aboutsummaryrefslogtreecommitdiffstats
path: root/adze_extras/nginx-sites
diff options
context:
space:
mode:
authorBryan Newbold <bnewbold@archive.org>2017-08-05 13:07:50 -0700
committerBryan Newbold <bnewbold@archive.org>2017-08-05 13:07:50 -0700
commit6b83183a205cb1e90c690c7e7f71c447cfae9a32 (patch)
tree870ae93beb63ce3d3b338346cff3a8f2fb35bcd1 /adze_extras/nginx-sites
parent8974dd5f9351c666a1144b0584189d3a07c62351 (diff)
downloadinfra-6b83183a205cb1e90c690c7e7f71c447cfae9a32.tar.gz
infra-6b83183a205cb1e90c690c7e7f71c447cfae9a32.zip
backup adze nginx config
Diffstat (limited to 'adze_extras/nginx-sites')
-rw-r--r--adze_extras/nginx-sites/afterklein.robocracy.org21
-rw-r--r--adze_extras/nginx-sites/bnewbold.net42
-rw-r--r--adze_extras/nginx-sites/bommom.com23
-rw-r--r--adze_extras/nginx-sites/cannytrophic.com25
-rw-r--r--adze_extras/nginx-sites/cgit45
-rw-r--r--adze_extras/nginx-sites/circles.rooter.is22
-rw-r--r--adze_extras/nginx-sites/codetropes.com14
-rw-r--r--adze_extras/nginx-sites/dav.robocracy.org31
-rw-r--r--adze_extras/nginx-sites/default28
-rw-r--r--adze_extras/nginx-sites/equator.memeschemes.com34
-rw-r--r--adze_extras/nginx-sites/everyset.net14
-rw-r--r--adze_extras/nginx-sites/feeds.bnewbold.net40
-rw-r--r--adze_extras/nginx-sites/feeds.bnewbold.net_unused_temboz73
-rw-r--r--adze_extras/nginx-sites/know.bnewbold.net40
-rw-r--r--adze_extras/nginx-sites/mediagoblin78
-rw-r--r--adze_extras/nginx-sites/memeschemes.com14
-rw-r--r--adze_extras/nginx-sites/parts.bommom.com13
-rw-r--r--adze_extras/nginx-sites/robocracy.org35
-rw-r--r--adze_extras/nginx-sites/rooter.is52
-rw-r--r--adze_extras/nginx-sites/static.bnewbold.net40
20 files changed, 684 insertions, 0 deletions
diff --git a/adze_extras/nginx-sites/afterklein.robocracy.org b/adze_extras/nginx-sites/afterklein.robocracy.org
new file mode 100644
index 0000000..1a849da
--- /dev/null
+++ b/adze_extras/nginx-sites/afterklein.robocracy.org
@@ -0,0 +1,21 @@
+upstream afterklein-gitit {
+ server 127.0.0.1:5005;
+}
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name afterklein.robocracy.org;
+
+ access_log /var/log/nginx/access.log;
+
+ location / {
+ root /srv/http/default/www/;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $http_host;
+ proxy_redirect off;
+ proxy_pass http://afterklein-gitit;
+ }
+}
+
diff --git a/adze_extras/nginx-sites/bnewbold.net b/adze_extras/nginx-sites/bnewbold.net
new file mode 100644
index 0000000..946f761
--- /dev/null
+++ b/adze_extras/nginx-sites/bnewbold.net
@@ -0,0 +1,42 @@
+
+server {
+ listen 80;
+ listen [::]:80;
+ listen 443 ssl spdy;
+ listen [::]:443 ssl spdy;
+ server_name bnewbold.net www.bnewbold.net next.bnewbold.net;
+
+
+ ssl_certificate /etc/letsencrypt/live/bnewbold.net/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/bnewbold.net/privkey.pem;
+
+ #add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'";
+ add_header X-Frame-Options "SAMEORIGIN";
+ add_header X-Content-Type-Options "nosniff";
+ add_header X-Xss-Protection "1";
+ # Enable STS with one year period (breaks http; optional)
+ #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
+
+ access_log /var/log/nginx/bnewnet.access.log;
+ error_log /var/log/nginx/bnewnet.error.log;
+
+
+ location / {
+ root /srv/http/bnewbold.net/www/;
+ index index.html index.htm;
+ }
+
+ # Temporary mirror of old photos stuff
+ location /photos/ {
+ root /srv/http/bnewbold.net/adelie_backup/bnewbold.net/;
+ index index.html index.htm;
+ }
+
+ # Let's Encrypt SSL Certs
+ location /.well-known/acme-challenge/ {
+ root /var/www/letsencrypt;
+ autoindex off;
+ }
+
+}
+
diff --git a/adze_extras/nginx-sites/bommom.com b/adze_extras/nginx-sites/bommom.com
new file mode 100644
index 0000000..16a77a3
--- /dev/null
