diff --git a/ansible/roles/nginx/files/etc/nginx/sites-available/default b/ansible/roles/nginx/files/etc/nginx/sites-available/default deleted file mode 100644 index c5af914..0000000 --- a/ansible/roles/nginx/files/etc/nginx/sites-available/default +++ /dev/null @@ -1,91 +0,0 @@ -## -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - -# Default server configuration -# -server { - listen 80 default_server; - listen [::]:80 default_server; - - # SSL configuration - # - # listen 443 ssl default_server; - # listen [::]:443 ssl default_server; - # - # Note: You should disable gzip for SSL traffic. - # See: https://bugs.debian.org/773332 - # - # Read up on ssl_ciphers to ensure a secure configuration. - # See: https://bugs.debian.org/765782 - # - # Self signed certs generated by the ssl-cert package - # Don't use them in a production server! - # - # include snippets/snakeoil.conf; - - root /var/www/html; - - # Add index.php to the list if you are using PHP - index index.html index.htm index.nginx-debian.html; - - server_name _; - - location / { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ =404; - } - - # pass PHP scripts to FastCGI server - # - #location ~ \.php$ { - # include snippets/fastcgi-php.conf; - # - # # With php-fpm (or other unix sockets): - # fastcgi_pass unix:/run/php/php7.4-fpm.sock; - # # With php-cgi (or other tcp sockets): - # fastcgi_pass 127.0.0.1:9000; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - - -# Virtual Host configuration for example.com -# -# You can move that to a different file under sites-available/ and symlink that -# to sites-enabled/ to enable it. -# -#server { -# listen 80; -# listen [::]:80; -# -# server_name example.com; -# -# root /var/www/example.com; -# index index.html; -# -# location / { -# try_files $uri $uri/ =404; -# } -#} diff --git a/ansible/roles/nginx/files/etc/nginx/sites-enabled/isupipe.conf b/ansible/roles/nginx/files/etc/nginx/sites-enabled/isupipe.conf new file mode 100644 index 0000000..9c412e3 --- /dev/null +++ b/ansible/roles/nginx/files/etc/nginx/sites-enabled/isupipe.conf @@ -0,0 +1,48 @@ +server { + listen 80 default_server; + server_name _; + index index.html index.htm index.nginx-debian.html; + root /var/www/html; + location / { + try_files $uri $uri/ =404; + } +} + +server { + listen 443 ssl default_server; + server_name _; + index index.html index.htm index.nginx-debian.html; + root /var/www/html; + + # bot避けのためのvhostで、この証明書は有効期限がきれています + ssl_certificate /etc/nginx/tls/_.t.isucon.dev.crt; + ssl_certificate_key /etc/nginx/tls/_.t.isucon.dev.key; + ssl_protocols TLSv1.3; + ssl_prefer_server_ciphers off; + + location / { + try_files $uri $uri/ =404; + } +} + +server { + listen 443 ssl; + server_name u.isucon.dev; + server_name *.u.isucon.dev; + + ssl_certificate /etc/nginx/tls/_.u.isucon.dev.crt; + ssl_certificate_key /etc/nginx/tls/_.u.isucon.dev.key; + + ssl_protocols TLSv1.3; + ssl_prefer_server_ciphers off; + + client_max_body_size 10m; + root /home/isucon/webapp/public/; + location / { + try_files $uri /index.html; + } + location /api { + proxy_set_header Host $host; + proxy_pass http://localhost:8080; + } +} \ No newline at end of file diff --git a/ansible/roles/nginx/tasks/deploy.yaml b/ansible/roles/nginx/tasks/deploy.yaml index 911a101..aec6a33 100644 --- a/ansible/roles/nginx/tasks/deploy.yaml +++ b/ansible/roles/nginx/tasks/deploy.yaml @@ -9,7 +9,7 @@ notify: restart_nginx with_items: - etc/nginx/nginx.conf - - etc/nginx/sites-available/default + - etc/nginx/sites-enabled/isupipe.conf - name: Change access.log permission become: true file: