dockeruser
/
almalinux.org
mirror of https://github.com/AlmaLinux/almalinux.org.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
308 Commits
18 Branches
0 Tags
457 MiB
 
 
 
 
 
 
Tree: b76af21be4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b76af21be4'
${ noResults }
almalinux.org/ansible/roles/website/files/nginx.conf.d/almalinux.org.conf

152 lines
4.3 KiB
Raw Blame History

# DO NOT EDIT - managed by Ansible.
upstream almalinux_org_backends {
server 127.0.0.1:9000;
server 127.0.0.1:9001;
server 127.0.0.1:9002;
}
server {
server_name almalinux.org www.almalinux.org staging.almalinux.org;
root /var/www/almalinux.org/current/public;
listen 443 ssl http2;
listen [::]:443 ssl http2;
# SSL
ssl_certificate /etc/ssl/almalinux.org.cert.pem;
ssl_certificate_key /etc/ssl/almalinux.org.key.pem;
# . files
location ~ /\.(?!well-known) {
deny all;
}
# logging
access_log /var/log/nginx/almalinux.org.access.log;
error_log /var/log/nginx/almalinux.org.error.log warn;
location ~ /static/ {
root /var/www/almalinux.org/current/public;
# assets, media
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|svgz?|svpng|gif|png|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
# 1 day cache
add_header Cache-Control "private, no-transform, must-revalidate, max-age=86400";
etag on;
access_log off;
}
# fonts
location ~* \.(?:ttf|ttc|otf|eot|woff2?)$ {
# 7 day cache
add_header Cache-Control "private, no-transform, must-revalidate, max-age=604800";
add_header Access-Control-Allow-Origin "*";
etag on;
access_log off;
}
}
location ~ /media/ {
root /var/www/almalinux.org;
# media
location ~* \.(?:jpe?g|svgz?|svpng|gif|png|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
# 1 day cache
add_header Cache-Control "private, no-transform, must-revalidate, max-age=86400";
etag on;
access_log off;
}
}
location / {
include /etc/nginx/uwsgi_params;
uwsgi_param Host $host;
uwsgi_param X-Real-IP $remote_addr;
uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto;
uwsgi_pass almalinux_org_backends;
}
# favicon.ico
location = /favicon.ico {
expires 1d;
log_not_found off;
access_log off;
}
# robots.txt
location = /robots.txt {
expires 1d;
log_not_found off;
access_log off;
}
# security.txt
location = /security.txt {
expires 1h;
access_log off;
root /var/www/_default;
}
# HTML
location ~* \.(?:html|htm?)$ {
add_header Cache-Control "no-cache, no-transform, must-revalidate";
etag on;
}
# assets, media
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|svgz?|svpng|gif|png|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
# 1 hour cache
add_header Cache-Control "private, no-transform, must-revalidate, max-age=3600";
etag on;
access_log off;
}
# fonts
location ~* \.(?:ttf|ttc|otf|eot|woff2?)$ {
# 7 day cache
add_header Cache-Control "private, no-transform, must-revalidate, max-age=604800";
add_header Access-Control-Allow-Origin "*";
etag on;
access_log off;
}
# gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
}
# HTTP to HTTPS redirect
server {
listen 80;
listen [::]:80;
server_name almalinux.org www.almalinux.org staging.almalinux.org almalinux.net almalinux.com;
# ACME-challenge
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type 'text/plain';
root /var/www/_letsencrypt;
}
location / {
return 301 https://$host$request_uri;
}
}
# Redirect for .net and .com
server {
server_name almalinux.net almalinux.com;
listen 443 ssl http2;
listen [::]:443 ssl http2;
# SSL
ssl_certificate /etc/ssl/almalinux.com.cert.pem;
ssl_certificate_key /etc/ssl/almalinux.com.key.pem;
location / {
return 301 https://almalinux.org$request_uri;
}
}