+++ b/adze_extras/nginx-sites/bommom.com
@@ -0,0 +1,23 @@
+
+upstream bommom-bommom {
+ server 127.0.0.1:5015;
+}
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name bommom.com www.bommom.com bommom.memeschemes.com;
+
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+
+ location / {
+ root /srv/http/default/www/;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $http_host;
+ proxy_redirect off;
+ proxy_pass http://bommom-bommom;
+ }
+}
+
diff --git a/adze_extras/nginx-sites/cannytrophic.com b/adze_extras/nginx-sites/cannytrophic.com
new file mode 100644
index 0000000..c6af0e2
--- /dev/null
+++ b/adze_extras/nginx-sites/cannytrophic.com
@@ -0,0 +1,25 @@
+server {
+ listen 80;
+ listen [::]:80;
+ server_name cannytrophic.com www.cannytrophic.com cannytrophic.org www.cannytrophic.org cannytrophic.net www.cannytrophic.net;
+
+ access_log /var/log/nginx/access.log;
+
+ location / {
+ root /srv/http/cannytrophic.com/www/;
+ index index.html index.htm;
+ }
+}
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name expo.cannytrophic.com expo.cannytrophic.org expo.cannytrophic.net;
+
+ access_log /var/log/nginx/access.log;
+
+ location / {
+ proxy_pass http://ctdexpo.blogspot.com;
+ }
+}
+
diff --git a/adze_extras/nginx-sites/cgit b/adze_extras/nginx-sites/cgit
new file mode 100644
index 0000000..f72f81e
--- /dev/null
+++ b/adze_extras/nginx-sites/cgit
@@ -0,0 +1,45 @@
+# Ansible managed: /home/bnewbold/code/infra/roles/git/templates/etc_nginx_sites-available_cgit.j2 modified on 2016-04-27 00:50:02 by bnewbold on eschaton
+
+server {
+
+ listen 80;
+ listen [::]:80;
+ listen 443 ssl spdy;
+ listen [::]:443 ssl spdy;
+ server_name git.bnewbold.net;
+
+ ssl_certificate /etc/letsencrypt/live/bnewbold.net/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/bnewbold.net/privkey.pem;
+
+ add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'";
+ add_header X-Frame-Options "SAMEORIGIN"; # 'always' if nginx > 1.7.5
+ add_header X-Content-Type-Options "nosniff"; # 'always' if nginx > 1.7.5
+ add_header X-Xss-Protection "1";
+ # Enable STS with one year period (breaks http; optional)
+ #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
+
+ root /srv/http/cgit;
+
+ location / {
+ try_files $uri @cgit;
+ }
+
+ location @cgit {
+ index cgit.cgi;
+ fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi;
+ fastcgi_pass unix:/var/run/fcgiwrap.socket;
+ fastcgi_param HTTP_HOST $server_name;
+ fastcgi_param PATH_INFO $uri;
+ fastcgi_param QUERY_INFO $uri;
+ include "fastcgi_params";
+
+ }
+
+ # Let's Encrypt SSL Certs
+ location /.well-known/acme-challenge/ {
+ root /var/www/letsencrypt;
+ autoindex off;
+ }
+
+}
+
diff --git a/adze_extras/nginx-sites/circles.rooter.is b/adze_extras/nginx-sites/circles.rooter.is
new file mode 100644
index 0000000..131a672
--- /dev/null
+++ b/adze_extras/nginx-sites/circles.rooter.is
@@ -0,0 +1,22 @@
+upstream circles {
+ server localhost:8855;
+ #server 10.4.0.6;
+}
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name circles.rooter.is;
+
+ access_log /dev/null;
+ error_log /dev/null;
+
+ location / {
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $http_host;
+ proxy_redirect off;
+ proxy_pass http://circles;
+ }
+}
+
diff --git a/adze_extras/nginx-sites/codetropes.com b/adze_extras/nginx-sites/codetropes.com
new file mode 100644
index 0000000..dff321d
--- /dev/null
+++ b/adze_extras/nginx-sites/codetropes.com
@@ -0,0 +1,14 @@
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name codetropes.com www.codetropes.com;
+
+ access_log /var/log/nginx/access.log;
+
+ location / {
+ root /srv/http/codetropes.com/www/;
+ index index.html index.htm;
+ }
+}
+
diff --git a/adze_extras/nginx-sites/dav.robocracy.org b/adze_extras/nginx-sites/dav.robocracy.org
