From 6b83183a205cb1e90c690c7e7f71c447cfae9a32 Mon Sep 17 00:00:00 2001
From: Bryan Newbold <bnewbold@archive.org>
Date: Sat, 5 Aug 2017 13:07:50 -0700
Subject: backup adze nginx config

---
 adze_extras/nginx-sites/mediagoblin | 78 +++++++++++++++++++++++++++++++++++++
 1 file changed, 78 insertions(+)
 create mode 100644 adze_extras/nginx-sites/mediagoblin

(limited to 'adze_extras/nginx-sites/mediagoblin')

diff --git a/adze_extras/nginx-sites/mediagoblin b/adze_extras/nginx-sites/mediagoblin
new file mode 100644
index 0000000..0139ed8
--- /dev/null
+++ b/adze_extras/nginx-sites/mediagoblin
@@ -0,0 +1,78 @@
+# Ansible managed: /home/bnewbold/code/infra/roles/mediagoblin/templates/etc_nginx_sites-available_mediagoblin.j2 modified on 2016-05-04 16:23:25 by bnewbold on eschaton
+
+server {
+
+    listen 80;
+    listen [::]:80;
+    listen 443 ssl spdy;
+    listen [::]:443 ssl spdy;
+    server_name goblin.bnewbold.net;
+
+
+     ssl_certificate /etc/letsencrypt/live/bnewbold.net/fullchain.pem;
+     ssl_certificate_key /etc/letsencrypt/live/bnewbold.net/privkey.pem;
+        
+     #add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'";
+     add_header X-Frame-Options "SAMEORIGIN";       # 'always' if nginx > 1.7.5
+     add_header X-Content-Type-Options "nosniff";   # 'always' if nginx > 1.7.5
+     add_header X-Xss-Protection "1";
+     # Enable STS with one year period (breaks http; optional)
+     #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
+
+
+    # Change this to update the upload size limit for your users
+    client_max_body_size 1024m;
+
+    # prevent attacks (someone uploading a .txt file that the browser
+    # interprets as an HTML file, etc.)
+    add_header X-Content-Type-Options nosniff;
+
+    access_log /var/log/nginx/mediagoblin.access.log;
+    error_log /var/log/nginx/mediagoblin.error.log;
+
+    # MediaGoblin's stock static files: CSS, JS, etc.
+    location /mgoblin_static/ {
+        alias /srv/http/goblin.bnewbold.net/src/mediagoblin/static/;
+    }
+
+    # Instance specific media:
+    location /mgoblin_media/ {
+        alias /srv/http/goblin.bnewbold.net/data/media/public/;
+    }
+
+    # Theme static files (usually symlinked in)
+    location /theme_static/ {
+        alias /srv/http/goblin.bnewbold.net/src/user_dev/theme_static/;
+    }
+
+    # Plugin static files (usually symlinked in)
+    location /plugin_static/ {
+        alias /srv/http/goblin.bnewbold.net/src/user_dev/plugin_static/;
+    }
+
+#    # Mounting MediaGoblin itself via FastCGI.
+#    location / {
+#        fastcgi_pass 127.0.0.1:26543;
+#        include /etc/nginx/fastcgi_params;
+#
+#        # our understanding vs nginx's handling of script_name vs
+#        # path_info don't match :)
+#        fastcgi_param PATH_INFO $fastcgi_script_name;
+#        fastcgi_param SCRIPT_NAME "";
+#    }
+
+    # Until FastCGI works, just do a proxy pass
+    location / {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_pass http://127.0.0.1:26543;
+    }
+
+    # Let's Encrypt SSL Certs
+    location /.well-known/acme-challenge/ {
+        root /var/www/letsencrypt;
+        autoindex off;
+    }
+
+}
-- 
cgit v1.2.3