init commit

author: Hsieh Chin Fan <typebrook@gmail.com> 2022-02-02 13:34:47 +0800
committer: Hsieh Chin Fan <pham@topo.tw> 2024-11-30 21:09:29 +0800
commit: 9934dd538b0ce116e3b1600272cb46369b082246 (patch)
tree: 2f28c6c362201151eaf8218e566479ed7eb72070 /nginx/sites-available/vps
1 files changed, 354 insertions, 0 deletions
diff --git a/nginx/sites-available/vps b/nginx/sites-available/vps
new file mode 100644
index 0000000..bad4621
--- /dev/null
+++ b/nginx/sites-available/vps
@@ -0,0 +1,354 @@
+#map $token $api_client_name {
+#    default "";
+#
+#    # CAUTION!! Change token and client name wisely
+#    "XXXX" "client";
+#}
+# Gets the basename of the original request
+map $request_uri $request_basename {
+  ~/(?<captured_request_basename>[^/?]*)(?:\?|$) $captured_request_basename;
+}
+# Gets the basename of the current uri
+map $uri $basename {
+  ~/(?<captured_basename>[^/]*)$ $captured_basename;
+}
+server {
+  server_name topo.tw www.topo.tw;
+  listen 80;
+  listen 443 ssl;
+  ssl_certificate /etc/nginx/ssl/fullchain.cert;
+  ssl_certificate_key /etc/nginx/ssl/cert.pem;
+  root /srv/http;
+  index index.html;
+  autoindex on;
+  autoindex_exact_size off;
+  # charset
+  charset utf-8;
+  charset_types *;
+  override_charset on;
+  default_type "text/plain; charset=utf-8";
+  # header
+  proxy_set_header Host $host;
+  add_header Cache-Control "no-cache" always;
+  #add_header Cache-Control "max-age=604800";
+  error_page 404 /404.html;
+  error_log /var/log/nginx/error.log debug;
+  #rewrite_log on;
+  location ~ \.html$ {
+    try_files $uri =404;
+  }
+  location ~ \.js$ {
+    add_header Access-Control-Allow-Origin *;
+  }
+  location ~ [^/]$ {
+    try_files $uri @rewrite_no_slash;
+  }
+  location @rewrite_no_slash {
+    add_header rewrite no_slash;
+    rewrite ^(.+)$ $1.html permanent;
+  }
+  location ~ /$ {
+    try_files $uri @rewrite_slash;
+  }
+  location @rewrite_slash {
+    rewrite ^(.+)/$ $1.html permanent;
+  }
+  rewrite ^/posts$ /posts/ permanent;
+  location = /posts/ {
+    autoindex_format xml;
+    xslt_string_param title "/posts/";
+    xslt_stylesheet layout/simple.xslt;
+    add_header Cache-Control "no-cache" always;
+  }
+  # This configuration allow you to upload/modify/delete file, for example:
+  #   curl -X PUT -F file=@foo https://topo.tw/doc/bar
+  location ^~ /doc {
+    alias /home/pham/doc/;
+    client_body_temp_path /tmp/client_temp;
+    dav_methods PUT DELETE MKCOL COPY MOVE;
+    create_full_put_path  on;
+    dav_access            group:rw  all:r;
+    client_max_body_size 10000m;
+  }
+  location ^~ /photos/ {
+    alias /home/pham/data/s3.photos/;
+    autoindex_format xml;
+    xslt_string_param title "photos";
+    xslt_stylesheet layout/gal.xslt;
+    try_files $uri $uri/ =404;
+    expires max;
+    if ($uri ~ ^/photos/([^!]+)!(large|lg|md)$ ) {
+      set $filename /home/pham/data/s3.photos/$1;
+      set $img_version $2;
+      rewrite ^ /thumbnail;
+    }
+  }
+  rewrite ^/p(ublic)?$ /public/ permanent;
+  rewrite ^/p/(.*)$ /public/$1;
+  location ^~ /public/ {
+    alias /home/pham/public/;
+    autoindex_format xml;
+    xslt_string_param title "/posts/";
+    xslt_stylesheet layout/simple.xslt;
+    add_header Access-Control-Allow-Origin "*" always;
+    add_header Cache-Control "no-cache" always;
+  }
+  # thumbnail CGI, requires variables 'filename' and 'img_version'
+  location = /thumbnail {
+    # Prepare the required parameters (width, height, cropping or zooming) according to the URL address!
+    set $img_type resize;
+    set $img_w    -;
+    set $img_h    -;
+    if ($img_version = 'large') {
+      set $img_type resize;
+      set $img_w    1920;
+    }
+    if ($img_version = 'lg') {
+      set $img_type crop;
+      set $img_w    256;
+      set $img_h    256;
+    }
+    if ($img_version = 'md') {
+      set $img_type crop;
+      set $img_w    128;
+      set $img_h    128;
+    }
+    rewrite ^ /_$img_type;
+  }
+  # Processing of Scaled Pictures
+  location = /_resize {
+    alias $filename;
+    image_filter resize $img_w $img_h;
+    image_filter_jpeg_quality 95;
+    image_filter_buffer         20M;
+    image_filter_interlace      on;
+  }
+  # Processing of clipped pictures
+  location = /_crop {
+    alias $filename;
+    image_filter crop $img_w $img_h;
+    image_filter_jpeg_quality 95;
+    image_filter_buffer         20M;
+    image_filter_interlace      on;
+  }
+  location ^~ /wallpapers {
+    alias /home/pham/public/wallpapers/;
+    autoindex_format xml;
+    xslt_string_param title "Wallpaper Collection!";
+    xslt_stylesheet layout/gal.xslt;
+    try_files $uri $uri/ =404;
+    if ($uri ~ ([^/!]+)!(large|lg|md)$ ) {
+      set $filename /home/pham/public/wallpapers/$1;
+      set $img_version $2;
+      rewrite ^ /thumbnail;
+    }
+  }
+  location ^~ /tmp {
+    alias /home/pham/public/tmp/;
+    autoindex on;
+    add_header "Content-Type" "text/plain; charset=utf-8";
+  }
+  location ^~ /osm {
+    alias /home/pham/public/osm/;
+    autoindex on;
+  }
+  location ^~ /tainan/ {
+    alias /home/pham/public/tainan/;
+    autoindex on;
+    index =404;
+  }
+  location /public/layx {
+    alias /home/pham/public/layx/;
+    autoindex on;
+    auth_basic "You need to login";
+    auth_basic_user_file /etc/nginx/passwd/2022.10.11;
+  }
+  location ^~ /private/ {
+    alias /home/pham/private/;
+    autoindex on;
+    auth_basic "You need to login";
+    auth_basic_user_file /etc/nginx/passwd/japan;
+  }
+  location = /japan.html {
+    autoindex on;
+    auth_basic "You need to login";
+    auth_basic_user_file /etc/nginx/passwd/japan;
+  }
+  location ^~ /houshou {
+    alias /home/pham/houshou/;
+    autoindex on;
+    autoindex_format xml;
+    xslt_string_param title "Houshou Collection!";
+    xslt_stylesheet layout/gal.xslt;
+    try_files $uri $uri/ =404;
+    auth_basic "You need to login";
+    auth_basic_user_file /etc/nginx/passwd/houshou;
+    if ($uri ~ ([^/!]+)!(large|lg|md)$ ) {
+      set $filename /home/pham/houshou/$1;
+      set $img_version $2;
+      rewrite ^ /thumbnail;
+    }
+  }
+  location ^~ /houshou2 {
+    alias /home/pham/houshou2/;
+    autoindex on;
+    autoindex_format xml;
+    xslt_string_param title "Houshou Collection!";
+    #xslt_stylesheet layout/simple-gal.xslt;
+    xslt_stylesheet layout/gal.xslt;
+    try_files $uri $uri/ =404;
+    if ($uri ~ ([^/!]+)!(large|lg|md)$ ) {
+      set $filename /home/pham/houshou2/$1;
+      set $img_version $2;
+      rewrite ^ /thumbnail;
+    }
+  }
+  location /rescue {
+    root /home/pham;
+    auth_basic "You need to login";
+    auth_basic_user_file /etc/nginx/passwd/rescue;
+  }
+#  location /upload/ {
+#    proxy_pass http://127.0.0.1:8000/;
+#  }
+  #rewrite ^/up$ /up/;
+  #location /up/ {
+    #    proxy_set_header X-Forwarded-Proto https;
+    #    proxy_set_header Referer $host/up/;
+    #    proxy_pass http://127.0.0.1:8080/;
+    #    client_max_body_size 1g;
+    #}
+  #location = /_validate_token {
+    #    internal;
+    #    if ($token = "") {
+      #        return 401; # Unauthorized
