12 files changed, 674 insertions, 0 deletions

diff --git a/nginx/.gitignore b/nginx/.gitignore
new file mode 100644
index 0000000..c5d401b
--- /dev/null
+++ b/nginx/.gitignore
@@ -0,0 +1,2 @@
+src/
+*tar.gz
diff --git a/nginx/Makefile b/nginx/Makefile
new file mode 100644
index 0000000..cb995f7
--- /dev/null
+++ b/nginx/Makefile
@@ -0,0 +1,28 @@
+.ONESHELL:
+
+VERSION=1.27.2
+
+all: src /home/pham/git/ngx_http_proxy_connect_module
+        cd $<
+        nginx -V |& \
+        sed -nE 's/^configure arguments: ([^\n]*)$$/\1/p' | \
+        sed -nE 's/([^'"'"' \t\n]+('"'"'([^'"'"'\]|\\'"'"'?)*'"'"'|"([^"\\]|\\"?)*")?) ?/\1\n/gp' | \
+        xargs ./configure \
+                --with-http_xslt_module=dynamic \
+                --with-http_dav_module \
+                --with-http_image_filter_module \
+                --add-dynamic-module=/home/pham/git/ngx_http_proxy_connect_module
+        make modules
+        make
+        sudo make install
+        #cd ../.. &&  rm -rf nginx
+
+src:
+        curl -O https://nginx.org/download/nginx-${VERSION}.tar.gz
+        tar zxvf nginx-${VERSION}.tar.gz && mv nginx-${VERSION} $@
+
+config:
+        ln -sf `pwd`/* /etc/nginx
+
+/home/pham/git/ngx_http_proxy_connect_module:
+        git clone https://github.com/chobits/ngx_http_proxy_connect_module $@
diff --git a/nginx/layout/gal.xslt b/nginx/layout/gal.xslt
new file mode 100644
index 0000000..fadcc37
--- /dev/null
+++ b/nginx/layout/gal.xslt
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:output method="html" encoding="utf-8" indent="yes" />
+<xsl:template match="/">
+<xsl:text disable-output-escaping='yes'>&lt;!DOCTYPE html&gt;</xsl:text>
+<html>
+<head>
+  <title><xsl:value-of select="$title" /></title>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css" integrity="sha256-Vzbj7sDDS/woiFS3uNKo8eIuni59rjyNGtXfstRzStA=" crossorigin="anonymous"/>
+  <script src="https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script>
+  <script src="https://cdn.jsdelivr.net/npm/@fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.js" integrity="sha256-yt2kYMy0w8AbtF89WXb2P1rfjcP/HTHLT7097U8Y5b8=" crossorigin="anonymous"></script>
+  <script src="https://cdn.jsdelivr.net/npm/jszip@3.1.5/dist/jszip.min.js" integrity="sha256-PZ/OvdXxEW1u3nuTAUCSjd4lyaoJ3UJpv/X11x2Gi5c=" crossorigin="anonymous"></script>
+  <script src="https://cdn.jsdelivr.net/npm/file-saver@2.0.5/dist/FileSaver.min.js" integrity="sha256-xoh0y6ov0WULfXcLMoaA6nZfszdgI8w2CEJ/3k8NBIE=" crossorigin="anonymous"></script>
+  <style>img { display: block; }</style>
+</head>
+<body>
+<h1 style="text-align: center;"><xsl:value-of select="$title"/></h1>
+<div style="border-bottom: 1px solid gray; margin-bottom: 1rem;"></div>
+<div style="display: flex; flex-wrap: wrap; gap: 2px; justify-content: center;">
+<xsl:for-each select="list/file">
+  <xsl:sort order="descending"/>
+  <a href="{.}" data-fancybox="gallery">
+    <img loading="lazy" src="{.}!lg" height="200"/>
+  </a>
+</xsl:for-each>
+</div>
+<script>
+async function downloadAll() {
+  const zip = JSZip();
+  const folder = zip.folder('<xsl:value-of select="$title" />');
+  const files = [
+    <xsl:for-each select="list/file">
+     <xsl:value-of select="." />
+    </xsl:for-each>
+  ];
+  for(const i in files) {
+    const file = files[i];
+    const resp = await fetch(file);
+    folder.file(file, resp.blob());
+    $.fancybox.animate($.fancybox.getInstance().SlideShow.$progress.show(),{scaleX: i/files.length}, 0.1);
+  }
+  const zipFile = await zip.generateAsync({type: 'blob'});
+  saveAs(zipFile, '<xsl:value-of select="$title" />' + '.zip');
+  $.fancybox.animate($.fancybox.getInstance().SlideShow.$progress.show(),{scaleX: 0}, 0.1); 
+}
+
+$('[data-fancybox="gallery"]').fancybox({
+  buttons: [
