Skip to content
Permalink
Browse files

Add nginx base conf, and per site conf. Still needs proxying uploads …

…and SSL.
  • Loading branch information...
perlDreamer committed Dec 19, 2011
1 parent ec635ba commit d74702fc8aa22300b11b65e04729c25e28ed3f6a
Showing with 135 additions and 0 deletions.
  1. +52 −0 wre/var/setupfiles/nginx.conf
  2. +83 −0 wre/var/setupfiles/nginx.template
@@ -0,0 +1,52 @@
user [% wreUser %];
worker_processes 10;

error_log [% wreRoot %]/var/logs/error.log;

pid [% wreRoot %]/var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

sendfile on;

keepalive_timeout 65;

server_tokens off;

gzip on;
gzip_types text/plain text/css application/json application/json-rpc application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_comp_level 9;

location ^~ /extras/ {
root [% webguiRoot %]/www/extras;
expires 36000
}

location ~ /.* {
proxy_pass http://localhost:[% starmanPort %];
}

server {
listen [% modproxyPort %];
server_name localhost;
client_max_body_size 20M;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;

}

##Include per-server vhost configuration files.
include [% wreRoot %]/etc/*.nginx

}

@@ -0,0 +1,83 @@
server {
listen [% modproxyPort %];
server_name [% sitename %] [% domain %];
access_log [% domainRoot %]/[% sitename %]/logs/access.log combined

# block IIS related attacks from getting to WebGUI
location = /^scripts/ {
return 400
}

location = /^default.ida/ {
return 400
}

location = /_vti_bin/ {
return 400
}

location = /_mem_bin/ {
return 400
}

# leave static stuff (extras) to be served directly by modproxy (rule should be inherited from parent)
#RewriteRule ^/extras/ - [L]

# For speed we only pass on uploads if there is a .wgaccess file
RewriteCond %{REQUEST_FILENAME} ^(.*/)
RewriteCond %{DOCUMENT_ROOT}%1.wgaccess !-f
RewriteRule ^/uploads/ - [L]

# proxy webgui pages
#ProxyPreserveHost On
#RewriteRule ^/(.*) http://127.0.0.1:[% modperlPort %]/$1 [P]
}

# Uncomment the following lines to enable SSL for this host. Also,
# change the 10.0.0.1 to the IP address you wish to bind the SSL host
# to.

#Listen 10.0.0.1:443
#<VirtualHost 10.0.0.1:443>
# ServerName [% sitename %]
# CustomLog [% domainRoot %]/[% sitename %]/logs/access.log combined
# DocumentRoot [% domainRoot %]/[% sitename %]/public
#
# # let modperl know we're using SSL
# RequestHeader add SSLPROXY "1"
#
# # turn on mod_rewrite
# RewriteEngine On
# RewriteLog "[% wreRoot %]/var/logs/modrewrite.log"
# RewriteLogLevel 0
#
# # block IIS related attacks from getting to WebGUI
# RewriteRule ^/scripts/ - [L]
# RewriteRule ^/default.ida - [L]
# RewriteRule ^/_vti_bin - [L]
# RewriteRule ^/_mem_bin - [L]
#
# # leave static stuff to be served directly by modproxy
# RewriteRule ^/favicon.ico - [L]
# RewriteRule ^/extras/ - [L]
#
# # For speed we only pass on uploads if there is a .wgaccess file
# RewriteCond %{REQUEST_FILENAME} ^(.*/)
# RewriteCond %{DOCUMENT_ROOT}%1.wgaccess !-f
# RewriteRule ^/uploads/ - [L]
#
# # proxy webgui pages
# ProxyPreserveHost On
# RewriteRule ^/(.*) http://127.0.0.1:[% modperlPort %]/$1 [P]
#
# # enable SSL
# SSLEngine on
# SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# SSLCertificateFile [% domainRoot %]/[% sitename %]/certs/server.crt
# SSLCertificateKeyFile [% domainRoot %]/[% sitename %]/certs/server.key
# SSLCACertificateFile [% domainRoot %]/[% sitename %]/certs/UTNAddTrustServerCA.crt
# SetEnvIf User-Agent ".*MSIE.*" \
# nokeepalive ssl-unclean-shutdown \
# downgrade-1.0 force-response-1.0
#</VirtualHost>

0 comments on commit d74702f

Please sign in to comment.
You can’t perform that action at this time.