Page MenuHomeDevCentral
Files F4020628

D1294.diff
No OneTemporary
Actions

D1294.diff
View Options

diff --git a/roles/webserver-legacy/init.sls b/roles/webserver-legacy/init.sls
--- a/roles/webserver-legacy/init.sls
+++ b/roles/webserver-legacy/init.sls
@@ -11,6 +11,7 @@
- .account
- .directories
- .zr
+ - .nginx
- .static-sites
- .php-sites
- .tweaks
diff --git a/roles/webserver-legacy/nginx/config.sls b/roles/webserver-legacy/nginx/config.sls
new file mode 100644
--- /dev/null
+++ b/roles/webserver-legacy/nginx/config.sls
@@ -0,0 +1,21 @@
+# -------------------------------------------------------------
+# Salt — Sites to provision on the legacy web server
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs with context %}
+
+# -------------------------------------------------------------
+# includes folder
+#
+# :: general configuration
+# :: application-specific code
+# -------------------------------------------------------------
+
+{{ dirs.etc }}/nginx/includes:
+ file.recurse:
+ - source: salt://roles/webserver-legacy/nginx/files/includes
+ - dir_mode: 755
+ - file_mode: 644
diff --git a/roles/webserver-legacy/nginx/files/includes/fastcgi_params b/roles/webserver-legacy/nginx/files/includes/fastcgi_params
new file mode 100644
--- /dev/null
+++ b/roles/webserver-legacy/nginx/files/includes/fastcgi_params
@@ -0,0 +1,51 @@
+# -------------------------------------------------------------
+# Configuration for Nasqueron web sites
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Author: Sébastien Santoro aka Dereckson
+# Created: 2017-11-19
+# Project: Nasqueron
+# Description: nginx FastCGI configuration
+# License: Trivial work, not eligible for copyright.
+# Source file: roles/webserver-legacy/nginx/files/includes/fastcgi_params
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+# -------------------------------------------------------------
+# Headers
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type;
+fastcgi_param CONTENT_LENGTH $content_length;
+
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param REQUEST_SCHEME $scheme;
+fastcgi_param HTTPS $https if_not_empty;
+
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+
+fastcgi_param REMOTE_ADDR $remote_addr;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
+
+# -------------------------------------------------------------
+# PHP tweak
+#
+# Required if PHP was built with --enable-force-cgi-redirect.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+fastcgi_param REDIRECT_STATUS 200;
diff --git a/roles/webserver-legacy/nginx/files/includes/letsencrypt b/roles/webserver-legacy/nginx/files/includes/letsencrypt
new file mode 100644
--- /dev/null
+++ b/roles/webserver-legacy/nginx/files/includes/letsencrypt
@@ -0,0 +1,21 @@
+# -------------------------------------------------------------
+# Configuration for Let's encrypt nginx
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Author: Sébastien Santoro aka Dereckson
+# Created: 2016-01-05
+# Description: Get SSL certificates from Let's encrypt
+# License: Trivial work, not eligible for copyright.
+# Source file: roles/webserver-legacy/nginx/files/includes/letsencrypt
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+location /.well-known/acme-challenge {
+ default_type text/plain;
+ root /var/letsencrypt-auto;
+}
diff --git a/roles/webserver-legacy/nginx/files/includes/pluton b/roles/webserver-legacy/nginx/files/includes/pluton
new file mode 100644
--- /dev/null
+++ b/roles/webserver-legacy/nginx/files/includes/pluton
@@ -0,0 +1,37 @@
+# -------------------------------------------------------------
+# Configuration for Keruald/Pluton web sites
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Author: Sébastien Santoro aka Dereckson
+# Created: 2017-11-24
+# Project: Keruald
+# Description: nginx
+# License: Trivial work, not eligible for copyright.
+# Source file: roles/webserver-legacy/nginx/files/includes/pluton
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+index index.html index.php index.htm;
+
+location / {
+ try_files $uri @app;
+}
+
+location ~ \.html$ {
+ fastcgi_pass unix:/var/run/web/$server_name/php-fpm.sock;
+ fastcgi_index index.php;
+ fastcgi_param SCRIPT_FILENAME $document_root/index.php;
+ include fastcgi_params;
+}
+
+location @app {
+ fastcgi_pass unix:/var/run/web/$server_name/php-fpm.sock;
+ fastcgi_index index.php;
+ fastcgi_param SCRIPT_FILENAME $document_root/index.php;
+ include fastcgi_params;
+}
diff --git a/roles/webserver-legacy/nginx/files/includes/tls b/roles/webserver-legacy/nginx/files/includes/tls
new file mode 100644
--- /dev/null
+++ b/roles/webserver-legacy/nginx/files/includes/tls
@@ -0,0 +1,21 @@
+# -------------------------------------------------------------
+# Configuration for nginx TLS
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Author: Sébastien Santoro aka Dereckson
+# Created: 2016-01-05
+# License: Trivial work, not eligible for copyright.
+# Source file: roles/webserver-legacy/nginx/files/includes/tls
+# -------------------------------------------------------------
+
+listen 443 ssl http2;
+listen [::]:443 ssl http2;
+
+keepalive_timeout 70;
+
+ssl_session_timeout 1d;
+ssl_session_cache shared:SSL:50m;
+ssl_session_tickets off;
+
+ssl_protocols TLSv1.2;
+ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+ssl_prefer_server_ciphers on;
diff --git a/roles/webserver-legacy/init.sls b/roles/webserver-legacy/nginx/init.sls
copy from roles/webserver-legacy/init.sls
copy to roles/webserver-legacy/nginx/init.sls
--- a/roles/webserver-legacy/init.sls
+++ b/roles/webserver-legacy/nginx/init.sls
@@ -1,18 +1,9 @@
# -------------------------------------------------------------
# Salt — Sites to provision on the legacy web server
-#
-# Currently, this is deployed to ysul.nasqueron.org
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
include:
- - .account
- - .directories
- - .zr
- - .static-sites
- - .php-sites
- - .tweaks
- - .be/dereckson
- - .org/nasqueron
+ - .config

File Metadata

Mime Type
text/plain
Expires
Mon, Jan 20, 06:26 (18 h, 11 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2361775
Default Alt Text
D1294.diff (8 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator