diff --git a/roles/shellserver/eglide-website/init.sls b/roles/shellserver/eglide-website/init.sls
index 04baa00..4c25e81 100644
--- a/roles/shellserver/eglide-website/init.sls
+++ b/roles/shellserver/eglide-website/init.sls
@@ -1,22 +1,32 @@
# -------------------------------------------------------------
# Salt — Provision www.eglide.org website
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Eglide
# Created: 2016-09-12
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# Deploy /opt/staging/wwwroot/eglide.org/www to www.eglide.org
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/www/html:
file.recurse:
- source: salt://wwwroot/eglide.org/www
- exclude_pat: E@.git
- include_empty: True
- clean: True
- user: www-data
- group: www-data
- dir_mode: 711
- file_mode: 644
+
+# -------------------------------------------------------------
+# Nginx logs
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/var/log/www/eglide.org:
+ file.directory:
+ - user: root
+ - group: www-data
+ - dir_mode: 750
diff --git a/roles/shellserver/web-hosting/files/eglide/nginx/includes/letsencrypt.conf b/roles/shellserver/web-hosting/files/eglide/nginx/includes/letsencrypt.conf
new file mode 100644
index 0000000..334f0d6
--- /dev/null
+++ b/roles/shellserver/web-hosting/files/eglide/nginx/includes/letsencrypt.conf
@@ -0,0 +1,14 @@
+# -------------------------------------------------------------
+# Configuration for Let's encrypt nginx
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Author: Sébastien Santoro aka Dereckson
+# Created: 2016-01-05
+# Description: Get SSL certificates from Let's encrypt
+# -------------------------------------------------------------
+
+ location /.well-known/acme-challenge {
+ allow all;
+
+ default_type text/plain;
+ root /var/letsencrypt-auto;
+ }
diff --git a/roles/shellserver/web-hosting/files/eglide/nginx/nginx.conf b/roles/shellserver/web-hosting/files/eglide/nginx/nginx.conf
new file mode 100644
index 0000000..aaf464a
--- /dev/null
+++ b/roles/shellserver/web-hosting/files/eglide/nginx/nginx.conf
@@ -0,0 +1,38 @@
+# -------------------------------------------------------------
+# Eglide — nginx configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Eglide
+# Created: 2016-07-26
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Server configuration
+# -------------------------------------------------------------
+
+worker_processes 1;
+
+events {
+ worker_connections 1024;
+}
+
+# -------------------------------------------------------------
+# HTTP configuration
+# -------------------------------------------------------------
+
+http {
+ include mime.types;
+ default_type text/plain;
+
+ server_names_hash_bucket_size 128;
+
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ sendfile on;
+ keepalive_timeout 65;
+ gzip on;
+
+ include vhosts/*.conf;
+}
diff --git a/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/000.conf b/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/000.conf
new file mode 100644
index 0000000..6d3904b
--- /dev/null
+++ b/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/000.conf
@@ -0,0 +1,33 @@
+# -------------------------------------------------------------
+# Eglide — nginx configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Eglide
+# Created: 2016-07-26
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Default vhost as a catchall when Host: header value doesn't
+# match any server name, ie the domain is unknown.
+# -------------------------------------------------------------
+
+ server {
+ listen 80;
+ listen [2001:470:1f12:9e1::2]:80;
+ listen [2001:470:1f13:9e1:0:c0ff:ee:1]:80;
+ server_name _;
+ root /var/wwwroot/unknown_domains;
+
+ access_log /var/log/www/unknown_domains-access.log main;
+ error_log /var/log/www/unknown_domains-error.log;
+
+ error_page 404 @unknowndomains;
+
+ location / {
+ return 404;
+ }
+
+ location @unknowndomains {
+ rewrite ^(.*)$ /unknown.html break;
+ }
+ }
diff --git a/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/001-eglide.org.conf b/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/001-eglide.org.conf
new file mode 100644
index 0000000..a8ae5f5
--- /dev/null
+++ b/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/001-eglide.org.conf
@@ -0,0 +1,58 @@
+# -------------------------------------------------------------
+# Eglide — nginx configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Eglide
+# Created: 2016-07-26
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Main vhost receives special responsibilities like serving
+# user directories.
+# -------------------------------------------------------------
+
+ server {
+
+ listen 80;
+ listen [::]:80;
+ server_name localhost eglide eglide.org eglide.nasqueron.org www.eglide.org [2001:470:1f12:896::2] [2001:470:1f13:896:0:c0de:15:11fe];
+ root /var/www/html;
+
+ access_log /var/log/www/eglide.org/www-access.log main;
+ error_log /var/log/www/eglide.org/www-error.log;
+
+ ###
+ ### SSL
+ ###
+
+ include includes/letsencrypt.conf;
+
+ # Once the first certificate has been generated, we'll enabl this snippet:
+ #
+ # SSL - include ssl_params;
+ # SSL - ssl_certificate /usr/local/etc/letsencrypt/live/eglide.org/fullchain.pem;
+ # SSL - ssl_certificate_key /usr/local/etc/letsencrypt/live/eglide.org/privkey.pem;
+
+ ###
+ ### Main site
+ ###
+
+ location / {
+ index index.html index.htm default.html default.htm;
+ }
+
+ error_page 500 502 503 504 /50x.html;
+
+ ###
+ ### public_html user directories
+ ###
+
+ set $userdir public_html;
+
+ location ~ ^/~(.+?)(/.*)?$ {
+ alias /home/$1/$userdir$2;
+ index index.html index.htm;
+ autoindex on;
+ }
+
+ }
diff --git a/roles/shellserver/web-hosting/files/eglide/wwwroot-unknown/unknown.html b/roles/shellserver/web-hosting/files/eglide/wwwroot-unknown/unknown.html
new file mode 100644
index 0000000..b190434
--- /dev/null
+++ b/roles/shellserver/web-hosting/files/eglide/wwwroot-unknown/unknown.html
@@ -0,0 +1,17 @@
+
+
+
+
+
+
+ Eglide
+
+
+ Eglide :: Unknown domain
+ HTTP 404 Not Found
+ Eglide allows users to create accounts to host tmux/screen + irssi/weechat or bots for IRC purpose.
+ It also offers a small HTML web presence.
+ The domain you seek redirects to one of our IPs, but it hasn't been declared in our webserver.
+ Contact the domain owner for assistance.
+
+
diff --git a/roles/shellserver/web-hosting/init.sls b/roles/shellserver/web-hosting/init.sls
new file mode 100644
index 0000000..63f9168
--- /dev/null
+++ b/roles/shellserver/web-hosting/init.sls
@@ -0,0 +1,56 @@
+# -------------------------------------------------------------
+# Salt — nginx configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Eglide
+# Created: 2016-11-08
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Nginx configuration files
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+nginx_config_files:
+ file.recurse:
+ {% if grains['os'] == 'FreeBSD' %}
+ - name: /usr/local/etc/nginx
+ {% else %}
+ - name: /etc/nginx
+ {% endif %}
+ - source: salt://roles/shellserver/web-hosting/files/{{ grains['id'] }}/nginx
+ - include_empty: True
+ - clean: False
+ - dir_mode: 755
+ - file_mode: 644
+ - cmd.run:
+ - name: nginx -t reload
+ - onchanges:
+ {% if grains['os'] == 'FreeBSD' %}
+ - file: /usr/local/etc/nginx/nginx.conf
+ {% else %}
+ - file: /etc/nginx/nginx.conf
+ {% endif %}
+
+# -------------------------------------------------------------
+# Nginx logs
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/var/log/www:
+ file.directory:
+ - user: root
+ - group: www-data
+ - dir_mode: 750
+
+# -------------------------------------------------------------
+# Site to serve when Host: header doesn't match a known vhost
+#
+# Typically, this occurs when a domain is configured in DNS,
+# but not in nginx.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+unknown_domain_files:
+ file.recurse:
+ - name: /var/wwwroot/unknown_domains
+ - source: salt://roles/shellserver/web-hosting/files/{{ grains['id'] }}/wwwroot-unknown
+ - dir_mode: 755
+ - file_mode: 644