Konfiguration gefixt und massiv aufgeräumt

SSL Redirects funktionieren jetzt
This commit is contained in:
kpcyrd 2015-01-31 06:47:41 +00:00
parent d170593345
commit d144bc082c
30 changed files with 501 additions and 241 deletions

View file

@ -0,0 +1,6 @@
# Transparenter Proxy für das Formular.
location / {
proxy_pass http://localhost:8080;
}

46
include/graph_common.conf Normal file
View file

@ -0,0 +1,46 @@
# Grundkonfiguration des Graphen / der Karte
root /var/www/nodes_ffhh;
index graph.html;
if_modified_since before;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/default$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location ~ \.cgi$ {
gzip off; #gzip makes scripts feel slower since they have to complete before getting gzipped
fastcgi_pass unix:/var/run/nginx/cgiwrap-dispatch.sock;
fastcgi_index index.cgi;
fastcgi_param SCRIPT_FILENAME /var/www/nodes_ffhh/$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
}
location = /nodes.json {
gzip_types application/octet-stream;
gzip on;
}

24
include/media_common.conf Normal file
View file

@ -0,0 +1,24 @@
# Basis-Konfiguration für media.
# Don't allow to get framed by sites that aren't on the same domain
add_header X-Frame-Options SAMEORIGIN;
# Tell clients never to use http or self-signed (!) certificates
# There's no way to bypass this option after it has been cached!
add_header Strict-Transport-Security max-age=31536000;
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
root /var/www/media;
disable_symlinks on from=$document_root;
location / {
autoindex on;
autoindex_exact_size on;
autoindex_localtime off;
}

16
include/meta_common.conf Normal file
View file

@ -0,0 +1,16 @@
# Basis-Konfiguration für meta.
root /var/www/meta_ffhh;
disable_symlinks on from=$document_root;
location / {
autoindex on;
autoindex_exact_size on;
autoindex_localtime off;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}

8
include/no_logging.conf Normal file
View file

@ -0,0 +1,8 @@
# Deaktiviert Logging
access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitor loggen.
# Bitte nur zum Debuggen von schweren Fehlern das Log-File temporär setzen und dann anschließend die Logs löschen.
# So stellen wir sicher, dass keine IPs geloggt werden.
error_log /dev/null crit;

View file

@ -0,0 +1,18 @@
# Basis-Konfiguration für den Postfix-Admin
root /var/www/postfixadmin_ffhh;
index index.php index.html index.htm;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/postfixadmin_ffhh$fastcgi_script_name;
#fastcgi_param SCRIPT_FILENAME /var/www/default$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location / {
index index.php;
try_files $uri $uri/index.php;
}

2
include/ssl.rewrite Normal file
View file

@ -0,0 +1,2 @@
# Generischer Rewrite von HTTP nach HTTPS
rewrite ^ https://$server_name$request_uri? permanent;

10
include/ssl_common.conf Normal file
View file

@ -0,0 +1,10 @@
# Basis Konfiguration für SSL. Wird von allen vhosts includet.
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Only strong ciphers in PFS mode
ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

View file

@ -0,0 +1,7 @@
# Basis Konfiguration für SSL mit hamburg.freifunk.net-Zertifikat.
ssl_certificate /etc/ssl/certs/hamburg.freifunk.net.crt;
ssl_certificate_key /etc/ssl/private/hamburg.freifunk.net.key;
include /etc/nginx/include/ssl_common.conf;

View file

@ -0,0 +1,7 @@
# Basis Konfiguration für SSL mit hamburg.freifunk.net-Zertifikat.
ssl_certificate /etc/ssl/certs/*.hamburg.freifunk.net.crt;
ssl_certificate_key /etc/ssl/private/*.hamburg.freifunk.net.key;
include /etc/nginx/include/ssl_common.conf;

13
include/start_common.conf Normal file
View file

@ -0,0 +1,13 @@
# Basis-Konfiguration für start.
root /var/www/start-ffhh/_site;
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location /feeds/hamburg.freifunk.net.rss {
proxy_pass https://hamburg.freifunk.net/feed;
}

