#map $token $api_client_name { # default ""; # # # CAUTION!! Change token and client name wisely # "XXXX" "client"; #} # Gets the basename of the original request map $request_uri $request_basename { ~/(?[^/?]*)(?:\?|$) $captured_request_basename; } # Gets the basename of the current uri map $uri $basename { ~/(?[^/]*)$ $captured_basename; } server { server_name topo.tw www.topo.tw "~[\d\.]+" localhost; listen 80; listen 443 ssl; ssl_certificate /etc/nginx/ssl/fullchain.cert; ssl_certificate_key /etc/nginx/ssl/cert.pem; # files root /srv/http; index index.html; #autoindex on; #autoindex_exact_size off; disable_symlinks off; include /etc/nginx/sites-available/topo.tw.tmp; include /home/pham/site/nginx/modules/fancyindex/fancyindex.conf; location ^~ /fancyindex/ { root /home/pham/site/nginx/modules; } # charset charset utf-8; charset_types *; override_charset on; # header proxy_set_header Host $host; add_header Cache-Control "no-cache" always; #add_header Cache-Control "max-age=604800"; error_page 404 /404.html; error_log /var/log/nginx/error.log debug; #rewrite_log on; try_files $uri $uri"index.html" $uri/index.html @rewrite_no_slash; location @rewrite_no_slash { add_header rewrite no_slash; rewrite ^(.+)$ $1.html permanent; } location ~ \.html$ { try_files $uri =404; } # RSS Feed for various names # ref: https://blog.jim-nielsen.com/2021/feed-urls/ location ~ ^/(rss|index.xml|atom|atom.xml|feed|feed.rss|feed.xml|feed.atom)$ { alias /srv/http/feed.rss; add_header Content-Type "text/xml; charset=utf-8"; } location ~ \.js$ { add_header Access-Control-Allow-Origin *; } rewrite ^/cgi$ /cgi/ permanent; location = /cgi/ { alias /srv/cgi/; fancyindex_ignore Makefile fastcgi.*; } location ^~ /cgi/ { gzip off; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/run/fcgiwrap.sock; fastcgi_param SCRIPT_FILENAME /srv/cgi/$basename; error_log /tmp/cgi info; } location ^~ /links/rss/ { alias /srv/rss/; } #location ~ /$ { # try_files $uri @rewrite_slash; #} #location @rewrite_slash { # rewrite ^(.+)/$ $1.html permanent; #} rewrite ^/posts$ /posts/ permanent; location = /posts/ { } # This configuration allow you to upload/modify/delete file, for example: # curl -X PUT -F file=@foo https://topo.tw/doc/bar location ^~ /doc { alias /home/pham/doc/; client_body_temp_path /tmp/client_temp; dav_methods PUT DELETE MKCOL COPY MOVE; create_full_put_path on; dav_access group:rw all:r; client_max_body_size 10000m; } location ^~ /photos/ { alias /home/pham/data/s3.photos/; #autoindex_format xml; #xslt_string_param title "photos"; #xslt_stylesheet layout/gal.xslt; try_files $uri $uri/ =404; expires max; if ($uri ~ ^/photos/([^!]+)!(large|lg|md)$ ) { set $filename /home/pham/data/s3.photos/$1; set $img_version $2; rewrite ^ /thumbnail; } } rewrite ^/p(ublic)?$ /public/ permanent; rewrite ^/p/(.*)$ /public/$1; location ^~ /public/ { alias /home/pham/public/; autoindex_format xml; xslt_string_param title "/posts/"; xslt_stylesheet layout/simple.xslt; add_header Access-Control-Allow-Origin "*" always; add_header Cache-Control "no-cache" always; } # thumbnail CGI, requires variables 'filename' and 'img_version' location = /thumbnail { # Prepare the required parameters (width, height, cropping or zooming) according to the URL address! set $img_type resize; set $img_w -; set $img_h -; if ($img_version = 'large') { set $img_type resize; set $img_w 1920; } if ($img_version = 'lg') { set $img_type crop; set $img_w 256; set $img_h 256; } if ($img_version = 'md') { set $img_type crop; set $img_w 128; set $img_h 128; } rewrite ^ /_$img_type; } # Processing of Scaled Pictures location = /_resize { alias $filename; image_filter resize $img_w $img_h; image_filter_jpeg_quality 95; image_filter_buffer 20M; image_filter_interlace on; } # Processing of clipped pictures location = /_crop { alias $filename; image_filter crop $img_w $img_h; image_filter_jpeg_quality 95; image_filter_buffer 20M; image_filter_interlace on; } location ^~ /wallpapers { alias /home/pham/public/wallpapers/; autoindex on; autoindex_format xml; xslt_string_param title "Wallpaper Collection!"; xslt_stylesheet layout/gal.xslt; try_files $uri $uri/ =404; if ($uri ~ ([^/!]