Author: Pedro Lucas Porcellis <porcellis@eletrotupi.com>
Added (mostly) raw nginx file This is a slightly modified copy of the live version today
nginx/cirandas | 197 ++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/nginx/cirandas b/nginx/cirandas new file mode 100644 index 0000000000000000000000000000000000000000..54cf32d253bfc53f28283a4fa27202b2509d98c9 --- /dev/null +++ b/nginx/cirandas @@ -0,0 +1,197 @@ +## MAIN ADDRESS wwW REMOVAL +server { + listen 80; +# listen 443 ssl; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + + server_name www.cirandas.net; + rewrite ^ $scheme://cirandas.net$request_uri?; +} + +## CUSTOM DOMAINS WWW REMOVAL +server { + listen 80; + listen 443 ssl; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + + server_name www.bhakta.cirandas.net; + rewrite ^ $scheme://bhakta.cirandas.net$request_uri?; +} +server { + listen 80; + listen 443 ssl; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + + server_name www.redemoinho.coop.br; + rewrite ^ $scheme://redemoinho.coop.br$request_uri?; +} +server { + listen 80; + listen 443 ssl; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + + server_name www.facesdobrasil.org.br; + rewrite ^ $scheme://facesdobrasil.org.br$request_uri?; +} +server { + listen 80; + listen 443 ssl; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + + server_name www.redeprosolidarios.org.br; + rewrite ^ $scheme://redeprosolidarios.org.br$request_uri?; +} +server { + listen 80; + listen 443 ssl; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + + server_name www.eita.org.br; + rewrite ^ $scheme://eita.org.br$request_uri?; +} +server { + listen 80; + listen 443 ssl; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + + server_name www.recantico.com.br; + rewrite ^ $scheme://recantico.com.br$request_uri?; +} +server { + listen 80; + listen 443 ssl; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + + server_name www.dialogoseconvergencias.org; + rewrite ^ $scheme://dialogoseconvergencias.org$request_uri?; +} +server { + listen 80; + listen 443 ssl; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + + server_name www.canore.coop.br; + rewrite ^ $scheme://canore.coop.br$request_uri?; +} +server { + listen 80; + listen 443 ssl; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + + server_name www.unicafes.org.br; + rewrite ^ $scheme://unicafes.org.br$request_uri?; +} +server { + listen 80; + listen 443 ssl; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + + server_name www.artgravata.com.br; + rewrite ^ $scheme://artgravata.com.br$request_uri?; +} +server { + listen 80; + listen 443 ssl; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + + server_name www.terramirim.org.br; + rewrite ^ $scheme://terramirim.org.br$request_uri?; +} +server { + listen 80; + listen 443 ssl; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + + server_name www.amabor.org.br; + rewrite ^ $scheme://amabor.org.br$request_uri?; +} +server { + listen 80; + listen 443 ssl; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + + server_name www.serdosertao.coop.br; + rewrite ^ $scheme://serdosertao.coop.br$request_uri?; +} +server { + listen 80; + listen 443 ssl; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + + server_name www.feiradamatacafat.com.br; + rewrite ^ $scheme://feiradamatacafat.com.br$request_uri?; +} + +## REDIRECTS + +upstream cirandas { + server unix:/home/cirandas/run/unicorn.sock; + + keepalive 64; +} + + + +server { + listen 80; + listen 443 ssl default_server; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_certificate /etc/ssl/certs/cirandas-net.chained.crt; + ssl_certificate_key /etc/ssl/private/cirandas-net.key; + + server_name bhakta.cirandas.net cirandas.net bhakta.cirandas.net redemoinho.coop.br facesdobrasil.org.br redeprosolidarios.org.br eita.org.br recantico.com.br dialogoseconvergencias.org canore.coop.br unicafes.org.br artgravata.com.br terramirim.org.br amabor.org.br serdosertao.coop.br feiradamatacafat.com.br; + port_in_redirect off; + root /home/cirandas/noosfero-ecosol/public; + + + if (-f $document_root/maintenance.html) { + return 503; + } + error_page 503 @maintenance; + location @maintenance { + rewrite ^(.*)$ /maintenance.html break; + } + + access_log /home/cirandas/log/access.log combined; + error_log /home/cirandas/log/error.log; + + location ~ '.+\.php$' { + return 404; + } + + location ~ '/assets/.+-[^\.]{64}\..+$' { + add_header Cache-Control public; + expires 1y; + try_files $uri @proxy; + } + + location / { + if ($http_user_agent = "") { + return 403; + } + if ($http_user_agent = "-") { + return 403; + } + + # Also handled on the robots.txt file + if ($http_user_agent ~ (SemrushBot|msnbot|Purebot|Baiduspider|Lipperhey|Mail.Ru|scrapbot|MJ12bot|AhrefsBot|YandexBot|BDCbot|MegaIndex|UniLeipzigASV|DotBot|Typhoeus|Bingbot) ) { + return 403; + } + + try_files index.html $uri @proxy; + } + + location @proxy { + proxy_buffers 4 256k; + proxy_buffer_size 256k; + proxy_busy_buffers_size 256k; + proxy_temp_file_write_size 256k; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + proxy_pass http://cirandas; + + } +}