# This is included as an example of a config file that works for the site. This is important so that anyone can re-host it in the event of something going wrong with the main site. # The main takeaways from this config file are the redirects, everything is relatively bog standard. server { listen 80; # Specify this vhost's domain name server_name dlsrc.getmonero.org downloads.getmonero.orgdlsrc.monero.mu downloads.monero.mu downloads.monero.cc; return 301 https://$server_name$request_uri; } server { listen 80; listen 443 ssl http2; ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; ssl_prefer_server_ciphers on; # Specify this vhost's domain name server_name updates.getmonero.org dlsrc.getmonero.org downloads.getmonero.org updates.monero.mu dlsrc.monero.mu downloads.monero.mu downloads.monero.cc; root /var/www/downloads.getmonero.org/webroot; index index.php index.html index.htm; # Specify log locations for current site access_log off; error_log /var/log/nginx/default-site.log warn; # Let's not give away too much info: error_page 403 = 404; # These are the restrictions I generally have on # Disable logging for favicon location = /favicon.ico { log_not_found off; access_log off; } # Disable logging for robots.txt location = /robots.txt { allow all; log_not_found off; access_log off; } location ~* \.(ico|css|js|gif|jpe?g|png)$ { expires 31536000s; access_log off; log_not_found off; add_header Pragma public; add_header Cache-Control "max-age=31536000, public"; } # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). location ~ /\. { deny all; access_log off; log_not_found off; } # End of general restrictions # Downloads! location /win64 { rewrite ^ /cli/monero-win-x64-v0.13.0.2.zip redirect; } location /win32 { rewrite ^ /cli/monero-win-x86-v0.13.0.2.zip redirect; } location /mac64 { rewrite ^ /cli/monero-mac-x64-v0.13.0.2.tar.bz2 redirect; } location /linux64 { rewrite ^ /cli/monero-linux-x64-v0.13.0.2.tar.bz2 redirect; } location /linux32 { rewrite ^ /cli/monero-linux-x86-v0.13.0.2.tar.bz2 redirect; } location /linuxarm7 { rewrite ^ /cli/monero-linux-armv7-v0.13.0.2.tar.bz2 redirect; } location /linuxarm8 { rewrite ^ /cli/monero-linux-armv8-v0.13.0.2.tar.bz2 redirect; } location /freebsd64 { rewrite ^ /cli/monero-freebsd-x64-v0.13.0.2.tar.bz2 redirect; } location /dragonflybsd64 { rewrite ^ /cli/monero-dragonflybsd-x64-v0.13.0.2.tar.bz2 redirect; } # GUI downloads location /gui/win64 { rewrite ^ /gui/monero-gui-win-x64-v0.13.0.2.zip redirect; } location /gui/mac64 { rewrite ^ /gui/monero-gui-mac-x64-v0.13.0.2.tar.bz2 redirect; } location /gui/linux64 { rewrite ^ /gui/monero-gui-linux-x64-v0.13.0.2.tar.bz2 redirect; } location /gui/linux32 { rewrite ^ /gui/monero-gui-linux-x86-v0.13.0.2.tar.bz2 redirect; } # Other download redirects location /cli/win64 { rewrite ^ /win64 permanent; } location /cli/win32 { rewrite ^ /win32 permanent; } location /cli/mac64 { rewrite ^ /mac64 permanent; } location /cli/linux64 { rewrite ^ /linux64 permanent; } location /cli/linux32 { rewrite ^ /linux32 permanent; } location /cli/linuxarm7 { rewrite ^ /linuxarm7 permanent; } location /cli/linuxarm8 { rewrite ^ /linuxarm8 permanent; } location /cli/freebsd64 { rewrite ^ /freebsd64 permanent; } location /cli/dragonflybsd64 { rewrite ^ /dragonflybsd64 permanent; } location /win { rewrite ^ /win64 permanent; } location /mac { rewrite ^ /mac64 permanent; } location /linux { rewrite ^ /linux64 permanent; } location /freebsd { rewrite ^ /freebsd64 permanent; } location /dragonflybsd { rewrite ^ /dragonflybsd64 permanent; } location /arm { rewrite ^ /linuxarm7 permanent; } location /arm64 { rewrite ^ /linuxarm8 permanent; } location /arm7 { rewrite ^ /linuxarm7 permanent; } location /arm8 { rewrite ^ /linuxarm8 permanent; } location /monero.win.x64.latest.zip { rewrite ^ /win64 permanent; } location /monero.win.x32.latest.zip { rewrite ^ /win32 permanent; } location /monero.mac.x64.latest.tar.bz2 { rewrite ^ /mac64 permanent; } location /monero.linux.x64.latest.tar.bz2 { rewrite ^ /linux64 permanent; } location /monero.linux.x86.latest.tar.bz2 { rewrite ^ /linux86 permanent; } location /monero.linux.arm7.latest.tar.bz2 { rewrite ^ /linuxarm7 permanent; } location /monero.linux.arm8.latest.tar.bz2 { rewrite ^ /linuxarm8 permanent; } location /monero.freebsd.x64.latest.tar.bz2 { rewrite ^ /freebsd64 permanent; } location /monero.dragonflybsd.x64.latest.tar.bz2 { rewrite ^ /dragonflybsd64 permanent; } location / { try_files $uri $uri/ $uri.php $uri.htm $uri.html =404; index index.html index.htm index.php; # post_action @download_complete; } # location @download_complete { # resolver 8.8.8.8; # proxy_pass http://statcounter.monero.cc/stat_counter.php?zz=yy&status=$request_completion&uri=$uri&remote_addr=$remote_addr&http_x_forwarded_for=$http_x_forwarded_for&body_bytes_sent=$body_bytes_sent&request_time=$request_time&scheme=$scheme&server_name=$server_name&http_user_agent=$http_user_agent; # internal; # } # Block for processing PHP files # Specifically matches URIs ending in .php location ~ \.php$ { try_files $uri =404; # Fix for server variables that behave differently under nginx/php-fpm than typically expected fastcgi_split_path_info ^(.+\.php)(/.+)$; # Include the standard fastcgi_params file included with nginx include fastcgi_params; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_index index.php; # Override the SCRIPT_FILENAME variable set by fastcgi_params fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # Pass to upstream PHP-FPM; This must match whatever you name your upstream connection fastcgi_pass phpfpm; } }