+      #    }
+    #    if ($api_client_name = "") {
+      #        return 403; # Forbidden
+      #    }
+    #    return 204; # OK (no content)
+    #}
+}
+# git server
+server {
+  server_name git.topo.tw;
+  listen 80;
+  listen 443 ssl;
+  ssl_certificate /etc/nginx/ssl/git.topo.tw/fullchain.cer;
+  ssl_certificate_key /etc/nginx/ssl/git.topo.tw/git.topo.tw.key;
+  root /srv/git/www;
+  location ~ (/.*) {
+    #include       fastcgi_params;
+    #fastcgi_param SCRIPT_FILENAME     /usr/lib/git-core/git-http-backend;
+    ## export all repositories under GIT_PROJECT_ROOT
+    #fastcgi_param GIT_HTTP_EXPORT_ALL "";
+    #fastcgi_param GIT_PROJECT_ROOT    /srv/git;
+    #fastcgi_param PATH_INFO           $1;
+  }
+}
+# Block all direct accesses via IP address
+server {
+  server_name "~[\d\.]+";
+  listen 80;
+  listen 443 ssl;
+  error_page 404 /404.html;
+  return 404;
+}
+## Redirect 80 to 443
+#server {
+#  if ($host = topo.tw) {
+#    return 301 https://$host$request_uri;
+#  } # managed by Certbot
+#
+#
+#  #listen 80;
+#  server_name topo.tw;
+#  return 301 https://$host$request_uri;
+#
+#
+#}
+## Forward Proxy
+#server {
+#  resolver 8.8.8.8;
+#  listen 13288;
+#
+#  proxy_connect;
+#  proxy_connect_allow            443 563;
+#  proxy_connect_connect_timeout  10s;
+#  proxy_connect_read_timeout     10s;
+#  proxy_connect_send_timeout     10s;
+#  location / {
+#    proxy_pass http://$host;
+#    proxy_set_header Host $host;
+#  }
+#}
+#server {
+#  server_name demo.topo.tw;
+#  root /;
+#
+#  location / {
+#    index /home/pham/git/vps/demo/client.sh;
+#    add_header Content-Type text/plain;
+#  }
+#  #listen 80;
+#}
author	Hsieh Chin Fan <typebrook@gmail.com>	2022-02-02 13:34:47 +0800
committer	Hsieh Chin Fan <pham@topo.tw>	2024-11-30 21:09:29 +0800
commit	9934dd538b0ce116e3b1600272cb46369b082246 (patch)
tree	2f28c6c362201151eaf8218e566479ed7eb72070 /nginx/sites-available/vps

diff --git a/nginx/sites-available/vps b/nginx/sites-available/vps new file mode 100644 index 0000000..bad4621 --- /dev/null +++ b/nginx/sites-available/vps
@@ -0,0 +1,354 @@
	1	#map $token $api_client_name {
	2	# default "";
	3	#
	4	# # CAUTION!! Change token and client name wisely
	5	# "XXXX" "client";
	6	#}
	7
	8	# Gets the basename of the original request
	9	map $request_uri $request_basename {
	10	~/(?<captured_request_basename>[^/?]*)(?:\?\|$) $captured_request_basename;
	11	}
	12
	13	# Gets the basename of the current uri
	14	map $uri $basename {
	15	~/(?<captured_basename>[^/]*)$ $captured_basename;
	16	}
	17
	18	server {
	19	server_name topo.tw www.topo.tw;
	20
	21	listen 80;
	22	listen 443 ssl;
	23	ssl_certificate /etc/nginx/ssl/fullchain.cert;
	24	ssl_certificate_key /etc/nginx/ssl/cert.pem;
	25
	26	root /srv/http;
	27	index index.html;
	28	autoindex on;
	29	autoindex_exact_size off;
	30
	31	# charset
	32	charset utf-8;
	33	charset_types *;
	34	override_charset on;
	35	default_type "text/plain; charset=utf-8";
	36
	37	# header
	38	proxy_set_header Host $host;
	39	add_header Cache-Control "no-cache" always;
	40	#add_header Cache-Control "max-age=604800";
	41	error_page 404 /404.html;
	42	error_log /var/log/nginx/error.log debug;
	43	#rewrite_log on;
	44
	45	location ~ \.html$ {
	46	try_files $uri =404;
	47	}
	48
	49	location ~ \.js$ {
	50	add_header Access-Control-Allow-Origin *;
	51	}
	52
	53	location ~ [^/]$ {
	54	try_files $uri @rewrite_no_slash;
	55	}
	56
	57	location @rewrite_no_slash {
	58	add_header rewrite no_slash;
	59	rewrite ^(.+)$ $1.html permanent;
	60	}
	61
	62	location ~ /$ {
	63	try_files $uri @rewrite_slash;