+    "thumbs",
+    "slideShow",
+    "fullScreen",
+    "downloadAll",
+    "close"
+  ],
+  btnTpl: {
+    downloadAll:
+      '<a class="fancybox-button fancybox-button--download" title="Download All" href="javascript:downloadAll()">' +
+      '<svg xmlns="http://www.w3.org/2000/svg" class="h-6 w-6" fill="none" viewBox="0 0 24 24" stroke="currentColor"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 10v6m0 0l-3-3m3 3l3-3M3 17V7a2 2 0 012-2h6l2 2h6a2 2 0 012 2v8a2 2 0 01-2 2H5a2 2 0 01-2-2z" style="fill:unset; stroke-width:2"/></svg>' +
+      '</a>',
+  }
+});
+</script>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet>
diff --git a/nginx/layout/simple-gal.xslt b/nginx/layout/simple-gal.xslt
new file mode 100644
index 0000000..749be72
--- /dev/null
+++ b/nginx/layout/simple-gal.xslt
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:output method="html" encoding="utf-8" indent="yes" />
+<xsl:template match="/">
+<xsl:text disable-output-escaping='yes'>&lt;!DOCTYPE html&gt;</xsl:text>
+<html>
+<head>
+    <title><xsl:value-of select="$title" /></title>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <style>
+    img {
+         display: inline;
+         width: 23%;    
+         margin: 2mm;
+         vertical-align: bottom;
+    }
+    @media all and (max-width: 20.4cm) {
+        img {
+            max-width: calc(100% - 4mm);
+        }
+    }
+    body {
+        margin: 0;
+    }
+    </style>
+</head>
+<body>
+    <xsl:for-each select="list/file">
+        <a href="{.}" title="click to enlarge">
+            <img src="{.}" alt="{.}"/>
+        </a>
+   </xsl:for-each>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet>
diff --git a/nginx/layout/simple.xslt b/nginx/layout/simple.xslt
new file mode 100644
index 0000000..9cc5ad6
--- /dev/null
+++ b/nginx/layout/simple.xslt
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+  <xsl:template match="/">
+    <html>
+      <body style="margin: 0 auto; max-width: 900px; width: fit-content;">
+
+        <h3><xsl:value-of select="name(//directory)"/></h3>
+
+        <table border="0">
+          <tr bgcolor="#7DAFFF">
+            <th>Name</th>
+            <th style="padding-inline: 2em;">Size</th>
+            <th>Date</th>
+          </tr>
+          <xsl:for-each select="list/*">
+            <xsl:sort select="mtime" />
+
+            <xsl:variable name="name">
+              <xsl:value-of select="."/>
+            </xsl:variable>
+
+            <xsl:variable name="size">
+              <xsl:if test="string-length(@size) &gt; 0">
+                <xsl:if test="number(@size) &gt; 0">
+                  <xsl:choose>
+                    <xsl:when test="round(@size div 1024) &lt; 1"><xsl:value-of select="@size" /></xsl:when>
+                    <xsl:when test="round(@size div 1048576) &lt; 1"><xsl:value-of select="format-number((@size div 1024), '0.0')" />K</xsl:when>
+                    <xsl:otherwise><xsl:value-of select="format-number((@size div 1048576), '0.00')" /> MB</xsl:otherwise>
+                  </xsl:choose>
+                </xsl:if>
+              </xsl:if>
+            </xsl:variable>
+
+            <xsl:variable name="date">
+              <xsl:value-of select="substring(@mtime,6,2)"/>/<xsl:value-of select="substring(@mtime,9,2)"/><xsl:text> </xsl:text>
+              <xsl:value-of select="substring(@mtime,12,2)"/>:<xsl:value-of select="substring(@mtime,15,2)"/>:<xsl:value-of select="substring(@mtime,18,2)"/><xsl:text> </xsl:text>
+              <xsl:value-of select="substring(@mtime,1,4)"/>
+            </xsl:variable>
+
+            <tr>
+              <td><a href="{$name}"><xsl:value-of select="."/></a></td>
+              <td align="right" style="padding-right: 2em;"><xsl:value-of select="$size"/></td>