new file mode 100644
index 0000000..f7421c9
--- /dev/null
+++ b/adze_extras/nginx-sites/dav.robocracy.org
@@ -0,0 +1,31 @@
+
+server {
+
+ listen 80;
+ listen [::]:80;
+ listen 443 ssl spdy;
+ listen [::]:443 ssl spdy;
+ server_name dav.robocracy.org;
+
+ ssl_certificate /etc/letsencrypt/live/robocracy.org/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/robocracy.org/privkey.pem;
+
+ add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'";
+ add_header X-Frame-Options "SAMEORIGIN"; # 'always' if nginx > 1.7.5
+ add_header X-Content-Type-Options "nosniff"; # 'always' if nginx > 1.7.5
+ add_header X-Xss-Protection "1";
+ # Enable STS with one year period (breaks http; optional)
+ #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
+
+ # Let's Encrypt SSL Certs
+ location /.well-known/acme-challenge/ {
+ root /var/www/letsencrypt;
+ autoindex off;
+ }
+
+ location / {
+ proxy_pass http://localhost:5232;
+ }
+
+}
+
diff --git a/adze_extras/nginx-sites/default b/adze_extras/nginx-sites/default
new file mode 100644
index 0000000..c08cff9
--- /dev/null
+++ b/adze_extras/nginx-sites/default
@@ -0,0 +1,28 @@
+# Default server configuration
+server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+ server_name _;
+
+ # SSL configuration
+ #
+ listen 443 ssl default_server;
+ listen [::]:443 ssl default_server;
+ #
+ # Self signed certs generated by the ssl-cert package
+ # Don't use them in a production server!
+ #
+ include snippets/snakeoil.conf;
+
+ root /srv/http/default/www;
+
+ # Add index.php to the list if you are using PHP
+ index index.html index.htm index.nginx-debian.html;
+
+ location / {
+ # First attempt to serve request as file, then
+ # as directory, then fall back to displaying a 404.
+ try_files $uri $uri/ =404;
+ }
+
+}
diff --git a/adze_extras/nginx-sites/equator.memeschemes.com b/adze_extras/nginx-sites/equator.memeschemes.com
new file mode 100644
index 0000000..807eeb0
--- /dev/null
+++ b/adze_extras/nginx-sites/equator.memeschemes.com
@@ -0,0 +1,34 @@
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name equator.memeschemes.com;
+
+ access_log /var/log/nginx/access.log;
+
+# location / {
+# root /srv/http/equator.memeschemes.com/www;
+# index index.html index.htm;
+# }
+
+ location /robots.txt {
+ root /srv/http/equator.memeschemes.com/www/;
+ }
+ location /static {
+ root /srv/http/equator.memeschemes.com/www/;
+ }
+ location / {
+ fastcgi_pass unix:/srv/http/equator.memeschemes.com/django.sock;
+ fastcgi_param PATH_INFO $fastcgi_script_name;
+ fastcgi_param REQUEST_METHOD $request_method;
+ fastcgi_param QUERY_STRING $query_string;
+ fastcgi_param SERVER_NAME $server_name;
+ fastcgi_param SERVER_PORT $server_port;
+ fastcgi_param SERVER_PROTOCOL $server_protocol;
+ fastcgi_param CONTENT_TYPE $content_type;
+ fastcgi_param CONTENT_LENGTH $content_length;
+ fastcgi_pass_header Authorization;
+ fastcgi_intercept_errors off;
+ }
+}
+
diff --git a/adze_extras/nginx-sites/everyset.net b/adze_extras/nginx-sites/everyset.net
new file mode 100644
index 0000000..de1293e
--- /dev/null
+++ b/adze_extras/nginx-sites/everyset.net
@@ -0,0 +1,14 @@
+server {
+ listen 80;
+ listen [::]:80;
+ server_name everyset.net www.everyset.net;
+
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+
+ location / {
+ root /srv/http/everyset.net/www;
+ index index.html index.htm;
+ }
+}
+
diff --git a/adze_extras/nginx-sites/feeds.bnewbold.net b/adze_extras/nginx-sites/feeds.bnewbold.net
new file mode 100644
index 0000000..7d06c22
--- /dev/null
+++ b/adze_extras/nginx-sites/feeds.bnewbold.net
@@ -0,0 +1,40 @@
+upstream bnewbold-miniflux {
+ server 127.0.0.1:8322;
+}
+
+server {
+ listen 80;
+ listen [::]:80;