View file

@ -0,0 +1,9 @@
# Basis-Konfiguration für updates.
root /var/www/updates;
location / {
access_log off;
log_not_found off;
autoindex on;
}

View file

@ -0,0 +1,34 @@
# Basis-Konfiguration für Wordpress
client_max_body_size 16M;
root /var/www/wordpress;
index index.php index.html index.htm;
# Don't allow to get framed by sites that aren't on the same domain
add_header X-Frame-Options SAMEORIGIN;
# Tell clients never to use http or self-signed (!) certificates
# There's no way to bypass this option after it has been cached!
add_header Strict-Transport-Security max-age=31536000;
# This order might seem weird - this is attempted to match last if rules below fail.
# http://wiki.nginx.org/HttpCoreModule
location / {
index index.php;
try_files $uri $uri/ /index.php?$args;
}
# Directives to send expires headers and turn off 404 error logging.
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 24h;
log_not_found off;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/wordpress$fastcgi_script_name;
# fastcgi_param SCRIPT_FILENAME /var/www/default$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}

View file

@ -27,12 +27,13 @@ http {
##############################################
# Logging Settings
##
#access_log /var/log/nginx/access.log;
access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitor loggen.
# Bitte nur zum Debuggen von schweren Fehlern das Log-File temporär setzen und dann anschließend die Logs löschen.
# So stellen wir sicher, dass keine IPs geloggt werden.
error_log /dev/null crit;
#error_log /var/log/nginx/error.log crit;
error_log /dev/null warn;
#error_log /var/log/nginx/error.log debug;
##############################################
# nginx-naxsi config

39
sites-available/base Normal file
View file

@ -0,0 +1,39 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
access_log off;
error_log /dev/null crit;
ssl_certificate /etc/ssl/certs/*.hamburg.freifunk.net.crt;
ssl_certificate_key /etc/ssl/private/*.hamburg.freifunk.net.key;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Only strong ciphers in PFS mode
ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Don't allow to get framed by sites that aren't on the same domain
add_header X-Frame-Options SAMEORIGIN;
# Tell clients never to use http or self-signed (!) certificates
# There's no way to bypass this option after it has been cached!
add_header Strict-Transport-Security max-age=31536000;
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
}

View file

@ -17,3 +17,23 @@ server {
# include /etc/nginx/fastcgi_params;
# }
}
#server {
# listen 80 default_server;
# listen [::]:80 default_server;
#
# root /var/www/wordpress; #/usr/share/nginx/html;
# index index.php index.html index.htm;
#
# # Make site accessible from http://localhost/
## server_name *.hamburg.freifunk.net;
#
# return 302 http://hamburg.freifunk.net;
#
## location ~ \.php$ {
## fastcgi_pass unix:/var/run/php5-fpm.sock;
## fastcgi_index index.php;
## fastcgi_param SCRIPT_FILENAME /var/www/default$fastcgi_script_name;
## include /etc/nginx/fastcgi_params;
## }
#}

