Newer
Older
# Before changing this, please make sure that the DNS entries exist, otherwise
# acmetool will fail horribly!
acmetool_cert_domains:
- gabriel.c3heaven.de
- c3heaven.de
- lists.c3heaven.de
nginx_https_sites:
- name: "c3heaven.de"
locations:
- location: "/"
config: "root /var/www/html;"
- location: "~ /wiki(.*)$"
config: "return 301 https://wiki.c3heaven.de$1?$args;"
- location: "~ /kanboard(.*)$"
config: "return 301 https://kanboard.c3heaven.de$1?$args;"
- location: "~ /guide/(.*).pdf$"
config: |-
root /var/www/html;
add_header Access-Control-Allow-Origin *;
- location: "/angelguide.pdf"
config: "rewrite .* /guide/angelguide_$lang.pdf;"
- name: "www.c3heaven.de"
locations:
- location: "/"
config: "root /var/www/html;"
- location: "~ /wiki(.*)$"
config: "return 301 https://wiki.c3heaven.de$1?$args;"
- location: "~ /kanboard(.*)$"
config: "return 301 https://kanboard.c3heaven.de$1?$args;"
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
- name: "gabriel.c3heaven.de"
locations:
- location: "/"
config: "root /var/www/html;"
- name: "kanboard.c3heaven.de"
options:
- "client_max_body_size 100M;"
- "client_body_buffer_size 128k;"
- "root /var/www/kanboard;"
- "index index.php;"
locations:
- location: "/"
config: "try_files $uri $uri/ /index.php$is_args$args;"
- location: '~ \.php$'
config: |-
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
- location: '~* ^.+\.(log|sqlite)$'
config: "return 404;"
- location: '~ /\.ht'
config: "return 404;"
- location: '~* ^.+\.(ico|jpg|gif|png|css|js|svg|eot|ttf|woff|woff2|otf)$'
config: |-
log_not_found off;
expires 7d;
etag on;
- name: "lists.c3heaven.de"
locations:
- location: "/cgi-bin/mailman"
config: |-
root /usr/lib/;
fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
- location: "/images/mailman"
config: "alias /usr/share/images/mailman;"
- location: "= /"
config: "return 301 https://lists.c3heaven.de/cgi-bin/mailman/listinfo/;"
- name: "md.c3heaven.de"
locations:
- location: "/"
config: |-
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:3000;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
- location: "~ ^/liste?/?$"
config: |-
return 301 https://$host/Liste;
- name: "rt.c3heaven.de"
locations:
- location: "/"
config: |-
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_NAME "";
fastcgi_pass 127.0.0.1:9000;
- location: "/REST/1.0/NoAuth"
config: |-
deny all;
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
- name: "sso.c3heaven.de"
locations:
- location: "/"
config: |-
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
- location: "= /"
config: "return 301 https://sso.c3heaven.de/auth/realms/master/account;"
- name: "wiki.c3heaven.de"
options:
- "client_max_body_size 100M;"
- "client_body_buffer_size 128k;"
- "root /var/www/dokuwiki;"
- "index doku.php;"
locations:
- location: "~ /(conf/|bin/|inc/|install.php)"
config: "deny all;"
- location: "~ ^/data/"
config: "internal;"
- location: '~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$'
config: "expires 365d;"
- location: "/"
config: "try_files $uri $uri/ @dokuwiki;"
- location: "@dokuwiki"
config: |-
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
rewrite ^/(.*) /doku.php?id=$1&$args last;
- location: '~ \.php$'
config: |-
try_files $uri $uri/ /doku.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
access_log off;
log_not_found off;
return 301 https://$host$request_uri;
nginx_additional_http_servers:
- config: |-
listen 127.0.0.1:9001;
location / {
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_NAME "";
fastcgi_pass 127.0.0.1:9000;
}
- 'Strict-Transport-Security "max-age=31536000; includeSubDomains"'
- 'X-XSS-Protection "1; mode=block"'
- 'X-Content-Type-Options "nosniff"'
- 'Referrer-Policy "same-origin"'
rspamd_enabled: true
postfix_mydestination: "localhost, $myhostname, c3heaven.de"
postfix_myorigin: "c3heaven.de"
postfix_mynetworks: "127.0.0.1/32 159.69.40.72/32 10.23.42.0/24 [::1]/128 [2a01:4f8:c2c:df32::]/64 [fe80::9400:ff:fe31:9902]/128 [fe80::8400:ff:fe34:27e5]/128"
postfix_generic_map:
- "www-data@c3heaven.de noreply@c3heaven.de"
postfix_alias_maps:
- "hash:/etc/aliases"
- "hash:/var/lib/mailman/data/aliases"
postfix_virtual_alias_domains:
- "lists.c3heaven.de"
postfix_virtual_alias_maps:
- "hash:/var/lib/mailman/data/virtual-mailman"