Add nginx configs.

2024-02-21 13:37:30 -07:00 · 2024-02-21 13:37:30 -07:00 · da3cda28cd
commit da3cda28cd
parent 5879f30582
110 changed files with 2631 additions and 0 deletions
--- a/etc/nginx/snippets/auth-oauth2.conf
+++ b/etc/nginx/snippets/auth-oauth2.conf
@ -0,0 +1,10 @@
+auth_request /oauth2/auth;
+error_page 401 = /oauth2/sign_in;
+
+auth_request_set $user          $upstream_http_x_auth_request_user;
+auth_request_set $email         $upstream_http_x_auth_request_email;
+auth_request_set $auth_cookie   $upstream_http_set_cookie;
+proxy_set_header X-User  $user;
+proxy_set_header X-Email $email;
+
+add_header Set-Cookie $auth_cookie;
--- a/etc/nginx/snippets/fastcgi-php.conf
+++ b/etc/nginx/snippets/fastcgi-php.conf
@ -0,0 +1,14 @@
+# regex to split $uri to $fastcgi_script_name and $fastcgi_path
+fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+
+
+# Bypass the fact that try_files resets $fastcgi_path_info
+# see: http://trac.nginx.org/nginx/ticket/321
+set $path_info $fastcgi_path_info;
+fastcgi_param PATH_INFO $path_info;
+
+# Mitigate https://httpoxy.org/ vulnerabilities
+fastcgi_param HTTP_PROXY "";
+
+fastcgi_index index.php;
+include snippets/fastcgi.conf;
--- a/etc/nginx/snippets/fastcgi.conf
+++ b/etc/nginx/snippets/fastcgi.conf
@ -0,0 +1,26 @@
+
+fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+fastcgi_param  QUERY_STRING       $query_string;
+fastcgi_param  REQUEST_METHOD     $request_method;
+fastcgi_param  CONTENT_TYPE       $content_type;
+fastcgi_param  CONTENT_LENGTH     $content_length;
+
+fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+fastcgi_param  REQUEST_URI        $request_uri;
+fastcgi_param  DOCUMENT_URI       $document_uri;
+fastcgi_param  DOCUMENT_ROOT      $document_root;
+fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+fastcgi_param  REQUEST_SCHEME     $scheme;
+fastcgi_param  HTTPS              $https if_not_empty;
+
+fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+
+fastcgi_param  REMOTE_ADDR        $remote_addr;
+fastcgi_param  REMOTE_PORT        $remote_port;
+fastcgi_param  SERVER_ADDR        $server_addr;
+fastcgi_param  SERVER_PORT        $server_port;
+fastcgi_param  SERVER_NAME        $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param  REDIRECT_STATUS    200;
--- a/etc/nginx/snippets/snakeoil.conf
+++ b/etc/nginx/snippets/snakeoil.conf
@ -0,0 +1,5 @@
+# Self signed certificates generated by the ssl-cert package
+# Don't use them in a production server!
+
+ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
+ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;