View file

@ -1,45 +1,35 @@
server {
include /etc/nginx/include/no_logging.conf;
listen 80;
listen [::]:80;
server_name formular.hamburg.freifunk.net formular.services.ffhh formular.ffhh;
access_log off;
server_name formular.hamburg.freifunk.net;
return 301 https://formular.hamburg.freifunk.net$request_uri;
include /etc/nginx/include/ssl.rewrite;
}
server {
listen 443;
listen [::]:443;
server_name formular.hamburg.freifunk.net formular.services.ffhh formular.ffhh;
include /etc/nginx/include/no_logging.conf;
access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitor loggen.
listen 80;
listen [::]:80;
# Bitte nur zum Debuggen von schweren Fehlern das Log-File temporär setzen und dann anschließend die Logs löschen.
# So stellen wir sicher, dass keine IPs geloggt werden.
error_log /dev/null crit;
server_name formular.services.ffhh formular.ffhh;
ssl_certificate /etc/ssl/certs/formular.hamburg.freifunk.net.crt;
ssl_certificate_key /etc/ssl/private/formular.hamburg.freifunk.net.key;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Only strong ciphers in PFS mode
ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Don't allow to get framed by sites that aren't on the same domain
add_header X-Frame-Options SAMEORIGIN;
# Tell clients never to use http or self-signed (!) certificates
# There's no way to bypass this option after it has been cached!
add_header Strict-Transport-Security max-age=31536000;
#return 301 $scheme://formular.hamburg.freifunk.net:8080$request_uri;
location / {
proxy_pass http://formular.hamburg.freifunk.net:8080;
}
include /etc/nginx/include/formular_proxy.conf;
}
server {
include /etc/nginx/include/no_logging.conf;
listen 443 ssl;
listen [::]:443 ssl;
server_name formular.hamburg.freifunk.net;
include /etc/nginx/include/ssl_wildcard.conf;
include /etc/nginx/include/formular_proxy.conf;
}

View file

@ -1,51 +1,35 @@
server {
include /etc/nginx/include/no_logging.conf;
listen 80;
listen [::]:80;
server_name graph.hamburg.freifunk.net knotengraph.ffhh;
access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitor loggen.
server_name knotengraph.ffhh;
# Bitte nur zum Debuggen von schweren Fehlern das Log-File temporär setzen und dann anschließend die Logs löschen.
# So stellen wir sicher, dass keine IPs geloggt werden.
error_log /dev/null crit;
root /var/www/nodes_ffhh;
index graph.html;
if_modified_since before;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/default$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location ~ \.cgi$ {
gzip off; #gzip makes scripts feel slower since they have to complete before getting gzipped
fastcgi_pass unix:/var/run/nginx/cgiwrap-dispatch.sock;
fastcgi_index index.cgi;
fastcgi_param SCRIPT_FILENAME /var/www/nodes_ffhh/$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
}
location = /nodes.json {
gzip_types application/octet-stream;
gzip on;
}
include /etc/nginx/include/graph_common.conf;
}
server {
include /etc/nginx/include/no_logging.conf;
listen 80;
listen [::]:80;
server_name graph.hamburg.freifunk.net;
include /etc/nginx/include/ssl.rewrite;
}
server {
include /etc/nginx/include/no_logging.conf;
listen 443 ssl;
listen [::]:443 ssl;
server_name graph.hamburg.freifunk.net;
include /etc/nginx/include/ssl_wildcard.conf;
include /etc/nginx/include/graph_common.conf;
}

9
sites-available/insecure Normal file
View file

@ -0,0 +1,9 @@
server {
listen 80;
listen [::]:80;
server_name _;
access_log off;
rewrite ^ https://$host$request_uri? permanent;
}

View file

@ -0,0 +1,35 @@
server {
include /etc/nginx/include/no_logging.conf;
listen 80;
listen [::]:80;
server_name media.services.ffhh;
include /etc/nginx/include/media_common.conf;
}
server {
include /etc/nginx/include/no_logging.conf;
listen 80;
listen [::]:80;
server_name media.hamburg.freifunk.net;
include /etc/nginx/include/ssl.rewrite;
}
server {
include /etc/nginx/include/no_logging.conf;
listen 443 ssl;
listen [::]:443 ssl;
server_name media.hamburg.freifunk.net;
include /etc/nginx/include/ssl_wildcard.conf;
include /etc/nginx/include/media_common.conf;
}

View file

@ -1,28 +1,24 @@
server {
include /etc/nginx/include/no_logging.conf;
listen 80;
listen [::]:80;
server_name meta.hamburg.freifunk.net;
access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitor loggen.
# Bitte nur zum Debuggen von schweren Fehlern das Log-File temporär setzen und dann anschließend die Logs löschen.
# So stellen wir sicher, dass keine IPs geloggt werden.
error_log /dev/null crit;
root /var/www/meta_ffhh;
disable_symlinks on from=$document_root;
location / {
autoindex on;
autoindex_exact_size on;
autoindex_localtime off;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
include /etc/nginx/include/meta_common.conf;
}
server {
include /etc/nginx/include/no_logging.conf;
listen 443 ssl;
listen [::]:443 ssl;
server_name meta.hamburg.freifunk.net;
include /etc/nginx/include/ssl_wildcard.conf;
include /etc/nginx/include/meta_common.conf;
}