+              <td><xsl:value-of select="$date"/></td>
+            </tr>
+
+          </xsl:for-each>
+        </table>
+      </body>
+    </html>
+  </xsl:template>
+</xsl:stylesheet>
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
new file mode 100644
index 0000000..d0601ec
--- /dev/null
+++ b/nginx/nginx.conf
@@ -0,0 +1,131 @@
+load_module /etc/nginx/modules/ngx_http_dav_ext_module.so;
+load_module /etc/nginx/modules/ngx_http_xslt_filter_module.so;
+load_module /etc/nginx/modules/ngx_http_proxy_connect_module.so;
+
+user pham;
+worker_processes  1;
+
+#error_log  logs/error.log;
+#error_log  logs/error.log  notice;
+#error_log  logs/error.log  info;
+
+#pid        logs/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    types_hash_max_size 4096;
+    server_names_hash_bucket_size 128;
+
+    include       mime.types;
+    default_type  application/octet-stream;
+    disable_symlinks off;
+
+    # Read manual for valid variables:
+    #   https://nginx.org/en/docs/http/ngx_http_core_module.html#variables
+
+    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    #                  '$status $body_bytes_sent "$http_referer" '
+    #                  '"$http_user_agent" "$http_x_forwarded_for"';
+    log_format  main  '$status $request_method\t$http_host$uri\tfrom $http_referer\n'
+                      '$time_iso8601 $remote_addr\r\t\t\t\t\t   $http_user_agent';
+    access_log /var/log/nginx/access.log main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    #server {
+    #    listen       80;
+    #    server_name  localhost;
+
+    #    #charset koi8-r;
+
+    #    #access_log  logs/host.access.log  main;
+
+    #    location / {
+    #        root   /usr/share/nginx/html;
+    #        index  index.html index.htm;
+    #    }
+
+    #    #error_page  404              /404.html;
+
+    #    # redirect server error pages to the static page /50x.html
+    #    #
+    #    error_page   500 502 503 504  /50x.html;
+    #    location = /50x.html {
+    #        root   /usr/share/nginx/html;
+    #    }
+
+        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+        #
+        #location ~ \.php$ {
+        #    proxy_pass   http://127.0.0.1;
+        #}
+
+        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+        #
+        #location ~ \.php$ {
+        #    root           html;
+        #    fastcgi_pass   127.0.0.1:9000;
+        #    fastcgi_index  index.php;
+        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+        #    include        fastcgi_params;
+        #}
+
+        # deny access to .htaccess files, if Apache's document root
+        # concurs with nginx's one
+        #
+        #location ~ /\.ht {
+        #    deny  all;
+        #}
+    #}
+
+
+    # another virtual host using mix of IP-, name-, and port-based configuration
+    #
+    #server {
+    #    listen       8000;
+    #    listen       somename:8080;
+    #    server_name  somename  alias  another.alias;
+
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #}
+
+
+    # HTTPS server
+    #
+    #server {
+    #    listen       443 ssl;
+    #    server_name  localhost;
+
+    #    ssl_certificate      cert.pem;
+    #    ssl_certificate_key  cert.key;
+
+    #    ssl_session_cache    shared:SSL:1m;
+    #    ssl_session_timeout  5m;
+
+    #    ssl_ciphers  HIGH:!aNULL:!MD5;
+    #    ssl_prefer_server_ciphers  on;
+
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #}
+
+    # load configs
+    #include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/vps;
+}
diff --git a/nginx/passwd/2022.10.11 b/nginx/passwd/2022.10.11
new file mode 100644
index 0000000..7037748
--- /dev/null
+++ b/nginx/passwd/2022.10.11
@@ -0,0 +1 @@
+lay911225:$apr1$yc365c.t$HrUOy9eWekr6xNkWsTZBR.