	64	}
	65
	66	location @rewrite_slash {
	67	rewrite ^(.+)/$ $1.html permanent;
	68	}
	69
	70	rewrite ^/posts$ /posts/ permanent;
	71	location = /posts/ {
	72	autoindex_format xml;
	73	xslt_string_param title "/posts/";
	74	xslt_stylesheet layout/simple.xslt;
	75	add_header Cache-Control "no-cache" always;
	76	}
	77
	78	# This configuration allow you to upload/modify/delete file, for example:
	79	# curl -X PUT -F file=@foo https://topo.tw/doc/bar
	80	location ^~ /doc {
	81	alias /home/pham/doc/;
	82
	83	client_body_temp_path /tmp/client_temp;
	84	dav_methods PUT DELETE MKCOL COPY MOVE;
	85	create_full_put_path on;
	86	dav_access group:rw all:r;
	87	client_max_body_size 10000m;
	88	}
	89
	90	location ^~ /photos/ {
	91	alias /home/pham/data/s3.photos/;
	92	autoindex_format xml;
	93	xslt_string_param title "photos";
	94	xslt_stylesheet layout/gal.xslt;
	95	try_files $uri $uri/ =404;
	96	expires max;
	97
	98	if ($uri ~ ^/photos/([^!]+)!(large\|lg\|md)$ ) {
	99	set $filename /home/pham/data/s3.photos/$1;
	100	set $img_version $2;
	101	rewrite ^ /thumbnail;
	102	}
	103	}
	104
	105	rewrite ^/p(ublic)?$ /public/ permanent;
	106	rewrite ^/p/(.*)$ /public/$1;
	107	location ^~ /public/ {
	108	alias /home/pham/public/;
	109	autoindex_format xml;
	110	xslt_string_param title "/posts/";
	111	xslt_stylesheet layout/simple.xslt;
	112	add_header Access-Control-Allow-Origin "*" always;
	113	add_header Cache-Control "no-cache" always;
	114	}
	115
	116	# thumbnail CGI, requires variables 'filename' and 'img_version'
	117	location = /thumbnail {
	118	# Prepare the required parameters (width, height, cropping or zooming) according to the URL address!
	119	set $img_type resize;
	120	set $img_w -;
	121	set $img_h -;
	122	if ($img_version = 'large') {
	123	set $img_type resize;
	124	set $img_w 1920;
	125	}
	126	if ($img_version = 'lg') {
	127	set $img_type crop;
	128	set $img_w 256;
	129	set $img_h 256;
	130	}
	131	if ($img_version = 'md') {
	132	set $img_type crop;
	133	set $img_w 128;
	134	set $img_h 128;
	135	}
	136	rewrite ^ /_$img_type;
	137	}
	138
	139	# Processing of Scaled Pictures
	140	location = /_resize {
	141	alias $filename;
	142	image_filter resize $img_w $img_h;
	143	image_filter_jpeg_quality 95;
	144	image_filter_buffer 20M;
	145	image_filter_interlace on;
	146	}
	147
	148	# Processing of clipped pictures
	149	location = /_crop {
	150	alias $filename;
	151	image_filter crop $img_w $img_h;
	152	image_filter_jpeg_quality 95;
	153	image_filter_buffer 20M;
	154	image_filter_interlace on;
	155	}
	156
	157	location ^~ /wallpapers {
	158	alias /home/pham/public/wallpapers/;
	159
	160	autoindex_format xml;
	161	xslt_string_param title "Wallpaper Collection!";
	162	xslt_stylesheet layout/gal.xslt;
	163	try_files $uri $uri/ =404;
	164
	165	if ($uri ~ ([^/!]+)!(large\|lg\|md)$ ) {
	166	set $filename /home/pham/public/wallpapers/$1;
	167	set $img_version $2;
	168	rewrite ^ /thumbnail;
	169	}
	170	}
	171
	172	location ^~ /tmp {
	173	alias /home/pham/public/tmp/;
	174	autoindex on;
	175	add_header "Content-Type" "text/plain; charset=utf-8";
	176	}
	177
	178	location ^~ /osm {
	179	alias /home/pham/public/osm/;
	180	autoindex on;
	181	}
	182
	183	location ^~ /tainan/ {
	184	alias /home/pham/public/tainan/;
	185	autoindex on;
	186	index =404;
	187	}
	188
	189	location /public/layx {
	190	alias /home/pham/public/layx/;
	191
	192	autoindex on;
	193
	194	auth_basic "You need to login";
	195	auth_basic_user_file /etc/nginx/passwd/2022.10.11;
	196	}
	197
	198	location ^~ /private/ {
	199	alias /home/pham/private/;
	200	autoindex on;
