forked from monero-project/monero-site
-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx.conf
257 lines (201 loc) · 7.23 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
# This is included as an example of a config file that works for the site. This is important so that anyone can re-host it in the event of something going wrong with the main site.
# The main takeaways from this config file are the redirects, everything is relatively bog standard.
server {
listen 80;
# Specify this vhost's domain name
server_name dlsrc.getmonero.org downloads.getmonero.orgdlsrc.monero.mu downloads.monero.mu downloads.monero.cc;
return 301 https://$server_name$request_uri;
}
server {
listen 80;
listen 443 ssl http2;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
# Specify this vhost's domain name
server_name updates.getmonero.org dlsrc.getmonero.org downloads.getmonero.org updates.monero.mu dlsrc.monero.mu downloads.monero.mu downloads.monero.cc;
root /var/www/downloads.getmonero.org/webroot;
index index.php index.html index.htm;
# Specify log locations for current site
access_log off;
error_log /var/log/nginx/default-site.log warn;
# Let's not give away too much info:
error_page 403 = 404;
# These are the restrictions I generally have on
# Disable logging for favicon
location = /favicon.ico {
log_not_found off;
access_log off;
}
# Disable logging for robots.txt
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(ico|css|js|gif|jpe?g|png)$
{
expires 31536000s;
access_log off;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "max-age=31536000, public";
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# End of general restrictions
# Downloads!
location /win64 {
rewrite ^ /cli/monero-win-x64-v0.13.0.2.zip redirect;
}
location /win32 {
rewrite ^ /cli/monero-win-x86-v0.13.0.2.zip redirect;
}
location /mac64 {
rewrite ^ /cli/monero-mac-x64-v0.13.0.2.tar.bz2 redirect;
}
location /linux64 {
rewrite ^ /cli/monero-linux-x64-v0.13.0.2.tar.bz2 redirect;
}
location /linux32 {
rewrite ^ /cli/monero-linux-x86-v0.13.0.2.tar.bz2 redirect;
}
location /linuxarm7 {
rewrite ^ /cli/monero-linux-armv7-v0.13.0.2.tar.bz2 redirect;
}
location /linuxarm8 {
rewrite ^ /cli/monero-linux-armv8-v0.13.0.2.tar.bz2 redirect;
}
location /freebsd64 {
rewrite ^ /cli/monero-freebsd-x64-v0.13.0.2.tar.bz2 redirect;
}
location /dragonflybsd64 {
rewrite ^ /cli/monero-dragonflybsd-x64-v0.13.0.2.tar.bz2 redirect;
}
# GUI downloads
location /gui/win64 {
rewrite ^ /gui/monero-gui-win-x64-v0.13.0.2.zip redirect;
}
location /gui/mac64 {
rewrite ^ /gui/monero-gui-mac-x64-v0.13.0.2.tar.bz2 redirect;
}
location /gui/linux64 {
rewrite ^ /gui/monero-gui-linux-x64-v0.13.0.2.tar.bz2 redirect;
}
location /gui/linux32 {
rewrite ^ /gui/monero-gui-linux-x86-v0.13.0.2.tar.bz2 redirect;
}
# Other download redirects
location /cli/win64 {
rewrite ^ /win64 permanent;
}
location /cli/win32 {
rewrite ^ /win32 permanent;
}
location /cli/mac64 {
rewrite ^ /mac64 permanent;
}
location /cli/linux64 {
rewrite ^ /linux64 permanent;
}
location /cli/linux32 {
rewrite ^ /linux32 permanent;
}
location /cli/linuxarm7 {
rewrite ^ /linuxarm7 permanent;
}
location /cli/linuxarm8 {
rewrite ^ /linuxarm8 permanent;
}
location /cli/freebsd64 {
rewrite ^ /freebsd64 permanent;
}
location /cli/dragonflybsd64 {
rewrite ^ /dragonflybsd64 permanent;
}
location /win {
rewrite ^ /win64 permanent;
}
location /mac {
rewrite ^ /mac64 permanent;
}
location /linux {
rewrite ^ /linux64 permanent;
}
location /freebsd {
rewrite ^ /freebsd64 permanent;
}
location /dragonflybsd {
rewrite ^ /dragonflybsd64 permanent;
}
location /arm {
rewrite ^ /linuxarm7 permanent;
}
location /arm64 {
rewrite ^ /linuxarm8 permanent;
}
location /arm7 {
rewrite ^ /linuxarm7 permanent;
}
location /arm8 {
rewrite ^ /linuxarm8 permanent;
}
location /monero.win.x64.latest.zip {
rewrite ^ /win64 permanent;
}
location /monero.win.x32.latest.zip {
rewrite ^ /win32 permanent;
}
location /monero.mac.x64.latest.tar.bz2 {
rewrite ^ /mac64 permanent;
}
location /monero.linux.x64.latest.tar.bz2 {
rewrite ^ /linux64 permanent;
}
location /monero.linux.x86.latest.tar.bz2 {
rewrite ^ /linux86 permanent;
}
location /monero.linux.arm7.latest.tar.bz2 {
rewrite ^ /linuxarm7 permanent;
}
location /monero.linux.arm8.latest.tar.bz2 {
rewrite ^ /linuxarm8 permanent;
}
location /monero.freebsd.x64.latest.tar.bz2 {
rewrite ^ /freebsd64 permanent;
}
location /monero.dragonflybsd.x64.latest.tar.bz2 {
rewrite ^ /dragonflybsd64 permanent;
}
location / {
try_files $uri $uri/ $uri.php $uri.htm $uri.html =404;
index index.html index.htm index.php;
# post_action @download_complete;
}
# location @download_complete {
# resolver 8.8.8.8;
# proxy_pass http://statcounter.monero.cc/stat_counter.php?zz=yy&status=$request_completion&uri=$uri&remote_addr=$remote_addr&http_x_forwarded_for=$http_x_forwarded_for&body_bytes_sent=$body_bytes_sent&request_time=$request_time&scheme=$scheme&server_name=$server_name&http_user_agent=$http_user_agent;
# internal;
# }
# Block for processing PHP files
# Specifically matches URIs ending in .php
location ~ \.php$ {
try_files $uri =404;
# Fix for server variables that behave differently under nginx/php-fpm than typically expected
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Include the standard fastcgi_params file included with nginx
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_index index.php;
# Override the SCRIPT_FILENAME variable set by fastcgi_params
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# Pass to upstream PHP-FPM; This must match whatever you name your upstream connection
fastcgi_pass phpfpm;
}
}