109 lines
2.6 KiB
Nginx Configuration File
109 lines
2.6 KiB
Nginx Configuration File
server_tokens off;
|
|
client_header_buffer_size 512;
|
|
client_max_body_size 512;
|
|
|
|
server {
|
|
listen 80 default;
|
|
listen [::]:80 ipv6only=on default;
|
|
|
|
rewrite ^ https://$host$uri;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 ipv6only=on ssl;
|
|
|
|
root /var/www/fic-server/out/htdocs/;
|
|
|
|
access_log /var/log/nginx/fic.access_log;
|
|
error_log /var/log/nginx/fic.error_log;
|
|
|
|
ssl_certificate /var/www/fic-server/misc/shared/server.crt;
|
|
ssl_certificate_key /var/www/fic-server/misc/shared/server.key;
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_prefer_server_ciphers on;
|
|
# ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
|
|
ssl_ciphers AES256+EECDH:AES256+EDH;
|
|
ssl_client_certificate /var/www/fic-server/misc/shared/cacert.crt;
|
|
ssl_verify_client optional;
|
|
ssl_crl /var/www/fic-server/misc/shared/crl.pem;
|
|
|
|
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
|
|
add_header X-Frame-Options DENY;
|
|
add_header X-Content-Type-Options nosniff;
|
|
|
|
error_page 400 /errors/400/index.html;
|
|
error_page 403 /errors/403/index.html;
|
|
error_page 404 /errors/404/index.html;
|
|
error_page 413 414 /errors/413/index.html;
|
|
error_page 500 503 /errors/500/index.html;
|
|
error_page 502 504 /errors/502/index.html;
|
|
|
|
location /
|
|
{
|
|
default_type text/html;
|
|
expires epoch;
|
|
|
|
set $team 0;
|
|
|
|
include /var/www/fic-server/misc/shared/nginx-teams.conf;
|
|
|
|
if ($team) {
|
|
root /var/www/fic-server/out/teams/$team$1;
|
|
rewrite ^/([0-9]+-?[a-zA-Z0-9_-]*)/([a-zA-Z0-9_]+)/submission$ /submission.php?team=$team&theme=$1&exercice=$2 last;
|
|
}
|
|
if ($team = 0) {
|
|
root /var/www/fic-server/out/htdocs/;
|
|
}
|
|
}
|
|
|
|
location /errors
|
|
{
|
|
root /var/www/fic-server/out/;
|
|
}
|
|
|
|
location /challenge
|
|
{
|
|
return 403;
|
|
}
|
|
|
|
location /files
|
|
{
|
|
root /var/www/fic-server/;
|
|
|
|
# option to accelerate file delivery, require a custom nginx
|
|
#aio on;
|
|
directio 512;
|
|
output_buffers 1 128k;
|
|
}
|
|
|
|
location = /favicon.ico {
|
|
root /var/www/fic-server/out/htdocs/;
|
|
access_log off;
|
|
expires 1d;
|
|
add_header Cache-Control public;
|
|
}
|
|
|
|
location ~ ^/(assets|img|js|css|fonts)/ {
|
|
root /var/www/fic-server/out/htdocs/;
|
|
access_log off;
|
|
expires 7d;
|
|
add_header Cache-Control public;
|
|
}
|
|
|
|
location ~ /(\.ht|\.git|\.svn|\.onyx) {
|
|
return 403;
|
|
}
|
|
|
|
location /submission.php
|
|
{
|
|
root /var/www/fic-server/front/;
|
|
|
|
limit_rate 4k;
|
|
|
|
include /etc/nginx/fastcgi_params;
|
|
fastcgi_pass unix:/var/run/php-fpm.sock;
|
|
break;
|
|
}
|
|
}
|