# ################################################ ### Managed by someone's ansible provisioner ### ################################################ # Part of: https://git.somenet.org/root/pub/somesible.git # 2017-2024 by someone # server { listen 443 ssl default_server http2; listen [::]:443 ssl default_server http2; server_name _; ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!SHA256:!SHA384; ssl_prefer_server_ciphers on; # ssl_dhparam /etc/nginx/dhparams.pem; ssl_session_cache shared:SSL:10m; ### location ^~ /.well-known/acme-challenge { alias /var/www/html/dehydrated; } ### ### location /nginx_status { stub_status; allow 127.0.0.1; allow ::1; deny all; } ### ### location ~ /\.(?!well-known\/).* { return 404; } ### ### location = /robots.txt { root /var/www/; try_files /html/$uri =404; } ### ### location ^~ /awstats-icon { alias /usr/share/awstats/icon/; auth_pam "awstats"; auth_pam_service_name "nginx-awstats"; access_log off; } location = /awstats.pl { root /usr/lib/cgi-bin/; auth_pam "awstats"; auth_pam_service_name "nginx-awstats"; access_log off; gzip off; include fastcgi_params; fastcgi_pass unix:/var/run/fcgiwrap.socket; fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/awstats.pl; } ### } server { listen 80 default_server; listen [::]:80 default_server; server_name _; ### location ^~ /.well-known/acme-challenge { alias /var/www/html/dehydrated; } ### ### location /nginx_status { stub_status; allow 127.0.0.1; allow ::1; deny all; } ### # redirect everything to https except for /.well-known/acme-challenge and /nginx_status location / { return 301 https://$host$request_uri; } }