From 9208846b5747abcd08792605511a1dd1ab457ccf Mon Sep 17 00:00:00 2001
From: JoeServ <bousset.rudy@gmail.com>
Date: Mon, 27 Feb 2023 15:41:41 +0100
Subject: Jail rework

---
 var/jail/www/usr/local/etc/nginx/nginx.conf | 144 ++++++++++++++++++++++++++++
 1 file changed, 144 insertions(+)
 create mode 100644 var/jail/www/usr/local/etc/nginx/nginx.conf

(limited to 'var/jail/www/usr/local/etc/nginx')

diff --git a/var/jail/www/usr/local/etc/nginx/nginx.conf b/var/jail/www/usr/local/etc/nginx/nginx.conf
new file mode 100644
index 0000000..869ff4d
--- /dev/null
+++ b/var/jail/www/usr/local/etc/nginx/nginx.conf
@@ -0,0 +1,144 @@
+worker_processes  1;
+
+events {
+	worker_connections  1024;
+}
+
+http {
+	include			mime.types;
+	default_type		application/octet-stream;
+	sendfile		on;
+	keepalive_timeout	65;
+	gzip			on;
+	gzip_vary		on;
+ 	gzip_min_length		1k;
+ 	gzip_proxied		expired no-cache no-store private auth;
+ 	gzip_buffers		4 16k;
+ 	gzip_http_version	1.1;
+ 	gzip_comp_level		2;
+ 	gzip_types		text/plain application/x-javascript application/javascript text/css application/xml application/json;
+
+	map $sent_http_content_type $expires {
+		default                    off;
+		text/css                   15m;
+		application/javascript     15m;
+		~image/                    15m;
+	}
+
+# JOZAN
+
+	server{
+		server_name  jozan.org;
+		root   /var/www/joe;
+		index  index.html;
+		expires $expires;
+
+		location / {
+			try_files $uri $uri/ =404;
+		} 
+		location ~ /\.ht {
+			deny all;
+		}
+		location ~ \.cgi$ {
+			include		fastcgi_params;
+			fastcgi_param   SCRIPT_FILENAME $document_root/asm-example.cgi;
+			fastcgi_param   PATH_INFO       $uri;
+			fastcgi_param   HTTP_HOST       $server_name;
+			fastcgi_pass    unix:/var/run/fcgiwrap/fcgiwrap.sock;
+		}
+		error_page  403 /403.html;
+		location = /403.html {
+			root /var/www/joe/err;
+		}
+		error_page  404 /404.html;
+		location = /404.html {
+			root /var/www/joe/err;
+		}
+		error_page   500 502 503 504  /50x.html;
+		location = /50x.html {
+			root   /usr/local/www/nginx-dist;
+		}
+	
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /usr/local/etc/letsencrypt/live/jozan.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /usr/local/etc/letsencrypt/live/jozan.org/privkey.pem; # managed by Certbot
+    include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+
+}
+
+# GITJOE
+
+	server {
+		server_name gitjoe.xyz;
+		root /var/www/gitjoe;
+		try_files $uri @cgit;
+		index cgit.cgi;
+
+		location @cgit {
+			include		fastcgi_params;
+			fastcgi_param   SCRIPT_FILENAME $document_root/cgit.cgi;
+			fastcgi_param   PATH_INFO       $uri;
+			fastcgi_param   QUERY_STRING    $args;
+			fastcgi_param   HTTP_HOST       $server_name;
+			fastcgi_param   CGIT_CONFIG	/usr/local/etc/cgitrc;
+			fastcgi_pass    unix:/var/run/fcgiwrap/fcgiwrap.sock;
+
+			gzip off;
+			rewrite ^/([^/]+/.*)?$ /cgit.cgi?url=$1 break;
+		}
+		error_page   500 502 503 504  /50x.html;
+		location = /50x.html {
+			root   /usr/local/www/nginx-dist;
+		}
+
+	listen 443 ssl;
+
+    ssl_certificate /usr/local/etc/letsencrypt/live/jozan.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /usr/local/etc/letsencrypt/live/jozan.org/privkey.pem; # managed by Certbot
+}
+
+# REDIRECT 80 to 443
+
+server{
+    if ($host = jozan.org) {
+        return 301 https://$host$request_uri;
+    }
+
+
+    if ($host = www.jozanofastora.xyz) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    if ($host = jozanofastora.xyz) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    if ($host = www.jozan.org) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    if ($host = gitjoe.xyz) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+	server_name  jozan.org www.jozan.org jozanofastora.xyz www.jozanofastora.xyz gitjoe.xyz;
+    listen 80;
+    return 404;
+}
+
+# REDIRECT 443 to JOZAN 443
+
+server{
+	listen 443 ssl;
+	server_name www.jozan.org jozanofastora.xyz www.jozanofastora.xyz;
+	return 301 $scheme://jozan.org$request_uri;
+    ssl_certificate /usr/local/etc/letsencrypt/live/jozan.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /usr/local/etc/letsencrypt/live/jozan.org/privkey.pem; # managed by Certbot
+    include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+}
-- 
cgit v1.2.3