+ listen 443 ssl spdy;
+ listen [::]:443 ssl spdy;
+ server_name feeds.bnewbold.net;
+
+ ssl_certificate /etc/letsencrypt/live/bnewbold.net/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/bnewbold.net/privkey.pem;
+
+ #add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'";
+ add_header X-Frame-Options "SAMEORIGIN"; # 'always' if nginx > 1.7.5
+ add_header X-Content-Type-Options "nosniff"; # 'always' if nginx > 1.7.5
+ add_header X-Xss-Protection "1";
+ # Enable STS with one year period (breaks http; optional)
+ #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
+
+ access_log /var/log/nginx/access.log;
+
+ location / {
+ root /srv/http/default/www/;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $http_host;
+ proxy_redirect off;
+ proxy_pass http://bnewbold-miniflux;
+ }
+
+ # Let's Encrypt SSL Certs
+ location /.well-known/acme-challenge/ {
+ root /var/www/letsencrypt;
+ autoindex off;
+ }
+
+}
+
diff --git a/adze_extras/nginx-sites/feeds.bnewbold.net_unused_temboz b/adze_extras/nginx-sites/feeds.bnewbold.net_unused_temboz
new file mode 100644
index 0000000..fe016b0
--- /dev/null
+++ b/adze_extras/nginx-sites/feeds.bnewbold.net_unused_temboz
@@ -0,0 +1,73 @@
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name feeds.bnewbold.net;
+
+ access_log /var/log/nginx/feeds.access.log;
+ error_log /var/log/nginx/feeds.error.log;
+
+ location = /temboz_css {
+ proxy_pass http://127.0.0.1:9999/temboz_css;
+ proxy_redirect default;
+ }
+ location = /temboz.css {
+ proxy_pass http://127.0.0.1:9999/temboz.css;
+ proxy_redirect default;
+ }
+ location = /view {
+ proxy_pass http://127.0.0.1:9999/view?show=mylos;
+ proxy_redirect default;
+ }
+ location = / {
+ proxy_pass http://127.0.0.1:9999/view?show=mylos;
+ proxy_redirect default;
+ }
+
+ location ~* \.gif {
+ root /srv/http/feeds.bnewbold.net/temboz;
+ }
+
+ # Let's Encrypt SSL Certs
+ location /.well-known/acme-challenge/ {
+ root /var/www/letsencrypt;
+ autoindex off;
+ }
+
+}
+
+server {
+ listen 443 ssl spdy;
+ listen [::]:443 ssl spdy;
+ server_name feeds.bnewbold.net;
+
+ ssl_certificate /etc/letsencrypt/live/bnewbold.net/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/bnewbold.net/privkey.pem;
+
+ #add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'";
+ add_header X-Frame-Options "SAMEORIGIN";
+ add_header X-Content-Type-Options "nosniff";
+ add_header X-Xss-Protection "1";
+ # Enable STS with one year period (breaks http; optional)
+ #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
+
+ access_log /var/log/nginx/feeds.access.log;
+ error_log /var/log/nginx/feeds.error.log;
+
+ # Let's Encrypt SSL Certs
+ location /.well-known/acme-challenge/ {
+ root /var/www/letsencrypt;
+ autoindex off;
+ }
+
+ location / {
+ proxy_pass http://127.0.0.1:9999;
+ proxy_redirect default;
+ auth_basic "Restricted";
+ auth_basic_user_file /srv/http/feeds.bnewbold.net/htpasswd;
+ }
+
+ location ~* \.gif {
+ root /srv/http/feeds.bnewbold.net/temboz;
+ }
+}
diff --git a/adze_extras/nginx-sites/know.bnewbold.net b/adze_extras/nginx-sites/know.bnewbold.net
new file mode 100644
index 0000000..9ff0771
--- /dev/null
+++ b/adze_extras/nginx-sites/know.bnewbold.net
@@ -0,0 +1,40 @@
+upstream bnewbold-gitit {
+ server 127.0.0.1:5006;
+}
+
+server {
+ listen 80;
+ listen [::]:80;
+ listen 443 ssl spdy;
+ listen [::]:443 ssl spdy;
+ server_name know.bnewbold.net;
+
+ ssl_certificate /etc/letsencrypt/live/bnewbold.net/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/bnewbold.net/privkey.pem;
+
+ add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'";
+ add_header X-Frame-Options "SAMEORIGIN"; # 'always' if nginx > 1.7.5
+ add_header X-Content-Type-Options "nosniff"; # 'always' if nginx > 1.7.5
