initial commit

1 files changed, 115 insertions, 0 deletions

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
new file mode 100644
index 0000000..83b440c
--- /dev/null
+++ b/nginx/nginx.conf
@@ -0,0 +1,115 @@
+load_module /usr/lib/nginx/modules/ngx_http_js_module.so;
+user http;
+worker_processes auto;
+error_log /var/log/nginx/error.log error;
+
+events {
+    worker_connections 1024;
+    multi_accept on;
+}
+
+http {
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    server_tokens off;
+
+    access_log /var/log/nginx/access.log;
+    include mime.types;
+    default_type application/octet-stream;
+    types_hash_max_size 2048;
+    types_hash_bucket_size 128;
+
+    gzip on;
+    gzip_vary on;
+    gzip_comp_level 6;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        '' close;
+    }
+
+    geo $dollar {
+        default "$"; # DIRTY HACKS DONE CHEAP
+    }
+
+    js_import nginx.js;
+    js_shared_dict_zone zone=auth_token_cache:32k timeout=5m evict;
+
+    server {
+        listen 80 default_server;
+        listen [::]:80 default_server;
+
+        default_type text/plain;
+        root /srv/html;
+        index index.html;
+    }
+
+    # dissociate
+    server {
+        listen 80;
+        listen [::]:80;
+        server_name dissociate.mia.jetzt;
+
+        location / {
+            proxy_pass http://localhost:8001;
+            proxy_http_version 1.1;
+        }
+    }
+
+    # git
+    server {
+        listen 80;
+        listen [::]:80;
+        server_name git.mia.jetzt;
+        root /usr/share/webapps/cgit;
+        try_files $uri @cgit;
+        set $required_scope root;
+
+        location ~ /.+/(info/refs|git-upload-pack) {
+            include fastcgi.conf;
+            fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
+            fastcgi_param GIT_PROJECT_ROOT /srv/git;
+            fastcgi_pass unix:/run/fcgiwrap-git.sock;
+        }
+
+        location @cgit {
+            include fastcgi.conf;
+            fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi;
+            fastcgi_param CGIT_CONFIG /etc/cgit/public;
+            fastcgi_pass unix:/run/fcgiwrap-git.sock;
+        }
+
+        location /priv/ {
+            %AUTH_CHECK%
+            rewrite ^/priv/(.*) /$1 break;
+            include fastcgi.conf;
+            fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi;
+            fastcgi_param CGIT_CONFIG /etc/cgit/private;
+            fastcgi_pass unix:/run/fcgiwrap-git.sock;
+        }
+
+        %AUTH_LOCATIONS%
+    }
+
+    # search
+    server {
+        listen 80;
+        listen [::]:80;
+        server_name search.mia.jetzt;
+
+        set $required_scope search;
+
+        location / {
+            %AUTH_CHECK%
+            proxy_pass http://unix:/run/searxng.sock;
+        }
+
+        location /opensearch.xml {
+            proxy_pass http://unix:/run/searxng.sock;
+        }
+
+        %AUTH_LOCATIONS%
+    }
+}