
+location ^~ /_error-pages {
+    root /var/www;
+}
--- a/roles/nginx/files/snippets/header-hsts.conf
+++ b/roles/nginx/files/snippets/header-hsts.conf
@ -0,0 +1 @@
+add_header Strict-Transport-Security 'max-age=31536000';
--- a/roles/nginx/files/etc/nginx/include/letsencrypt_srv01.conf
+++ b/roles/nginx/files/etc/nginx/include/letsencrypt_srv01.conf
@ -2,4 +2,5 @@ location ^~ /.well-known/acme-challenge {
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://srv01.hamburg.freifunk.net$request_uri;
+    access_log off;
 }
--- a/roles/nginx/files/snippets/location-acme.conf
+++ b/roles/nginx/files/snippets/location-acme.conf
@ -0,0 +1,5 @@
+location ^~ /.well-known/acme-challenge {
+    root /var/www/_acme-challenge;
+    try_files $uri $uri/ =404;
+    access_log off;
+}
--- a/roles/nginx/files/etc/nginx/include/no_dotfiles.conf
+++ b/roles/nginx/files/etc/nginx/include/no_dotfiles.conf
@ -1,7 +1,8 @@
+disable_symlinks on from=$document_root;
+
 # Do not serve dotfiles.
 location ~ /\. {
    deny all;
    access_log off;
    log_not_found off;
 }
-
				`@ -0,0 +1 @@`
				`add_header Strict-Transport-Security 'max-age=31536000';`