+)!(large|lg|md)$ ) { set $filename /home/pham/public/wallpapers/$1; set $img_version $2; rewrite ^ /thumbnail; } } location ^~ /tmp { alias /home/pham/public/tmp/; autoindex on; add_header "Content-Type" "text/plain; charset=utf-8"; } location ^~ /osm { alias /home/pham/public/osm/; autoindex on; } location ^~ /tainan/ { alias /home/pham/public/tainan/; autoindex on; index =404; } location ^~ /private/ { alias /home/pham/private/; autoindex on; auth_basic "You need to login"; auth_basic_user_file /etc/nginx/passwd/japan; } location = /japan.html { autoindex on; auth_basic "You need to login"; auth_basic_user_file /etc/nginx/passwd/japan; } location ^~ /houshou { alias /home/pham/data/houshou/; autoindex on; autoindex_format xml; xslt_string_param title "Houshou Collection!"; xslt_stylesheet layout/gal.xslt; try_files $uri $uri/ =404; auth_basic "You need to login"; auth_basic_user_file /etc/nginx/passwd/houshou; if ($uri ~ ([^/!]+)!(large|lg|md)$ ) { set $filename /home/pham/data/houshou/$1; set $img_version $2; rewrite ^ /thumbnail; } } location ^~ /houshou2 { alias /home/pham/data/houshou2/; autoindex on; autoindex_format xml; xslt_string_param title "Houshou Collection!"; #xslt_stylesheet layout/simple-gal.xslt; xslt_stylesheet layout/gal.xslt; try_files $uri $uri/ =404; if ($uri ~ ([^/!]+)!(large|lg|md)$ ) { set $filename /home/pham/data/houshou2/$1; set $img_version $2; rewrite ^ /thumbnail; } } location /rescue { root /home/pham; auth_basic "You need to login"; auth_basic_user_file /etc/nginx/passwd/rescue; } # location /upload/ { # proxy_pass http://127.0.0.1:8000/; # } #rewrite ^/up$ /up/; #location /up/ { # proxy_set_header X-Forwarded-Proto https; # proxy_set_header Referer $host/up/; # proxy_pass http://127.0.0.1:8080/; # client_max_body_size 1g; #} #location = /_validate_token { # internal; # if ($token = "") { # return 401; # Unauthorized # } # if ($api_client_name = "") { # return 403; # Forbidden # } # return 204; # OK (no content) #} } # git server server { server_name git.topo.tw; listen 80; listen 443 ssl; ssl_certificate /etc/nginx/ssl/git.topo.tw/fullchain.cer; ssl_certificate_key /etc/nginx/ssl/git.topo.tw/git.topo.tw.key; root /usr/share/webapps/cgit; try_files $uri @cgit; location @cgit { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/cgit/cgit.cgi; fastcgi_param PATH_INFO $uri; fastcgi_param QUERY_STRING $args; fastcgi_param HTTP_HOST $server_name; fastcgi_pass unix:/run/fcgiwrap.sock; } location = /favicon.ico { alias /srv/http/favicon.ico; } location = /logo.svg { alias /home/pham/site/git/assets/logo.svg; } # Configure HTTP transport #location ~ /.+/(info/refs|git-upload-pack) { # include fastcgi_params; # fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; # fastcgi_param PATH_INFO $uri; # fastcgi_param GIT_HTTP_EXPORT_ALL 1; # fastcgi_param GIT_PROJECT_ROOT /srv/git; # fastcgi_param HOME /srv/git; # fastcgi_pass unix:/run/fcgiwrap.sock; #} } # Block all direct accesses via IP address #server { # server_name "~[\d\.]+"; # listen 80; # error_page 404 /404.html; # return 404; #} ## Redirect 80 to 443 #server { # if ($host = topo.tw) { # return 301 https://$host$request_uri; # } # managed by Certbot # # # #listen 80; # server_name topo.tw; # return 301 https://$host$request_uri; # # #} ## Forward Proxy #server { # resolver 8.8.8.8; # listen 13288; # # proxy_connect; # proxy_connect_allow 443 563; # proxy_connect_connect_timeout 10s; # proxy_connect_read_timeout 10s; # proxy_connect_send_timeout 10s; # location / { # proxy_pass http://$host; # proxy_set_header Host $host; # } #} #server { # server_name demo.topo.tw; # root /; # # location / { # index /home/pham/git/vps/demo/client.sh; # add_header Content-Type text/plain; # } # #listen 80; #}