+ add_header X-Xss-Protection "1";
+ # Enable STS with one year period (breaks http; optional)
+ #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
+
+ access_log /var/log/nginx/access.log;
+
+ location / {
+ root /srv/http/default/www/;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $http_host;
+ proxy_redirect off;
+ proxy_pass http://bnewbold-gitit;
+ }
+
+ # Let's Encrypt SSL Certs
+ location /.well-known/acme-challenge/ {
+ root /var/www/letsencrypt;
+ autoindex off;
+ }
+
+}
+
diff --git a/adze_extras/nginx-sites/mediagoblin b/adze_extras/nginx-sites/mediagoblin
new file mode 100644
index 0000000..0139ed8
--- /dev/null
+++ b/adze_extras/nginx-sites/mediagoblin
@@ -0,0 +1,78 @@
+# Ansible managed: /home/bnewbold/code/infra/roles/mediagoblin/templates/etc_nginx_sites-available_mediagoblin.j2 modified on 2016-05-04 16:23:25 by bnewbold on eschaton
+
+server {
+
+ listen 80;
+ listen [::]:80;
+ listen 443 ssl spdy;
+ listen [::]:443 ssl spdy;
+ server_name goblin.bnewbold.net;
+
+
+ ssl_certificate /etc/letsencrypt/live/bnewbold.net/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/bnewbold.net/privkey.pem;
+
+ #add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'";
+ add_header X-Frame-Options "SAMEORIGIN"; # 'always' if nginx > 1.7.5
+ add_header X-Content-Type-Options "nosniff"; # 'always' if nginx > 1.7.5
+ add_header X-Xss-Protection "1";
+ # Enable STS with one year period (breaks http; optional)
+ #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
+
+
+ # Change this to update the upload size limit for your users
+ client_max_body_size 1024m;
+
+ # prevent attacks (someone uploading a .txt file that the browser
+ # interprets as an HTML file, etc.)
+ add_header X-Content-Type-Options nosniff;
+
+ access_log /var/log/nginx/mediagoblin.access.log;
+ error_log /var/log/nginx/mediagoblin.error.log;
+
+ # MediaGoblin's stock static files: CSS, JS, etc.
+ location /mgoblin_static/ {
+ alias /srv/http/goblin.bnewbold.net/src/mediagoblin/static/;
+ }
+
+ # Instance specific media:
+ location /mgoblin_media/ {
+ alias /srv/http/goblin.bnewbold.net/data/media/public/;
+ }
+
+ # Theme static files (usually symlinked in)
+ location /theme_static/ {
+ alias /srv/http/goblin.bnewbold.net/src/user_dev/theme_static/;
+ }
+
+ # Plugin static files (usually symlinked in)
+ location /plugin_static/ {
+ alias /srv/http/goblin.bnewbold.net/src/user_dev/plugin_static/;
+ }
+
+# # Mounting MediaGoblin itself via FastCGI.
+# location / {
+# fastcgi_pass 127.0.0.1:26543;
+# include /etc/nginx/fastcgi_params;
+#
+# # our understanding vs nginx's handling of script_name vs
+# # path_info don't match :)
+# fastcgi_param PATH_INFO $fastcgi_script_name;
+# fastcgi_param SCRIPT_NAME "";
+# }
+
+ # Until FastCGI works, just do a proxy pass
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass http://127.0.0.1:26543;
+ }
+
+ # Let's Encrypt SSL Certs
+ location /.well-known/acme-challenge/ {
+ root /var/www/letsencrypt;
+ autoindex off;
+ }
+
+}
diff --git a/adze_extras/nginx-sites/memeschemes.com b/adze_extras/nginx-sites/memeschemes.com
new file mode 100644
index 0000000..61e9121
--- /dev/null
+++ b/adze_extras/nginx-sites/memeschemes.com
@@ -0,0 +1,14 @@
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name memeschemes.com www.memeschemes.com;
+
+ access_log /var/log/nginx/access.log;
+
+ location / {
+ root /srv/http/memeschemes.com/www/;
+ index index.html index.htm;
+ }
+}
+
diff --git a/adze_extras/nginx-sites/parts.bommom.com b/adze_extras/nginx-sites/parts.bommom.com
new file mode 100644
index 0000000..09f7bd1
--- /dev/null
+++ b/adze_extras/nginx-sites/parts.bommom.com
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen [::]:80;
