diff options
| author | Xiao Pan <xyz@flylightning.xyz> | 2025-07-10 08:08:59 +0000 |
|---|---|---|
| committer | Xiao Pan <xyz@flylightning.xyz> | 2025-07-10 08:08:59 +0000 |
| commit | 5abb40c5be90e5257cdfae51c165f00c5398f32c (patch) | |
| tree | 40a115444d89d6f6c82b854c185790686d0bdb95 /etc/nginx | |
| parent | 673c18cbf2c80de0aa5aa03b24cd026cf742412b (diff) | |
starting to move studio website to ca, now moving configs
Diffstat (limited to 'etc/nginx')
| -rw-r--r-- | etc/nginx/nginx.conf | 190 |
1 files changed, 190 insertions, 0 deletions
diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf new file mode 100644 index 00000000..a837cf54 --- /dev/null +++ b/etc/nginx/nginx.conf @@ -0,0 +1,190 @@ + +#user http; +worker_processes 1; + +#error_log logs/error.log; +#error_log logs/error.log notice; +#error_log logs/error.log info; + +#pid logs/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include mime.types; + default_type application/octet-stream; + + #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; + + #access_log logs/access.log main; + + sendfile on; + #tcp_nopush on; + + #keepalive_timeout 0; + keepalive_timeout 65; + + #gzip on; + + # nginx warning in journal or `sudo nginx -t`: "could not build optimal types_hash, you should increase either types_hash_max_size: 1024 or types_hash_bucket_size: 64; ignoring types_hash_bucket_size" + # default is 1024, I increased to 2048 and still throws warning, I increase 4096 and warning is gone + # not fully understood + # https://wiki.archlinux.org/title/nginx#Warning:_Could_not_build_optimal_types_hash + # https://nginx.org/en/docs/http/ngx_http_core_module.html + # https://nginx.org/en/docs/hash.html + # https://nginx.org/en/docs/http/server_names.html + types_hash_max_size 4096; + + server { + listen 80; + # needed for ipv6 + listen [::]:80; + # https://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server + listen 443 ssl; + listen [::]:443 ssl; + server_name flylightning.xyz; + + ssl_certificate /etc/nginx/flylightning.pem; + ssl_certificate_key /etc/nginx/flylightning.key; + + #charset koi8-r; + + #access_log logs/host.access.log main; + + location / { + root /srv/http/master; + index index.html; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + #error_page 500 502 503 504 /50x.html; + #location = /50x.html { + # root /usr/share/nginx/html; + #} + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + } + + + # another virtual host using mix of IP-, name-, and port-based configuration + # + #server { + # listen 8000; + # listen somename:8080; + # server_name somename alias another.alias; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + + + # HTTPS server + # + #server { + # listen 443 ssl; + # server_name localhost; + + # ssl_certificate cert.pem; + # ssl_certificate_key cert.key; + + # ssl_session_cache shared:SSL:1m; + # ssl_session_timeout 5m; + + # ssl_ciphers HIGH:!aNULL:!MD5; + # ssl_prefer_server_ciphers on; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + + server { + listen 80; + listen [::]:80; + listen 443 ssl; + listen [::]:443 ssl; + server_name mirrors.flylightning.xyz; + + ssl_certificate /etc/nginx/flylightning.pem; + ssl_certificate_key /etc/nginx/flylightning.key; + + location / { + root /srv/http/mirrors; + autoindex on; + } + } + + # https://wiki.archlinux.org/title/Cgit#Using_uwsgi + # https://wiki.gentoo.org/wiki/User:Halcon/HOWTO_cgit_uwsgi_nginx + # https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html + # https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html + # https://stackoverflow.com/questions/16182421/cgit-and-nginx-url-rewrite + server { + listen 80; + listen [::]:80; + listen 443 ssl; + listen [::]:443 ssl; + server_name git.flylightning.xyz; + root /usr/share/webapps/cgit; + + ssl_certificate /etc/nginx/flylightning.pem; + ssl_certificate_key /etc/nginx/flylightning.key; + + # about nginx location regex: + # - https://nginx.org/en/docs/http/ngx_http_core_module.html#location + # - https://stackoverflow.com/a/59846239 + # - note in nginx / only means / and no other meaning, so no need \/ + # - ~ means case-sensitive regex + # about (?:) non-capturing group: + # - https://manifold.net/doc/radian/why_do_non-capture_groups_exist_.htm + # - non-capturing group won't capture things inside () which may use later like in sed \1 + # - note: I don't think sed support ?: , because POSIX ERE and BRE doesn't seem to support ?: + # - maybe improve a little bit performance by not storing things (not tested, also I did not read the source code) + # Serve static files with nginx + location ~ ^/(?:cgit\.(?:css|png)|robots\.txt|highlight\.css|mycgit\.css)$ { + root /usr/share/webapps/cgit; + expires 30d; + } + location / { + include uwsgi_params; + uwsgi_modifier1 9; + uwsgi_pass unix:/run/uwsgi/cgit.sock; + } + } + +} + +# vim: expandtab |