View file

@ -1,14 +1,11 @@
server {
include /etc/nginx/include/no_logging.conf;
#listen 80;
listen [::]:80;
server_name opkg.services.ffhh;
access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitor loggen.
# Bitte nur zum Debuggen von schweren Fehlern das Log-File temporär setzen und dann anschließend die Logs löschen.
# So stellen wir sicher, dass keine IPs geloggt werden.
error_log /dev/null crit;
location / {
proxy_pass https://downloads.openwrt.org/;
}

View file

@ -1,59 +1,35 @@
# HTTP redirect to HTTPS
server {
include /etc/nginx/include/no_logging.conf;
listen 80;
listen [::]:80;
# listen 443;
server_name postmaster.hamburg.freifunk.net postmaster.services.ffhh;
# rewrite ^ https://postmaster.hamburg.freifunk.net permanent;
rewrite ^ https://$server_name$request_uri? permanent;
access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitor loggen.
# Bitte nur zum Debuggen von schweren Fehlern das Log-File temporär setzen und dann anschließend die Logs löschen.
# So stellen wir sicher, dass keine IPs geloggt werden.
error_log /dev/null crit;
server_name postmaster.services.ffhh;
include /etc/nginx/include/postfixadmin_common.conf;
}
# HTTPS server
server {
listen 443;
listen [::]443;
server_name postmaster.hamburg.freifunk.net postmaster.services.ffhh;
access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitor loggen.
# Bitte nur zum Debuggen von schweren Fehlern das Log-File temporär setzen und dann anschließend die Logs löschen.
# So stellen wir sicher, dass keine IPs geloggt werden.
include /etc/nginx/include/no_logging.conf;
error_log /dev/null crit;
# error_log /var/log/nginx/error.log;
listen 80;
listen [::]:80;
root /var/www/postfixadmin_ffhh;
index index.php index.html index.htm;
ssl on;
ssl_certificate /etc/nginx/ssl/postfix_ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/postfix_ssl/server.key;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Only strong ciphers in PFS mode
ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/postfixadmin_ffhh$fastcgi_script_name;
#fastcgi_param SCRIPT_FILENAME /var/www/default$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location / {
index index.php; # hinzugefuegt
try_files $uri $uri/index.php;
} # geaendert von ez am 28.02.2014;
server_name postmaster.hamburg.freifunk.net;
include /etc/nginx/include/ssl.rewrite;
}
server {
include /etc/nginx/include/no_logging.conf;
listen 443 ssl;
listen [::]:443 ssl;
server_name postmaster.hamburg.freifunk.net;
include /etc/nginx/include/ssl_wildcard.conf;
include /etc/nginx/include/postfixadmin_common.conf;
}

View file

@ -1,24 +1,35 @@
server {
include /etc/nginx/include/no_logging.conf;
listen 80;
listen [::]:80;
server_name start.hamburg.freifunk.net start.ffhh;
access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitor loggen.
server_name start.ffhh;
# Bitte nur zum Debuggen von schweren Fehlern das Log-File temporär setzen und dann anschließend die Logs löschen.
# So stellen wir sicher, dass keine IPs geloggt werden.
error_log /dev/null crit;
root /var/www/start-ffhh/_site;
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location /feeds/hamburg.freifunk.net.rss {
proxy_pass https://hamburg.freifunk.net/feed;
}
include /etc/nginx/include/start_common.conf;
}
server {
include /etc/nginx/include/no_logging.conf;
listen 80;
listen [::]:80;
server_name start.hamburg.freifunk.net;
include /etc/nginx/include/ssl.rewrite;
}
server {
include /etc/nginx/include/no_logging.conf;
listen 443 ssl;
listen [::]:443 ssl;
server_name start.hamburg.freifunk.net;
include /etc/nginx/include/ssl_wildcard.conf;
include /etc/nginx/include/start_common.conf;
}

