2014-01-20 08:58:15 +00:00
|
|
|
server_tokens off;
|
|
|
|
client_header_buffer_size 512;
|
|
|
|
client_max_body_size 512;
|
|
|
|
|
2014-01-21 02:07:52 +00:00
|
|
|
server {
|
|
|
|
listen 80 default;
|
|
|
|
listen [::]:80 ipv6only=on default;
|
|
|
|
|
|
|
|
rewrite ^ https://$host$uri;
|
|
|
|
}
|
|
|
|
|
2013-10-09 16:07:09 +00:00
|
|
|
server {
|
2013-12-11 11:58:17 +00:00
|
|
|
listen 443 ssl;
|
2013-12-11 16:20:26 +00:00
|
|
|
listen [::]:443 ipv6only=on ssl;
|
|
|
|
|
2014-11-05 16:46:18 +00:00
|
|
|
root /var/www/fic-server/htdocs/;
|
2013-10-09 16:07:09 +00:00
|
|
|
|
2014-01-20 08:58:15 +00:00
|
|
|
server_tokens off;
|
|
|
|
|
2013-10-09 16:07:09 +00:00
|
|
|
access_log /var/log/nginx/fic.access_log;
|
2013-12-11 11:58:17 +00:00
|
|
|
error_log /var/log/nginx/fic.error_log;
|
2013-10-09 16:07:09 +00:00
|
|
|
|
2014-11-05 16:46:18 +00:00
|
|
|
ssl_certificate /var/www/fic-server/server.crt;
|
|
|
|
ssl_certificate_key /var/www/fic-server/server.key;
|
2013-12-11 16:20:26 +00:00
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
|
|
ssl_prefer_server_ciphers on;
|
2014-11-10 16:21:29 +00:00
|
|
|
# ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
|
|
|
|
ssl_ciphers AES256+EECDH:AES256+EDH;
|
2014-11-05 16:46:18 +00:00
|
|
|
ssl_client_certificate /var/www/fic-server/cacert.crt;
|
2013-12-13 17:45:25 +00:00
|
|
|
ssl_verify_client optional;
|
2014-11-05 16:46:18 +00:00
|
|
|
ssl_crl /var/www/fic-server/crl.pem;
|
2013-12-13 17:45:25 +00:00
|
|
|
|
|
|
|
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
|
2014-11-10 16:21:29 +00:00
|
|
|
add_header X-Frame-Options DENY;
|
|
|
|
add_header X-Content-Type-Options nosniff;
|
2014-01-20 08:58:15 +00:00
|
|
|
|
|
|
|
error_page 400 /errors/400/index.html;
|
|
|
|
error_page 403 /errors/403/index.html;
|
|
|
|
error_page 404 /errors/404/index.html;
|
|
|
|
error_page 413 414 /errors/413/index.html;
|
|
|
|
error_page 500 503 /errors/500/index.html;
|
|
|
|
error_page 502 504 /errors/502/index.html;
|
|
|
|
|
2013-12-11 16:20:26 +00:00
|
|
|
location /
|
2013-12-11 11:58:17 +00:00
|
|
|
{
|
2013-12-11 16:20:26 +00:00
|
|
|
default_type text/html;
|
2013-12-14 05:11:14 +00:00
|
|
|
expires epoch;
|
2013-10-09 16:07:09 +00:00
|
|
|
|
2013-12-13 17:45:25 +00:00
|
|
|
set $team 0;
|
|
|
|
|
2014-01-21 02:08:08 +00:00
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Amin_Martin/") { set $team 343; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Bernard_Angoustures/") { set $team 344; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Cacace_Diallo/") { set $team 345; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Delaporte_Notebaert/") { set $team 346; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Dibe/") { set $team 347; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Dubief_Roccia/") { set $team 348; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Ezzahoui/") { set $team 349; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Fall/") { set $team 350; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Guerin_Chapiron/") { set $team 351; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Hugot_Hincelin/") { set $team 352; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Jawor_Giraud/") { set $team 353; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Konan/") { set $team 354; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Le_Mignan_Yadaba/") { set $team 355; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Michel-villaz_Gzenayi/") { set $team 356; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Muller_Perrin/") { set $team 357; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Pourcelot/") { set $team 358; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Quint_Kaczmarek/") { set $team 359; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Ruff_Czarny/") { set $team 360; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Sinet_Girault/") { set $team 361; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Therrode/") { set $team 362; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Sabono_Calmeji/") { set $team 363; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Renaud_Vandemeulebroucke/") { set $team 364; }
|
|
|
|
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=De_Priest_Tjonck/") { set $team 365; }
|
2013-10-09 16:07:09 +00:00
|
|
|
|
2013-12-13 17:45:25 +00:00
|
|
|
if ($team) {
|
2014-11-05 16:46:18 +00:00
|
|
|
root /var/www/fic-server/teams/$team$1;
|
2014-01-19 16:49:07 +00:00
|
|
|
rewrite ^/([0-9]+-?[a-zA-Z0-9_-]*)/([a-zA-Z0-9_]+)/submission$ /submission.php?team=$team&theme=$1&exercice=$2 last;
|
2013-12-11 16:20:26 +00:00
|
|
|
}
|
2013-12-13 17:45:25 +00:00
|
|
|
if ($team = 0) {
|
2014-11-05 16:46:18 +00:00
|
|
|
root /var/www/fic-server/htdocs/;
|
2013-12-13 17:45:25 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-01-20 08:58:15 +00:00
|
|
|
location /errors
|
|
|
|
{
|
2014-11-05 16:46:18 +00:00
|
|
|
root /var/www/fic-server/;
|
2014-01-20 08:58:15 +00:00
|
|
|
}
|
|
|
|
|
2013-12-13 17:45:25 +00:00
|
|
|
location /connected
|
|
|
|
{
|
|
|
|
return 403;
|
|
|
|
}
|
|
|
|
|
|
|
|
location /files
|
|
|
|
{
|
2014-11-05 16:46:18 +00:00
|
|
|
root /var/www/fic-server/;
|
2014-01-20 08:58:15 +00:00
|
|
|
|
|
|
|
aio on;
|
|
|
|
directio 512;
|
|
|
|
output_buffers 1 128k;
|
2013-10-09 16:07:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
location ~* \favicon.ico$ {
|
2014-11-05 16:46:18 +00:00
|
|
|
root /var/www/fic-server/htdocs/;
|
2013-12-11 16:20:26 +00:00
|
|
|
access_log off;
|
|
|
|
expires 1d;
|
|
|
|
add_header Cache-Control public;
|
2013-10-09 16:07:09 +00:00
|
|
|
}
|
|
|
|
|
2014-01-19 16:49:07 +00:00
|
|
|
location ~ ^/(assets|img|js|css|fonts)/ {
|
2014-11-05 16:46:18 +00:00
|
|
|
root /var/www/fic-server/htdocs/;
|
2013-12-11 16:20:26 +00:00
|
|
|
access_log off;
|
|
|
|
expires 7d;
|
|
|
|
add_header Cache-Control public;
|
2013-10-09 16:07:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
location ~ /(\.ht|\.git|\.svn|\.onyx) {
|
2013-12-11 16:20:26 +00:00
|
|
|
return 403;
|
2013-10-09 16:07:09 +00:00
|
|
|
}
|
|
|
|
|
2013-12-11 16:20:26 +00:00
|
|
|
location /submission.php
|
2013-10-09 16:07:09 +00:00
|
|
|
{
|
2014-11-05 16:46:18 +00:00
|
|
|
root /var/www/fic-server/;
|
2014-01-20 08:58:15 +00:00
|
|
|
|
2014-01-21 02:08:08 +00:00
|
|
|
limit_rate 4k;
|
2014-01-20 08:58:15 +00:00
|
|
|
|
2013-12-11 16:20:26 +00:00
|
|
|
include /etc/nginx/fastcgi.conf;
|
2014-01-14 15:14:31 +00:00
|
|
|
fastcgi_pass unix:/var/run/php-fpm.sock;
|
2013-10-09 16:07:09 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|