server/nginx.conf

server_tokens off;
client_header_buffer_size 512;
client_max_body_size 512;

server {
    listen 443 ssl;
    listen [::]:443 ipv6only=on ssl;

    root /var/www/fic2014-server/htdocs/;

    server_tokens off;

    access_log /var/log/nginx/fic.access_log;
    error_log /var/log/nginx/fic.error_log;

    ssl_certificate		/var/www/fic2014-server/misc/server.crt;
    ssl_certificate_key		/var/www/fic2014-server/misc/server.key;
    ssl_protocols		TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers	on;
    ssl_ciphers			ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
    ssl_client_certificate	/var/www/fic2014-server/misc/pki/cacert.crt;
    ssl_verify_client		optional;
    ssl_crl			/var/www/fic2014-server/misc/pki/crl.pem;	

    add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";

    error_page 400 /errors/400/index.html;
    error_page 403 /errors/403/index.html;
    error_page 404 /errors/404/index.html;
    error_page 413 414 /errors/413/index.html;
    error_page 500 503 /errors/500/index.html;
    error_page 502 504 /errors/502/index.html;

    location /
    {
	default_type text/html;
	expires epoch;

	set $team 0;

        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=bombal_s/") { set $team 161; }
        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_1/") { set $team 166; }
        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_2/") { set $team 167; }
        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_3/") { set $team 168; }
        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_4/") { set $team 169; }
        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_5/") { set $team 170; }
        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_6/") { set $team 171; }
        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_7/") { set $team 172; }
        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_8/") { set $team 173; }

	if ($team) {
            root /var/www/fic2014-server/teams/$team$1;
	    rewrite ^/([0-9]+-?[a-zA-Z0-9_-]*)/([a-zA-Z0-9_]+)/submission$ /submission.php?team=$team&theme=$1&exercice=$2 last;
        }
	if ($team = 0) {
	    root /var/www/fic2014-server/htdocs/;
	}
    }

    location /errors
    {
	root /var/www/fic2014-server/;
    }

    location /connected
    {
        return 403;
    }

    location /files
    {
        root /var/www/fic2014-server/;

    	aio on;
    	directio 512;
    	output_buffers 1 128k;
    }

    location ~* \favicon.ico$ {
	root /var/www/fic2014-server/htdocs/;
        access_log off;
        expires 1d;
        add_header Cache-Control public;
    }

    location ~ ^/(assets|img|js|css|fonts)/ {
	root /var/www/fic2014-server/htdocs/;
        access_log off;
        expires 7d;
        add_header Cache-Control public;
    }

    location ~ /(\.ht|\.git|\.svn|\.onyx) {
        return 403;
    }

    location /submission.php
    {
	root	      /var/www/fic2014-server/;

    	limit_rate       1k;

        include       /etc/nginx/fastcgi.conf;
        fastcgi_pass  unix:/var/run/php-fpm.sock;
	break;
    }
}
Stronger nginx configuration 2014-01-20 08:58:15 +00:00			`server_tokens off;`
			`client_header_buffer_size 512;`
			`client_max_body_size 512;`

Add configuration for Apache and nginx 2013-10-09 16:07:09 +00:00			`server {`
Modification for production 2013-12-11 11:58:17 +00:00			`listen 443 ssl;`
Modification for two servers 2013-12-11 16:20:26 +00:00			`listen [::]:443 ipv6only=on ssl;`

			`root /var/www/fic2014-server/htdocs/;`
Add configuration for Apache and nginx 2013-10-09 16:07:09 +00:00
Stronger nginx configuration 2014-01-20 08:58:15 +00:00			`server_tokens off;`

Add configuration for Apache and nginx 2013-10-09 16:07:09 +00:00			`access_log /var/log/nginx/fic.access_log;`
Modification for production 2013-12-11 11:58:17 +00:00			`error_log /var/log/nginx/fic.error_log;`
Add configuration for Apache and nginx 2013-10-09 16:07:09 +00:00
Modification for two servers 2013-12-11 16:20:26 +00:00			`ssl_certificate /var/www/fic2014-server/misc/server.crt;`
			`ssl_certificate_key /var/www/fic2014-server/misc/server.key;`
			`ssl_protocols TLSv1 TLSv1.1 TLSv1.2;`
			`ssl_prefer_server_ciphers on;`
			`ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;`
			`ssl_client_certificate /var/www/fic2014-server/misc/pki/cacert.crt;`
Server synchronisation 2013-12-13 17:45:25 +00:00			`ssl_verify_client optional;`
Add ssl_crl in nginx.conf 2013-12-11 17:12:12 +00:00			`ssl_crl /var/www/fic2014-server/misc/pki/crl.pem;`
Server synchronisation 2013-12-13 17:45:25 +00:00
			`add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";`
Stronger nginx configuration 2014-01-20 08:58:15 +00:00
			`error_page 400 /errors/400/index.html;`
			`error_page 403 /errors/403/index.html;`
			`error_page 404 /errors/404/index.html;`
			`error_page 413 414 /errors/413/index.html;`
			`error_page 500 503 /errors/500/index.html;`
			`error_page 502 504 /errors/502/index.html;`