+ server_name parts.bommom.com parts.memeschemes.com;
+
+ error_log /var/log/nginx/error.log;
+ access_log /var/log/nginx/access.log;
+
+ location / {
+ root /srv/http/parts.bommom.com/www;
+ }
+}
+
diff --git a/adze_extras/nginx-sites/robocracy.org b/adze_extras/nginx-sites/robocracy.org
new file mode 100644
index 0000000..e5a1b99
--- /dev/null
+++ b/adze_extras/nginx-sites/robocracy.org
@@ -0,0 +1,35 @@
+
+server {
+ listen 80;
+ listen [::]:80;
+ listen 443 ssl spdy;
+ listen [::]:443 ssl spdy;
+ server_name robocracy.org www.robocracy.org adze.robocracy.org;
+
+ ssl_certificate /etc/letsencrypt/live/robocracy.org/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/robocracy.org/privkey.pem;
+
+ add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'";
+ add_header X-Frame-Options "SAMEORIGIN";
+ add_header X-Content-Type-Options "nosniff";
+ add_header X-Xss-Protection "1";
+ # Enable STS with one year period (breaks http; optional)
+ #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
+
+ access_log /var/log/nginx/robocracy.access.log;
+ error_log /var/log/nginx/robocracy.error.log;
+
+
+ location / {
+ #root /srv/http/default/www/;
+ root /srv/http/robocracy.org/www/;
+ index index.html index.htm;
+ }
+
+ # Let's Encrypt SSL Certs
+ location /.well-known/acme-challenge/ {
+ root /var/www/letsencrypt;
+ autoindex off;
+ }
+
+}
diff --git a/adze_extras/nginx-sites/rooter.is b/adze_extras/nginx-sites/rooter.is
new file mode 100644
index 0000000..609ed27
--- /dev/null
+++ b/adze_extras/nginx-sites/rooter.is
@@ -0,0 +1,52 @@
+upstream rooter-gitit {
+ server 127.0.0.1:5007;
+}
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name www.rooter.is rooter.is;
+
+ access_log /var/log/nginx/rooter.access.log;
+ error_log /var/log/nginx/rooter.error.log;
+
+ location / {
+ root /srv/http/rooter/www;
+ index index.html index.htm;
+ }
+
+}
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name mailman.rooter.is;
+
+ access_log /var/log/nginx/rooter.access.log;
+ error_log /var/log/nginx/rooter.error.log;
+
+ location / {
+ root /srv/http/mailman.rooter.is/www;
+ index index.html index.htm;
+ }
+
+}
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name secretwiki.rooter.is wiki.rooter.is;
+
+ access_log /var/log/nginx/rooter.access.log;
+ error_log /var/log/nginx/rooter.error.log;
+
+ location /{
+ root /srv/http/rooter/www/;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $http_host;
+ proxy_redirect off;
+ proxy_pass http://rooter-gitit;
+ }
+}
+
diff --git a/adze_extras/nginx-sites/static.bnewbold.net b/adze_extras/nginx-sites/static.bnewbold.net
new file mode 100644
index 0000000..9f7a2c6
--- /dev/null
+++ b/adze_extras/nginx-sites/static.bnewbold.net
@@ -0,0 +1,40 @@
+server {
+ listen 80;
+ listen [::]:80;
+ listen 443 ssl spdy;
+ listen [::]:443 ssl spdy;
+ server_name static.bnewbold.net;
+
+ ssl_certificate /etc/letsencrypt/live/bnewbold.net/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/bnewbold.net/privkey.pem;
+
+ add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'";
+ add_header X-Frame-Options "SAMEORIGIN"; # 'always' if nginx > 1.7.5
+ add_header X-Content-Type-Options "nosniff"; # 'always' if nginx > 1.7.5
+ add_header X-Xss-Protection "1";
+ # Enable STS with one year period (breaks http; optional)
+ #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
+
+ access_log /var/log/nginx/access.log;
+
+ location / {
+ root /srv/http/static.bnewbold.net/www/;
+ autoindex on;
+ autoindex_exact_size off;
+ }
+ location /private {
+ deny all;
+ }
+ location /mask {
+ root /srv/http/static.bnewbold.net/www/;
+ autoindex off;
+ }
+
+ # Let's Encrypt SSL Certs
+ location /.well-known/acme-challenge/ {
+ root /var/www/letsencrypt;
+ autoindex off;
+ }
+
+}
+