23
sites-available/updates Normal file
View file

@ -0,0 +1,23 @@
server {
include /etc/nginx/include/no_logging.conf;
listen 80;
listen [::]:80;
server_name updates.hamburg.freifunk.net 1.updates.services.ffhh;
include /etc/nginx/include/updates_common.conf;
}
server {
include /etc/nginx/include/no_logging.conf;
listen 443 ssl;
listen [::]:443 ssl;
server_name updates.hamburg.freifunk.net 1.updates.services.ffhh;
include /etc/nginx/include/ssl_wildcard.conf;
include /etc/nginx/include/updates_common.conf;
}

View file

@ -1,69 +1,48 @@
server {
listen 80; # ipv4 http
listen [::]:80; # ipv6 http
include /etc/nginx/include/no_logging.conf;
server_name hamburg.freifunk.net www.hamburg.freifunk.net freifunk.ffhh;
access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitor loggen.
listen 80;
listen [::]:80;
rewrite ^ https://$server_name$request_uri? permanent;
server_name freifunk.ffhh;
include /etc/nginx/include/wordpress_common.conf;
}
server {
listen 443 ssl; # ipv4 https
listen [::]:443 ssl; # ipv6 https
include /etc/nginx/include/no_logging.conf;
server_name hamburg.freifunk.net www.hamburg.freifunk.net freifunk.ffhh;
listen 80;
listen [::]:80;
access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitor loggen.
server_name hamburg.freifunk.net www.hamburg.freifunk.net;
# Bitte nur zum Debuggen von schweren Fehlern das Log-File temporär setzen und dann anschließend die Logs löschen.
# So stellen wir sicher, dass keine IPs geloggt werden.
error_log /dev/null crit;
client_max_body_size 16M;
root /var/www/wordpress;
index index.php index.html index.htm;
ssl_certificate /etc/ssl/certs/hamburg.freifunk.net.crt;
ssl_certificate_key /etc/ssl/private/hamburg.freifunk.net.key;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Only strong ciphers in PFS mode
ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Don't allow to get framed by sites that aren't on the same domain
add_header X-Frame-Options SAMEORIGIN;
# Tell clients never to use http or self-signed (!) certificates
# There's no way to bypass this option after it has been cached!
add_header Strict-Transport-Security max-age=31536000;
# This order might seem weird - this is attempted to match last if rules below fail.
# http://wiki.nginx.org/HttpCoreModule
location / {
index index.php;
try_files $uri $uri/ /index.php?$args;
}
# Directives to send expires headers and turn off 404 error logging.
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 24h;
log_not_found off;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/wordpress$fastcgi_script_name;
# fastcgi_param SCRIPT_FILENAME /var/www/default$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
rewrite ^ https://hamburg.freifunk.net$request_uri? permanent;
}
server {
include /etc/nginx/include/no_logging.conf;
listen 443 ssl;
listen [::]:443 ssl;
server_name www.hamburg.freifunk.net;
include /etc/nginx/include/ssl_wildcard.conf;
rewrite ^ https://hamburg.freifunk.net$request_uri? permanent;
}
server {
include /etc/nginx/include/no_logging.conf;
listen 443 ssl;
listen [::]:443 ssl;
server_name hamburg.freifunk.net;
include /etc/nginx/include/ssl_hamburg_freifunk_net.conf;
include /etc/nginx/include/wordpress_common.conf;
}

View file

@ -1 +0,0 @@
../sites-available/default_ffhh

View file

@ -1 +0,0 @@
../sites-available/mail

1
sites-enabled/media_ffhh Symbolic link
View file

@ -0,0 +1 @@
../sites-available/media_ffhh

1
sites-enabled/updates Symbolic link
View file

@ -0,0 +1 @@
../sites-available/updates