Modification for two servers
This commit is contained in:
parent
49554c01c8
commit
c7d0f7d1e1
4 changed files with 98 additions and 39 deletions
66
nginx.conf
66
nginx.conf
|
|
@ -1,60 +1,58 @@
|
|||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ipv6only=on;
|
||||
listen [::]:443 ipv6only=on ssl;
|
||||
|
||||
root /var/www/fic2014-server/htdocs/;
|
||||
|
||||
access_log /var/log/nginx/fic.access_log;
|
||||
error_log /var/log/nginx/fic.error_log;
|
||||
|
||||
root /srv/fic2014-server/htdocs;
|
||||
index index.php;
|
||||
|
||||
ssl_certificate /srv/fic2014-server/misc/server.crt;
|
||||
ssl_certificate_key /srv/fic2014-server/misc/server.key;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
|
||||
ssl_client_certificate /srv/fic2014-server/misc/pki/cacert.crt;
|
||||
ssl_verify_client on;
|
||||
ssl_certificate /var/www/fic2014-server/misc/server.crt;
|
||||
ssl_certificate_key /var/www/fic2014-server/misc/server.key;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
|
||||
ssl_client_certificate /var/www/fic2014-server/misc/pki/cacert.crt;
|
||||
ssl_verify_client on;
|
||||
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
|
||||
|
||||
if ($ssl_client_s_dn !~ "/C=FR/ST=France/O=Epita/OU=SRS/")
|
||||
location /
|
||||
{
|
||||
return 401;
|
||||
}
|
||||
default_type text/html;
|
||||
if ($ssl_client_s_dn !~ "/C=FR/ST=France/O=Epita/OU=SRS/")
|
||||
{
|
||||
return 401;
|
||||
}
|
||||
|
||||
location / {
|
||||
if (-f $request_filename) {
|
||||
break;
|
||||
}
|
||||
if (-d $request_filename) {
|
||||
break;
|
||||
}
|
||||
if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Team1/") {
|
||||
root /var/www/fic2014-server/htdocs/connected/166$1;
|
||||
|
||||
rewrite ^/(.*)$ /index.php?p=$1 last;
|
||||
rewrite ^/submission-([0-9]+)-([0-9]+).html$ /submission.php?team=166&theme=$1&exercice=$2 last;
|
||||
}
|
||||
}
|
||||
|
||||
location ~* \favicon.ico$ {
|
||||
access_log off;
|
||||
expires 1d;
|
||||
add_header Cache-Control public;
|
||||
access_log off;
|
||||
expires 1d;
|
||||
add_header Cache-Control public;
|
||||
}
|
||||
|
||||
location ~ ^/(img|js|css)/ {
|
||||
access_log off;
|
||||
expires 7d;
|
||||
add_header Cache-Control public;
|
||||
access_log off;
|
||||
expires 7d;
|
||||
add_header Cache-Control public;
|
||||
}
|
||||
|
||||
location ~ /(\.ht|\.git|\.svn|\.onyx) {
|
||||
deny all;
|
||||
return 403;
|
||||
}
|
||||
|
||||
location ~ .*.php$
|
||||
location /submission.php
|
||||
{
|
||||
if (!-e $document_root$document_uri) { return 404; }
|
||||
include /etc/nginx/fastcgi.conf;
|
||||
fastcgi_pass unix:/var/run/php5-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
root /var/www/fic2014-server/;
|
||||
include /etc/nginx/fastcgi.conf;
|
||||
fastcgi_pass unix:/var/run/fastcgi/php-fpm.sock;
|
||||
break;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue