Permalink
Browse files

SSL configuration for nginx hosted servers.

  • Loading branch information...
perlDreamer committed Dec 31, 2011
1 parent c4fb3c9 commit 2a29bcbae4367b2caee11f64491d91989fe17ef5
Showing with 27 additions and 45 deletions.
  1. +27 −45 wre/var/setupfiles/nginx.template
@@ -3,6 +3,10 @@ server {
server_name [% sitename %] [% domain %];
access_log [% domainRoot %]/[% sitename %]/logs/access.log combined

client_max_body_size 20M;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;

# block IIS related attacks from getting to WebGUI
location = /^scripts/ {
return 400
@@ -20,14 +24,6 @@ server {
return 400
}

# leave static stuff (extras) to be served directly by modproxy (rule should be inherited from parent)
#RewriteRule ^/extras/ - [L]

# For speed we only pass on uploads if there is a .wgaccess file
RewriteCond %{REQUEST_FILENAME} ^(.*/)
RewriteCond %{DOCUMENT_ROOT}%1.wgaccess !-f
RewriteRule ^/uploads/ - [L]

# proxy webgui pages
#ProxyPreserveHost On
#RewriteRule ^/(.*) http://127.0.0.1:[% modperlPort %]/$1 [P]
@@ -37,47 +33,33 @@ server {
# change the 10.0.0.1 to the IP address you wish to bind the SSL host
# to.

#Listen 10.0.0.1:443
#<VirtualHost 10.0.0.1:443>
# ServerName [% sitename %]
# CustomLog [% domainRoot %]/[% sitename %]/logs/access.log combined
# DocumentRoot [% domainRoot %]/[% sitename %]/public
#server {
# listen 443;
# server_name [% sitename %] [% domain %];
# access_log [% domainRoot %]/[% sitename %]/logs/access.log combined
#
# # let modperl know we're using SSL
# RequestHeader add SSLPROXY "1"
#
# # turn on mod_rewrite
# RewriteEngine On
# RewriteLog "[% wreRoot %]/var/logs/modrewrite.log"
# RewriteLogLevel 0
# client_max_body_size 20M;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header Host $host;
#
# # block IIS related attacks from getting to WebGUI
# RewriteRule ^/scripts/ - [L]
# RewriteRule ^/default.ida - [L]
# RewriteRule ^/_vti_bin - [L]
# RewriteRule ^/_mem_bin - [L]
# location = /^scripts/ {
# return 400
# }
#
# # leave static stuff to be served directly by modproxy
# RewriteRule ^/favicon.ico - [L]
# RewriteRule ^/extras/ - [L]
# location = /^default.ida/ {
# return 400
# }
#
# # For speed we only pass on uploads if there is a .wgaccess file
# RewriteCond %{REQUEST_FILENAME} ^(.*/)
# RewriteCond %{DOCUMENT_ROOT}%1.wgaccess !-f
# RewriteRule ^/uploads/ - [L]
# location = /_vti_bin/ {
# return 400
# }
#
# # proxy webgui pages
# ProxyPreserveHost On
# RewriteRule ^/(.*) http://127.0.0.1:[% modperlPort %]/$1 [P]
# location = /_mem_bin/ {
# return 400
# }
#
# # enable SSL
# SSLEngine on
# SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# SSLCertificateFile [% domainRoot %]/[% sitename %]/certs/server.crt
# SSLCertificateKeyFile [% domainRoot %]/[% sitename %]/certs/server.key
# SSLCACertificateFile [% domainRoot %]/[% sitename %]/certs/UTNAddTrustServerCA.crt
# SetEnvIf User-Agent ".*MSIE.*" \
# nokeepalive ssl-unclean-shutdown \
# downgrade-1.0 force-response-1.0
#</VirtualHost>

# ssl_certificate [% domainRoot %]/[% sitename %]/certs/server.crt
# ssl_certificate_key [% domainRoot %]/[% sitename %]/certs/server.key
#
#}

0 comments on commit 2a29bcb

Please sign in to comment.