config refactor, renames

2026-05-21 22:12:15 +00:00 · 2024-08-29 01:50:52 +02:00
parent 939b782830
commit f55d9f1c8b
10 changed files with 34 additions and 20 deletions
--- a/scripts/http_host/http_host_lib/nginx_confs/le.conf
+++ b/scripts/http_host/http_host_lib/nginx_confs/le.conf
@@ -0,0 +1,44 @@
+server {
+    server_name __LOCAL__ __DOMAIN__;
+
+    # ssl: https://ssl-config.mozilla.org / intermediate config
+
+    listen 80;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+
+    ssl_certificate /data/nginx/certs/ofm_le.cert;
+    ssl_certificate_key /data/nginx/certs/ofm_le.key;
+
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
+    ssl_session_tickets off;
+
+    ssl_dhparam /etc/nginx/ffdhe2048.txt;
+
+    # intermediate configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+    ssl_prefer_server_ciphers off;
+
+    # access log disabled by default
+    access_log /data/ofm/http_host/logs_nginx/le-access.jsonl access_json buffer=32k;
+    #access_log off;
+
+    error_log /data/ofm/http_host/logs_nginx/le-error.log;
+
+    location ^~ /.well-known/acme-challenge/ {
+        # trailing slash
+        root /data/nginx/acme-challenges;
+        try_files $uri =404;
+    }
+
+    __LOCATION_BLOCKS__
+
+    # catch-all block to deny all other requests
+    location / {
+        deny all;
+        error_log /data/ofm/http_host/logs_nginx/__LOCAL__-error.log error;
+    }
+}
--- a/scripts/http_host/http_host_lib/nginx_confs/ledns.conf
+++ b/scripts/http_host/http_host_lib/nginx_confs/ledns.conf
@@ -0,0 +1,38 @@
+server {
+    server_name __LOCAL__ __DOMAIN__;
+
+    # ssl: https://ssl-config.mozilla.org / intermediate config
+
+    listen 80;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+
+    ssl_certificate /data/nginx/certs/ofm_ledns.cert;
+    ssl_certificate_key /data/nginx/certs/ofm_ledns.key;
+
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
+    ssl_session_tickets off;
+
+    ssl_dhparam /etc/nginx/ffdhe2048.txt;
+
+    # intermediate configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+    ssl_prefer_server_ciphers off;
+
+    # access log disabled by default
+    access_log /data/ofm/http_host/logs_nginx/ledns-access.jsonl access_json buffer=32k;
+    #access_log off;
+
+    error_log /data/ofm/http_host/logs_nginx/ledns-error.log;
+
+    __LOCATION_BLOCKS__
+
+    # catch-all block to deny all other requests
+    location / {
+        deny all;
+        error_log /data/ofm/http_host/logs_nginx/__LOCAL__-error.log error;
+    }
+}
--- a/scripts/http_host/http_host_lib/nginx_confs/location_static.conf
+++ b/scripts/http_host/http_host_lib/nginx_confs/location_static.conf
@@ -0,0 +1,64 @@
+location /fonts/ {
+    # trailing slash
+
+    alias /data/ofm/http_host/assets/fonts/ofm/; # trailing slash
+    try_files $uri =404;
+
+    expires 1w;
+
+    add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header Cache-Control public;
+}
+
+location /styles/ {
+    # trailing slash
+
+    alias /data/ofm/http_host/assets/styles/ofm/; # trailing slash
+    try_files $uri.json =404;
+
+    expires 1d;
+    default_type application/json;
+
+    add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header Cache-Control public;
+}
+
+location /natural_earth/ {
+    # trailing slash
+
+    alias /data/ofm/http_host/assets/natural_earth/ofm/; # trailing slash
+    try_files $uri =404;
+
+    expires 10y;
+
+    add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header Cache-Control public;
+}
+
+location /sprites/ {
+    # trailing slash
+
+    alias /data/ofm/http_host/assets/sprites/; # trailing slash
+    try_files $uri =404;
+
+    expires 10y;
+
+    add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header Cache-Control public;
+}
+
+
+# we need to handle missing tiles as valid request returning empty string
+location @empty_tile {
+    return 200 '';
+
+    expires 10y;
+    default_type application/vnd.mapbox-vector-tile;
+
+    add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header Cache-Control public;
+}
+
+location = / {
+    return 302 https://openfreemap.org;
+}