diff --git a/nginx/passwd/houshou b/nginx/passwd/houshou
new file mode 100644
index 0000000..7ec2d1d
--- /dev/null
+++ b/nginx/passwd/houshou
@@ -0,0 +1 @@
+houshou:$apr1$tSspURxF$zciiExFt0nj0n.pbJiXUh0
diff --git a/nginx/passwd/japan b/nginx/passwd/japan
new file mode 100644
index 0000000..da8a465
--- /dev/null
+++ b/nginx/passwd/japan
@@ -0,0 +1 @@
+klara:$apr1$ZCAf5ib0$ZjDi7s1djpikGXhRQaQX01
diff --git a/nginx/passwd/ntumountainclub b/nginx/passwd/ntumountainclub
new file mode 100644
index 0000000..d485239
--- /dev/null
+++ b/nginx/passwd/ntumountainclub
@@ -0,0 +1 @@
+radio:$apr1$rexQL6MJ$MRLWfUmi4FyeJ65oKYz/Q/
diff --git a/nginx/passwd/rescue b/nginx/passwd/rescue
new file mode 100644
index 0000000..d46bf6f
--- /dev/null
+++ b/nginx/passwd/rescue
@@ -0,0 +1 @@
+mountainclub:$apr1$H5RdWRmY$Clj3PkR.x4vLomKNK/ZN3.
diff --git a/nginx/sites-available/vps b/nginx/sites-available/vps
new file mode 100644
index 0000000..bad4621
--- /dev/null
+++ b/nginx/sites-available/vps
@@ -0,0 +1,354 @@
+#map $token $api_client_name {
+#    default "";
+#
+#    # CAUTION!! Change token and client name wisely
+#    "XXXX" "client";
+#}
+
+# Gets the basename of the original request
+map $request_uri $request_basename {
+  ~/(?<captured_request_basename>[^/?]*)(?:\?|$) $captured_request_basename;
+}
+
+# Gets the basename of the current uri
+map $uri $basename {
+  ~/(?<captured_basename>[^/]*)$ $captured_basename;
+}
+
+server {
+  server_name topo.tw www.topo.tw;
+
+  listen 80;
+  listen 443 ssl;
+  ssl_certificate /etc/nginx/ssl/fullchain.cert;
+  ssl_certificate_key /etc/nginx/ssl/cert.pem;
+
+  root /srv/http;
+  index index.html;
+  autoindex on;
+  autoindex_exact_size off;
+
+  # charset
+  charset utf-8;
+  charset_types *;
+  override_charset on;
+  default_type "text/plain; charset=utf-8";
+
+  # header
+  proxy_set_header Host $host;
+  add_header Cache-Control "no-cache" always;
+  #add_header Cache-Control "max-age=604800";
+  error_page 404 /404.html;
+  error_log /var/log/nginx/error.log debug;
+  #rewrite_log on;
+
+  location ~ \.html$ {
+    try_files $uri =404;
+  }
+
+  location ~ \.js$ {
+    add_header Access-Control-Allow-Origin *;
+  }
+
+  location ~ [^/]$ {
+    try_files $uri @rewrite_no_slash;
+  }
+
+  location @rewrite_no_slash {
+    add_header rewrite no_slash;
+    rewrite ^(.+)$ $1.html permanent;
+  }
+
+  location ~ /$ {
+    try_files $uri @rewrite_slash;
+  }
+
+  location @rewrite_slash {
+    rewrite ^(.+)/$ $1.html permanent;
+  }
+
+  rewrite ^/posts$ /posts/ permanent;
+  location = /posts/ {
+    autoindex_format xml;
+    xslt_string_param title "/posts/";
+    xslt_stylesheet layout/simple.xslt;
+    add_header Cache-Control "no-cache" always;
+  }
+
+  # This configuration allow you to upload/modify/delete file, for example:
+  #   curl -X PUT -F file=@foo https://topo.tw/doc/bar
+  location ^~ /doc {
+    alias /home/pham/doc/;
+
+    client_body_temp_path /tmp/client_temp;
+    dav_methods PUT DELETE MKCOL COPY MOVE;
+    create_full_put_path  on;
+    dav_access            group:rw  all:r;
+    client_max_body_size 10000m;
+  }
+
