Modification for two servers

2013-12-11 17:20:26 +01:00 · 2013-12-11 17:20:26 +01:00 · c7d0f7d1e1
commit c7d0f7d1e1
parent 49554c01c8
4 changed files with 98 additions and 39 deletions
--- a/nginx-server-common.conf
+++ b/nginx-server-common.conf
@ -0,0 +1,43 @@
    access_log /var/log/nginx/fic.access_log;
    error_log /var/log/nginx/fic.error_log;
    root /var/www/fic2014-server/htdocs;
    index index.php;
    add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
    location / {
      if (-f $request_filename) {
        break;
      }
      if (-d $request_filename) {
        break;
      }
      rewrite ^/(.*)$ /index.php?p=$1 last;
    }
    location ~* \favicon.ico$ {
      access_log off;
      expires 1d;
      add_header Cache-Control public;
    }
    location ~ ^/(img|js|css)/ {
      access_log off;
      expires 7d;
      add_header Cache-Control public;
    }
    location ~ /(\.ht|\.git|\.svn|\.onyx) {
      return 403;
    }
    location ~ .*.php$
    {
 	if (!-e $document_root$document_uri) { return 404; }
        include /etc/nginx/fastcgi.conf;
        fastcgi_pass  unix:/var/run/fastcgi/php-fpm.sock;
        fastcgi_index index.php;
 	break;
    }
--- a/nginx-server.conf
+++ b/nginx-server.conf
@ -0,0 +1,18 @@
 server {
    listen 443 ssl;
    listen [::]:443 ipv6only=on ssl;
    ssl_certificate /var/www/fic2014-server/misc/server.crt;
    ssl_certificate_key /var/www/fic2014-server/misc/server.key;
 #    ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
 #    ssl_prefer_server_ciphers on;
 #    ssl_ciphers		 ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
    include /var/www/fic2014-server/nginx-server-common.conf;
 }
 server {
    listen [::1]:80 ipv6only=on;
    include /var/www/fic2014-server/nginx-server-common.conf;
 }
--- a/nginx.conf
+++ b/nginx.conf
@ -1,60 +1,58 @@
 server {
    listen 443 ssl;
-    listen [::]:443 ipv6only=on;
+    listen [::]:443 ipv6only=on ssl;
    root /var/www/fic2014-server/htdocs/;
    access_log /var/log/nginx/fic.access_log;
    error_log /var/log/nginx/fic.error_log;
-    root /srv/fic2014-server/htdocs;
+    ssl_certificate		/var/www/fic2014-server/misc/server.crt;
-    index index.php;
+    ssl_certificate_key		/var/www/fic2014-server/misc/server.key;
-
+    ssl_protocols		TLSv1 TLSv1.1 TLSv1.2;
-    ssl_certificate /srv/fic2014-server/misc/server.crt;
+    ssl_prefer_server_ciphers	on;
-    ssl_certificate_key /srv/fic2014-server/misc/server.key;
+    ssl_ciphers			ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
-    ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
+    ssl_client_certificate	/var/www/fic2014-server/misc/pki/cacert.crt;
-    ssl_prefer_server_ciphers on;
+    ssl_verify_client		on;
    ssl_ciphers		 ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
    ssl_client_certificate /srv/fic2014-server/misc/pki/cacert.crt;
    ssl_verify_client on;
    add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
-    if ($ssl_client_s_dn !~ "/C=FR/ST=France/O=Epita/OU=SRS/")
+    location /
    {
-	return 401;	
+	default_type text/html;
-    }
+        if ($ssl_client_s_dn !~ "/C=FR/ST=France/O=Epita/OU=SRS/")
        {
 	    return 401;	
        }
-    location / {
+        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Team1/") {
-      if (-f $request_filename) {
+            root /var/www/fic2014-server/htdocs/connected/166$1;
        break;
      }
      if (-d $request_filename) {
        break;
      }
-      rewrite ^/(.*)$ /index.php?p=$1 last;
+	    rewrite ^/submission-([0-9]+)-([0-9]+).html$ /submission.php?team=166&theme=$1&exercice=$2 last;
        }
    }
    location ~* \favicon.ico$ {
-      access_log off;
+        access_log off;
-      expires 1d;
+        expires 1d;
-      add_header Cache-Control public;
+        add_header Cache-Control public;
    }
    location ~ ^/(img|js|css)/ {
-      access_log off;
+        access_log off;
-      expires 7d;
+        expires 7d;
-      add_header Cache-Control public;
+        add_header Cache-Control public;
    }
    location ~ /(\.ht|\.git|\.svn|\.onyx) {
-      deny  all;
+        return 403;
    }
-    location ~ .*.php$
+    location /submission.php
    {
-	if (!-e $document_root$document_uri) { return 404; }
+	root	      /var/www/fic2014-server/;
-        include /etc/nginx/fastcgi.conf;
+        include       /etc/nginx/fastcgi.conf;
-        fastcgi_pass  unix:/var/run/php5-fpm.sock;
+        fastcgi_pass  unix:/var/run/fastcgi/php-fpm.sock;
        fastcgi_index index.php;
 	break;
    }
 }
--- a/onyx/config/sample.root.xml
+++ b/onyx/config/sample.root.xml
@ -1,13 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<configs active="1" root="/srv/fic2014-server/htdocs/" cache="1">
+<configs active="1" root="/var/www/fic2014-server/htdocs/" cache="1">
  <config match="index.php">
-    <var name="end_challenge">1381441316</var>
+    <var name="end_challenge">1386827772</var>
-    <var name="misc_dir">/srv/fic2014-server/misc/</var>
+    <var name="misc_dir">/var/www/fic2014-server/misc/</var>
-    <var name="submission_dir">/srv/fic2014-server/submission/</var>
+    <var name="submission_dir">/var/www/fic2014-server/submission/</var>
    <var name="chrono"><![CDATA[<!--Page générée en: $ secondes.-->]]></var>
    <var name="prefix_public">challenge-public</var>
    <var name="prefix_teams">challenge</var>
    <var name="prefix_admin">challenge-admin</var>
    <var name="chrono"><![CDATA[<!--Page générée en: $ secondes.-->]]></var>
  </config>
  <config match="*">
    <env option="auth">0</env>