summaryrefslogtreecommitdiffstats
path: root/conf.d
diff options
context:
space:
mode:
Diffstat (limited to 'conf.d')
-rw-r--r--conf.d/00_network.conf1
-rw-r--r--conf.d/01_ipranges.conf5
-rw-r--r--conf.d/02_ssl.conf8
-rw-r--r--conf.d/03_config.conf1
-rw-r--r--conf.d/fossils.conf6
-rw-r--r--conf.d/git.conf13
-rw-r--r--conf.d/ipepdv.conf6
-rw-r--r--conf.d/katrin.conf10
-rw-r--r--conf.d/ufo.conf10
9 files changed, 60 insertions, 0 deletions
diff --git a/conf.d/00_network.conf b/conf.d/00_network.conf
new file mode 100644
index 0000000..0fd88b0
--- /dev/null
+++ b/conf.d/00_network.conf
@@ -0,0 +1 @@
+resolver 141.52.3.3 141.52.8.18;
diff --git a/conf.d/01_ipranges.conf b/conf.d/01_ipranges.conf
new file mode 100644
index 0000000..5bf8ba9
--- /dev/null
+++ b/conf.d/01_ipranges.conf
@@ -0,0 +1,5 @@
+geo $kit_client {
+ default 0;
+ 141.52.64.0/23 1;
+ 192.168.26.0/24 1;
+}
diff --git a/conf.d/02_ssl.conf b/conf.d/02_ssl.conf
new file mode 100644
index 0000000..3b00354
--- /dev/null
+++ b/conf.d/02_ssl.conf
@@ -0,0 +1,8 @@
+ssl_certificate /etc/nginx/certs/localhost.crt;
+ssl_certificate_key /etc/nginx/certs/localhost.key;
+ssl_session_timeout 5m;
+ssl_prefer_server_ciphers on;
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
+
+proxy_ssl_server_name on;
diff --git a/conf.d/03_config.conf b/conf.d/03_config.conf
new file mode 100644
index 0000000..2de9b28
--- /dev/null
+++ b/conf.d/03_config.conf
@@ -0,0 +1 @@
+sub_filter_once off;
diff --git a/conf.d/fossils.conf b/conf.d/fossils.conf
new file mode 100644
index 0000000..a1f47bc
--- /dev/null
+++ b/conf.d/fossils.conf
@@ -0,0 +1,6 @@
+server {
+ listen 80;
+ server_name www.fossils.kit.edu;
+
+ return 301 http://fossils.kaas.kit.edu$request_uri;
+}
diff --git a/conf.d/git.conf b/conf.d/git.conf
new file mode 100644
index 0000000..24fbde0
--- /dev/null
+++ b/conf.d/git.conf
@@ -0,0 +1,13 @@
+server {
+ listen 80;
+ listen 141.52.64.105:443 ssl;
+ server_name git.ipe.kit.edu;
+
+ location / {
+ proxy_pass https://gogs.kaas.kit.edu;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
+
+}
diff --git a/conf.d/ipepdv.conf b/conf.d/ipepdv.conf
new file mode 100644
index 0000000..3654561
--- /dev/null
+++ b/conf.d/ipepdv.conf
@@ -0,0 +1,6 @@
+server {
+ listen 80;
+ server_name ipepdv.ipe.kit.edu;
+
+ include /etc/nginx/pdv.d/*.conf;
+}
diff --git a/conf.d/katrin.conf b/conf.d/katrin.conf
new file mode 100644
index 0000000..420f457
--- /dev/null
+++ b/conf.d/katrin.conf
@@ -0,0 +1,10 @@
+server {
+ listen 80;
+ listen 141.52.64.14:443 ssl;
+ server_name katrin.kit.edu;
+
+ include /etc/nginx/katrin.d/*.conf;
+
+ ssl_certificate /etc/letsencrypt/live/katrin.kit.edu/fullchain.pem; # managed by Certbot
+ ssl_certificate_key /etc/letsencrypt/live/katrin.kit.edu/privkey.pem; # managed by Certbot
+}
diff --git a/conf.d/ufo.conf b/conf.d/ufo.conf
new file mode 100644
index 0000000..cfb2ee1
--- /dev/null
+++ b/conf.d/ufo.conf
@@ -0,0 +1,10 @@
+server {
+ listen 80;
+ listen 141.52.64.54:443 ssl;
+ server_name ufo.kit.edu;
+
+ ssl_certificate /etc/letsencrypt/live/ufo.kit.edu/fullchain.pem; # managed by Certbot
+ ssl_certificate_key /etc/letsencrypt/live/ufo.kit.edu/privkey.pem; # managed by Certbot
+
+ include /etc/nginx/ufo.d/*.conf;
+}
generated by cgit v1.2.1 (git 2.18.0) at 2024-04-29 02:57:50 +0000