+  location ^~ /photos/ {
+    alias /home/pham/data/s3.photos/;
+    autoindex_format xml;
+    xslt_string_param title "photos";
+    xslt_stylesheet layout/gal.xslt;
+    try_files $uri $uri/ =404;
+    expires max;
+
+    if ($uri ~ ^/photos/([^!]+)!(large|lg|md)$ ) {
+      set $filename /home/pham/data/s3.photos/$1;
+      set $img_version $2;
+      rewrite ^ /thumbnail;
+    }
+  }
+
+  rewrite ^/p(ublic)?$ /public/ permanent;
+  rewrite ^/p/(.*)$ /public/$1;
+  location ^~ /public/ {
+    alias /home/pham/public/;
+    autoindex_format xml;
+    xslt_string_param title "/posts/";
+    xslt_stylesheet layout/simple.xslt;
+    add_header Access-Control-Allow-Origin "*" always;
+    add_header Cache-Control "no-cache" always;
+  }
+
+  # thumbnail CGI, requires variables 'filename' and 'img_version'
+  location = /thumbnail {
+    # Prepare the required parameters (width, height, cropping or zooming) according to the URL address!
+    set $img_type resize;
+    set $img_w    -;
+    set $img_h    -;
+    if ($img_version = 'large') {
+      set $img_type resize;
+      set $img_w    1920;
+    }
+    if ($img_version = 'lg') {
+      set $img_type crop;
+      set $img_w    256;
+      set $img_h    256;
+    }
+    if ($img_version = 'md') {
+      set $img_type crop;
+      set $img_w    128;
+      set $img_h    128;
+    }
+    rewrite ^ /_$img_type;
+  }
+
+  # Processing of Scaled Pictures
+  location = /_resize {
+    alias $filename;
+    image_filter resize $img_w $img_h;
+    image_filter_jpeg_quality 95;
+    image_filter_buffer         20M;
+    image_filter_interlace      on;
+  }
+
+  # Processing of clipped pictures
+  location = /_crop {
+    alias $filename;
+    image_filter crop $img_w $img_h;
+    image_filter_jpeg_quality 95;
+    image_filter_buffer         20M;
+    image_filter_interlace      on;
+  }
+
+  location ^~ /wallpapers {
+    alias /home/pham/public/wallpapers/;
+
+    autoindex_format xml;
+    xslt_string_param title "Wallpaper Collection!";
+    xslt_stylesheet layout/gal.xslt;
+    try_files $uri $uri/ =404;
+
+    if ($uri ~ ([^/!]+)!(large|lg|md)$ ) {
+      set $filename /home/pham/public/wallpapers/$1;
+      set $img_version $2;
+      rewrite ^ /thumbnail;
+    }
+  }
+
+  location ^~ /tmp {
+    alias /home/pham/public/tmp/;
+    autoindex on;
+    add_header "Content-Type" "text/plain; charset=utf-8";
+  }
+
+  location ^~ /osm {
+    alias /home/pham/public/osm/;
+    autoindex on;
+  }
+
+  location ^~ /tainan/ {
+    alias /home/pham/public/tainan/;
+    autoindex on;
+    index =404;
+  }
+
+  location /public/layx {
+    alias /home/pham/public/layx/;
+
+    autoindex on;
+
+    auth_basic "You need to login";
+    auth_basic_user_file /etc/nginx/passwd/2022.10.11;
+  }
+
+  location ^~ /private/ {
+    alias /home/pham/private/;
+    autoindex on;
+    auth_basic "You need to login";
+    auth_basic_user_file /etc/nginx/passwd/japan;
+  }
+
+  location = /japan.html {
+    autoindex on;
+
+    auth_basic "You need to login";
+    auth_basic_user_file /etc/nginx/passwd/japan;
+  }
+
+  location ^~ /houshou {
+    alias /home/pham/houshou/;
