-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstatic.conf
133 lines (108 loc) · 3.41 KB
/
static.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#Redirects http://sub.$example_com requests to https://sub.$example_com
server {
listen 80;
listen [::]:80;
server_name ~^(?P<sub>.+)\.$example_com$;
#Handles certbot challenge
location /.well-known/acme-challenge/ {
root /var/www-acme-challenge;
try_files $uri /;
}
#Redirects http://sub.$example_com requests to https://sub.$example_com
location / {
#If subdomain doesn't exist, it returns 444 "No Response".
if (!-d /var/www/$sub/html) {
return 444;
}
return 301 https://$host$request_uri;
}
include h5bp/basic.conf;
}
#Redirects www.sub.$example_com to https://sub.$example_com
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ~^www\.(?P<sub>.+)\.$example_com$;
#Handles certbot challenge
location /.well-known/acme-challenge/ {
root /var/www-acme-challenge;
try_files $uri /;
}
#Redirects http://sub.$example_com requests to https://sub.$example_com
location / {
#If subdomain doesn't exist, it returns 444 "No Response".
if (!-d /var/www/$sub/html) {
return 444;
}
return 301 https://$sub.$example_com$request_uri;
}
include h5bp/basic.conf;
}
#Redirects $example_com to https://www.$example_com
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name $example_com;
#Handles certbot challenge
location /.well-known/acme-challenge/ {
root /var/www-acme-challenge;
try_files $uri /;
}
location / {
return 301 https://www.$example_com$request_uri;
}
include h5bp/basic.conf;
}
#Static gzipped file server by subdomain
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ~^(?P<sub>.+)\.$example_com$;
root /var/www/$sub/html;
error_page 404 /thispagedoesntexist.html;
#try_files will not work: https://trac.nginx.org/nginx/ticket/1570
gzip_static always;
expires 1w;
#Handles certbot challenge
location /.well-known/acme-challenge/ {
root /var/www-acme-challenge;
gzip_static off;
}
location / {
#Handle the case in which the URI file fullname is the extension.
rewrite /\.(html|js|css|png|jpg|jpeg|gif|ico)$ $uri.html break;
#Handle the case in which the URI file fullname has an extension.
rewrite \.(html|js|css|png|jpg|jpeg|gif|ico)$ $uri break;
#Handle the index case
rewrite /$ $uri/index.html break;
#Default: handle the case in which URL file fullname has no extension.
rewrite ^ $uri.html;
}
#Mark 404 page internal
location ~* ^/thispagedoesntexist(.html)?$ {
#If subdomain doesn't exist, return 444 "No Response".
if (!-d /var/www/$sub/html) {
return 444;
}
internal;
}
include h5bp/basic.conf;
}
#Default HTTPS server
server {
listen [::]:443 ssl http2 default_server;
listen 443 ssl http2 default_server;
server_name _;
return 444;
}
ssl_certificate $ssl_certificate;
ssl_certificate_key $ssl_certificate_key;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
include h5bp/ssl/ssl_engine.conf;
include h5bp/ssl/policy_intermediate.conf;
include h5bp/ssl/ocsp_stapling.conf;
include h5bp/web_performance/cache-file-descriptors.conf;