	201	auth_basic "You need to login";
	202	auth_basic_user_file /etc/nginx/passwd/japan;
	203	}
	204
	205	location = /japan.html {
	206	autoindex on;
	207
	208	auth_basic "You need to login";
	209	auth_basic_user_file /etc/nginx/passwd/japan;
	210	}
	211
	212	location ^~ /houshou {
	213	alias /home/pham/houshou/;
	214
	215	autoindex on;
	216	autoindex_format xml;
	217	xslt_string_param title "Houshou Collection!";
	218	xslt_stylesheet layout/gal.xslt;
	219	try_files $uri $uri/ =404;
	220
	221	auth_basic "You need to login";
	222	auth_basic_user_file /etc/nginx/passwd/houshou;
	223
	224	if ($uri ~ ([^/!]+)!(large\|lg\|md)$ ) {
	225	set $filename /home/pham/houshou/$1;
	226	set $img_version $2;
	227	rewrite ^ /thumbnail;
	228	}
	229	}
	230
	231	location ^~ /houshou2 {
	232	alias /home/pham/houshou2/;
	233
	234	autoindex on;
	235	autoindex_format xml;
	236	xslt_string_param title "Houshou Collection!";
	237	#xslt_stylesheet layout/simple-gal.xslt;
	238	xslt_stylesheet layout/gal.xslt;
	239	try_files $uri $uri/ =404;
	240
	241	if ($uri ~ ([^/!]+)!(large\|lg\|md)$ ) {
	242	set $filename /home/pham/houshou2/$1;
	243	set $img_version $2;
	244	rewrite ^ /thumbnail;
	245	}
	246	}
	247
	248	location /rescue {
	249	root /home/pham;
	250
	251	auth_basic "You need to login";
	252	auth_basic_user_file /etc/nginx/passwd/rescue;
	253	}
	254
	255	# location /upload/ {
	256	# proxy_pass http://127.0.0.1:8000/;
	257	# }
	258
	259	#rewrite ^/up$ /up/;
	260	#location /up/ {
	261	# proxy_set_header X-Forwarded-Proto https;
	262	# proxy_set_header Referer $host/up/;
	263	# proxy_pass http://127.0.0.1:8080/;
	264
	265	# client_max_body_size 1g;
	266	#}
	267
	268	#location = /_validate_token {
	269	# internal;
	270
	271	# if ($token = "") {
	272	# return 401; # Unauthorized
	273	# }
	274
	275	# if ($api_client_name = "") {
	276	# return 403; # Forbidden
	277	# }
	278
	279	# return 204; # OK (no content)
	280	#}
	281
	282	}
	283
	284	# git server
	285	server {
	286	server_name git.topo.tw;
	287
	288	listen 80;
	289	listen 443 ssl;
	290	ssl_certificate /etc/nginx/ssl/git.topo.tw/fullchain.cer;
	291	ssl_certificate_key /etc/nginx/ssl/git.topo.tw/git.topo.tw.key;
	292
	293	root /srv/git/www;
	294
	295	location ~ (/.*) {
	296	#include fastcgi_params;
	297	#fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
	298	## export all repositories under GIT_PROJECT_ROOT
	299	#fastcgi_param GIT_HTTP_EXPORT_ALL "";
	300	#fastcgi_param GIT_PROJECT_ROOT /srv/git;
	301	#fastcgi_param PATH_INFO $1;
	302	}
	303	}
	304
	305	# Block all direct accesses via IP address
	306	server {
	307	server_name "~[\d\.]+";
	308	listen 80;
	309	listen 443 ssl;
	310
	311	error_page 404 /404.html;
	312	return 404;
	313	}
	314
	315	## Redirect 80 to 443
	316	#server {
	317	# if ($host = topo.tw) {
	318	# return 301 https://$host$request_uri;
	319	# } # managed by Certbot
	320	#
	321	#
	322	# #listen 80;
	323	# server_name topo.tw;
	324	# return 301 https://$host$request_uri;
	325	#
	326	#
	327	#}
	328
	329	## Forward Proxy
	330	#server {
	331	# resolver 8.8.8.8;
	332	# listen 13288;
	333	#
	334	# proxy_connect;
	335	# proxy_connect_allow 443 563;
	336	# proxy_connect_connect_timeout 10s;
	337	# proxy_connect_read_timeout 10s;
	338	# proxy_connect_send_timeout 10s;
	339	# location / {
	340	# proxy_pass http://$host;
	341	# proxy_set_header Host $host;
	342	# }
	343	#}
	344
	345	#server {
	346	# server_name demo.topo.tw;
	347	# root /;
	348	#
	349	# location / {
	350	# index /home/pham/git/vps/demo/client.sh;
	351	# add_header Content-Type text/plain;
	352	# }
	353	# #listen 80;
	354	#}