Modification for two servers 2013-12-11 16:20:26 +00:00			`location /`
Modification for production 2013-12-11 11:58:17 +00:00			`{`
Modification for two servers 2013-12-11 16:20:26 +00:00			`default_type text/html;`
Friday release 2013-12-14 05:11:14 +00:00			`expires epoch;`
Add configuration for Apache and nginx 2013-10-09 16:07:09 +00:00
Server synchronisation 2013-12-13 17:45:25 +00:00			`set $team 0;`

			`if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=bombal_s/") { set $team 161; }`
			`if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_1/") { set $team 166; }`
			`if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_2/") { set $team 167; }`
			`if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_3/") { set $team 168; }`
			`if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_4/") { set $team 169; }`
			`if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_5/") { set $team 170; }`
			`if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_6/") { set $team 171; }`
			`if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_7/") { set $team 172; }`
			`if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_8/") { set $team 173; }`
Add configuration for Apache and nginx 2013-10-09 16:07:09 +00:00
Server synchronisation 2013-12-13 17:45:25 +00:00			`if ($team) {`
			`root /var/www/fic2014-server/teams/$team$1;`
Working synchronization 2014-01-19 16:49:07 +00:00			`rewrite ^/([0-9]+-?[a-zA-Z0-9_-]*)/([a-zA-Z0-9_]+)/submission$ /submission.php?team=$team&theme=$1&exercice=$2 last;`
Modification for two servers 2013-12-11 16:20:26 +00:00			`}`
Server synchronisation 2013-12-13 17:45:25 +00:00			`if ($team = 0) {`
			`root /var/www/fic2014-server/htdocs/;`
			`}`
			`}`

Stronger nginx configuration 2014-01-20 08:58:15 +00:00			`location /errors`
			`{`
			`root /var/www/fic2014-server/;`
			`}`

Server synchronisation 2013-12-13 17:45:25 +00:00			`location /connected`
			`{`
			`return 403;`
			`}`

			`location /files`
			`{`
			`root /var/www/fic2014-server/;`
Stronger nginx configuration 2014-01-20 08:58:15 +00:00
			`aio on;`
			`directio 512;`
			`output_buffers 1 128k;`
Add configuration for Apache and nginx 2013-10-09 16:07:09 +00:00			`}`

			`location ~* \favicon.ico$ {`
Working synchronization 2014-01-19 16:49:07 +00:00			`root /var/www/fic2014-server/htdocs/;`
Modification for two servers 2013-12-11 16:20:26 +00:00			`access_log off;`
			`expires 1d;`
			`add_header Cache-Control public;`
Add configuration for Apache and nginx 2013-10-09 16:07:09 +00:00			`}`

Working synchronization 2014-01-19 16:49:07 +00:00			`location ~ ^/(assets\|img\|js\|css\|fonts)/ {`
			`root /var/www/fic2014-server/htdocs/;`
Modification for two servers 2013-12-11 16:20:26 +00:00			`access_log off;`
			`expires 7d;`
			`add_header Cache-Control public;`
Add configuration for Apache and nginx 2013-10-09 16:07:09 +00:00			`}`

			`location ~ /(\.ht\|\.git\|\.svn\|\.onyx) {`
Modification for two servers 2013-12-11 16:20:26 +00:00			`return 403;`
Add configuration for Apache and nginx 2013-10-09 16:07:09 +00:00			`}`

Modification for two servers 2013-12-11 16:20:26 +00:00			`location /submission.php`
Add configuration for Apache and nginx 2013-10-09 16:07:09 +00:00			`{`
Modification for two servers 2013-12-11 16:20:26 +00:00			`root /var/www/fic2014-server/;`
Stronger nginx configuration 2014-01-20 08:58:15 +00:00
			`limit_rate 1k;`

Modification for two servers 2013-12-11 16:20:26 +00:00			`include /etc/nginx/fastcgi.conf;`
Administration: can edit exercices 2014-01-14 15:14:31 +00:00			`fastcgi_pass unix:/var/run/php-fpm.sock;`
Add configuration for Apache and nginx 2013-10-09 16:07:09 +00:00			`break;`
			`}`
			`}`