+
+    autoindex on;
+    autoindex_format xml;
+    xslt_string_param title "Houshou Collection!";
+    xslt_stylesheet layout/gal.xslt;
+    try_files $uri $uri/ =404;
+
+    auth_basic "You need to login";
+    auth_basic_user_file /etc/nginx/passwd/houshou;
+
+    if ($uri ~ ([^/!]+)!(large|lg|md)$ ) {
+      set $filename /home/pham/houshou/$1;
+      set $img_version $2;
+      rewrite ^ /thumbnail;
+    }
+  }
+
+  location ^~ /houshou2 {
+    alias /home/pham/houshou2/;
+
+    autoindex on;
+    autoindex_format xml;
+    xslt_string_param title "Houshou Collection!";
+    #xslt_stylesheet layout/simple-gal.xslt;
+    xslt_stylesheet layout/gal.xslt;
+    try_files $uri $uri/ =404;
+
+    if ($uri ~ ([^/!]+)!(large|lg|md)$ ) {
+      set $filename /home/pham/houshou2/$1;
+      set $img_version $2;
+      rewrite ^ /thumbnail;
+    }
+  }
+
+  location /rescue {
+    root /home/pham;
+
+    auth_basic "You need to login";
+    auth_basic_user_file /etc/nginx/passwd/rescue;
+  }
+
+#  location /upload/ {
+#    proxy_pass http://127.0.0.1:8000/;
+#  }
+
+  #rewrite ^/up$ /up/;
+  #location /up/ {
+    #    proxy_set_header X-Forwarded-Proto https;
+    #    proxy_set_header Referer $host/up/;
+    #    proxy_pass http://127.0.0.1:8080/;
+
+    #    client_max_body_size 1g;
+    #}
+
+  #location = /_validate_token {
+    #    internal;
+
+    #    if ($token = "") {
+      #        return 401; # Unauthorized
+      #    }
+
+    #    if ($api_client_name = "") {
+      #        return 403; # Forbidden
+      #    }
+
+    #    return 204; # OK (no content)
+    #}
+
+}
+
+# git server
+server {
+  server_name git.topo.tw;
+
+  listen 80;
+  listen 443 ssl;
+  ssl_certificate /etc/nginx/ssl/git.topo.tw/fullchain.cer;
+  ssl_certificate_key /etc/nginx/ssl/git.topo.tw/git.topo.tw.key;
+
+  root /srv/git/www;
+
+  location ~ (/.*) {
+    #include       fastcgi_params;
+    #fastcgi_param SCRIPT_FILENAME     /usr/lib/git-core/git-http-backend;
+    ## export all repositories under GIT_PROJECT_ROOT
+    #fastcgi_param GIT_HTTP_EXPORT_ALL "";
+    #fastcgi_param GIT_PROJECT_ROOT    /srv/git;
+    #fastcgi_param PATH_INFO           $1;
+  }
+}
+
+# Block all direct accesses via IP address
+server {
+  server_name "~[\d\.]+";
+  listen 80;
+  listen 443 ssl;
+
+  error_page 404 /404.html;
+  return 404;
+}
+
+## Redirect 80 to 443
+#server {
+#  if ($host = topo.tw) {
+#    return 301 https://$host$request_uri;
+#  } # managed by Certbot
+#
+#
+#  #listen 80;
+#  server_name topo.tw;
+#  return 301 https://$host$request_uri;
+#
+#
+#}
+
+## Forward Proxy
+#server {
+#  resolver 8.8.8.8;
+#  listen 13288;
+#
+#  proxy_connect;
+#  proxy_connect_allow            443 563;
+#  proxy_connect_connect_timeout  10s;
+#  proxy_connect_read_timeout     10s;
+#  proxy_connect_send_timeout     10s;
+#  location / {
+#    proxy_pass http://$host;
+#    proxy_set_header Host $host;
+#  }
+#}
+
+#server {
+#  server_name demo.topo.tw;
+#  root /;
+#
+#  location / {
+#    index /home/pham/git/vps/demo/client.sh;
+#    add_header Content-Type text/plain;
+#  }
+#  #listen 80;
+#}