# Before changing this, please make sure that the DNS entries exist, otherwise
# acmetool will fail horribly!
acmetool_cert_domains:
- gabriel.c3heaven.de
- c3heaven.de
- lists.c3heaven.de
- md.c3heaven.de
- rt.c3heaven.de
- sso.c3heaven.de
- wiki.c3heaven.de
- www.c3heaven.de
angelguide_deployment_path: "/var/www/angelguide"
website_deployment_path: "/var/www/static"
nginx_https_sites:
- name: "c3heaven.de"
locations:
- location: "/"
config: "root {{ website_deployment_path }};"
- location: "~ /wiki(.*)$"
config: "return 301 https://wiki.c3heaven.de$1?$args;"
- location: "~ /kanboard(.*)$"
config: "return 301 https://kanboard.c3heaven.de$1?$args;"
- location: "/guide"
config: |-
alias {{ angelguide_deployment_path }};
add_header Access-Control-Allow-Origin *;
- location: "/angelguide.pdf"
config: "rewrite .* /guide/angelguide_$lang.pdf;"
- name: "www.c3heaven.de"
locations:
- location: "/"
config: "root /var/www/html;"
- location: "~ /wiki(.*)$"
config: "return 301 https://wiki.c3heaven.de$1?$args;"
- location: "~ /kanboard(.*)$"
config: "return 301 https://kanboard.c3heaven.de$1?$args;"
- name: "gabriel.c3heaven.de"
locations:
- location: "/"
config: "root /var/www/html;"
- name: "kanboard.c3heaven.de"
options:
- "client_max_body_size 100M;"
- "client_body_buffer_size 128k;"
- "root /var/www/kanboard;"
- "index index.php;"
locations:
- location: "/"
config: "try_files $uri $uri/ /index.php$is_args$args;"
- location: '~ \.php$'
config: |-
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
- location: '~* ^.+\.(log|sqlite)$'
config: "return 404;"
- location: '~ /\.ht'
config: "return 404;"
- location: '~* ^.+\.(ico|jpg|gif|png|css|js|svg|eot|ttf|woff|woff2|otf)$'
config: |-
log_not_found off;
expires 7d;
etag on;
- name: "lists.c3heaven.de"
locations:
- location: "/cgi-bin/mailman"
config: |-
root /usr/lib/;
fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
- location: "/images/mailman"
config: "alias /usr/share/images/mailman;"
- location: "= /"
config: "return 301 https://lists.c3heaven.de/cgi-bin/mailman/listinfo/;"
- name: "md.c3heaven.de"
locations:
- location: "/"
config: |-
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:3000;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
- location: "~ ^/liste?/?$"
config: |-
return 301 https://$host/Liste;
- name: "rt.c3heaven.de"
locations:
- location: "/"
config: |-
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_NAME "";
fastcgi_pass 127.0.0.1:9000;
- location: "/REST/1.0/NoAuth"
config: |-
deny all;
- name: "sso.c3heaven.de"
locations:
- location: "/"
config: |-
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
- location: "= /"
config: "return 301 https://sso.c3heaven.de/auth/realms/master/account;"
- name: "wiki.c3heaven.de"
options:
- "client_max_body_size 100M;"
- "client_body_buffer_size 128k;"
- "root /var/www/dokuwiki;"
- "index doku.php;"
locations:
- location: "~ /(conf/|bin/|inc/|install.php)"
config: "deny all;"
- location: "~ ^/data/"
config: "internal;"
- location: '~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$'
config: "expires 365d;"
- location: "/"
config: "try_files $uri $uri/ @dokuwiki;"
- location: "@dokuwiki"
config: |-
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
rewrite ^/(.*) /doku.php?id=$1&$args last;
- location: '~ \.php$'
config: |-
try_files $uri $uri/ /doku.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
nginx_http_locations:
- location: "/"
config: |-
access_log off;
log_not_found off;
return 301 https://$host$request_uri;
nginx_additional_http_servers:
- config: |-
listen 127.0.0.1:9001;
location / {
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_NAME "";
fastcgi_pass 127.0.0.1:9000;
}
nginx_https_default_headers:
- 'Strict-Transport-Security "max-age=31536000; includeSubDomains"'
- 'X-XSS-Protection "1; mode=block"'
- 'X-Frame-Options "SAMEORIGIN"'
- 'X-Content-Type-Options "nosniff"'
- 'Referrer-Policy "same-origin"'
rspamd_enabled: true
postfix_mydestination: "localhost, $myhostname, c3heaven.de"
postfix_myorigin: "c3heaven.de"
postfix_mynetworks: "127.0.0.1/32 159.69.40.72/32 10.23.42.0/24 [::1]/128 [2a01:4f8:c2c:df32::]/64 [fe80::9400:ff:fe31:9902]/128 [fe80::8400:ff:fe34:27e5]/128"
postfix_generic_map:
- "www-data@c3heaven.de noreply@c3heaven.de"
postfix_alias_maps:
- "hash:/etc/aliases"
- "hash:/var/lib/mailman/data/aliases"
postfix_virtual_alias_domains:
- "lists.c3heaven.de"
postfix_virtual_alias_maps:
- "hash:/var/lib/mailman/data/virtual-mailman"
# vim: set ft=yaml: