blob: f13c475c9b3da2b55464ee38c2d3dce71c011180 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
{% set domain = "liwt.net" %}
#
# nginx/sites: liwt.www.conf
# Main website: {{ domain }}
#
# Refernce
# --------
# * Nginx - Converting rewrite rules
# https://nginx.org/en/docs/http/converting_rewrite_rules.html
# * StackOverflow - Nginx no-www to www and www to no-www
# http://stackoverflow.com/a/7958540
# * StackOverflow - Remove 'www' and redirect to 'https' with nginx
# http://stackoverflow.com/a/258424
# * Nginx Caching | Servers for Hackers
# https://serversforhackers.com/nginx-caching/
#
#
# Aaron LI
#
{% if domains_hascert[domain] %}
# Separate server block to redirect www to no-www
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.{{ domain }};
# SSL/TLS Certificate kindly provided by Let's Encrypt
ssl_certificate /usr/local/etc/ssl/acme/{{ domain }}/fullchain.pem;
ssl_certificate_key /usr/local/etc/ssl/acme/private/{{ domain }}.pem;
return 301 $scheme://{{ domain }}$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2;
server_name {{ domain }};
# SSL/TLS Certificate kindly provided by Let's Encrypt
ssl_certificate /usr/local/etc/ssl/acme/{{ domain }}/fullchain.pem;
ssl_certificate_key /usr/local/etc/ssl/acme/private/{{ domain }}.pem;
# Website location
root /home/www/www;
index index.html;
location / {
try_files $uri $uri/ $uri/index.html $uri.html =404;
}
location = /ip {
default_type text/plain;
return 200 "$remote_addr\n";
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
error_page 403 /403.html;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
## Expire rules for static content [3]
# Feed
location ~* \.(?:rss|atom)$ {
expires 1h;
add_header Cache-Control "public";
}
# Media: images, icons, video, audio
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp3|mp4|ogg|ogv|webm)$ {
expires 30d;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 30d;
access_log off;
add_header Cache-Control "public";
}
## Block rules
# .git
location ~ /\.git {
deny all;
log_not_found off;
access_log off;
}
# All hidden directories and files (begin with .)
location ~ /\. {
deny all;
log_not_found off;
access_log off;
}
# Temporary files (end with ~)
location ~ ~$ {
deny all;
log_not_found off;
access_log off;
}
}
{% endif %}
|