# This is included as an example of a config file that works for the site. This is important so that anyone can re-host it in the event of something going wrong with the main site. # The main takeaways from this config file are the redirects, everything is relatively bog standard. server { listen 80; listen 443 ssl http2; ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; ssl_prefer_server_ciphers on; # Specify this vhost's domain name server_name updates.getmonero.org downloads.getmonero.org downloads.monero.cc; root /var/www/downloads.getmonero.org/webroot; index index.php index.html index.htm; # Specify log locations for current site access_log off; error_log /var/log/nginx/default-site.log warn; # Let's not give away too much info: error_page 403 = 404; # These are the restrictions I generally have on # Disable logging for favicon location = /favicon.ico { log_not_found off; access_log off; } # Disable logging for robots.txt location = /robots.txt { allow all; log_not_found off; access_log off; } location ~* \.(ico|css|js|gif|jpe?g|png)$ { expires 31536000s; access_log off; log_not_found off; add_header Pragma public; add_header Cache-Control "max-age=31536000, public"; } # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). location ~ /\. { deny all; access_log off; log_not_found off; } # End of general restrictions # Downloads! location /win64 { rewrite ^ /cli/monero-win-x64-v0.10.3.1.zip redirect; } location /win32 { rewrite ^ /cli/monero-win-x86-v0.10.3.1.zip redirect; } location /mac64 { rewrite ^ /cli/monero-mac-x64-v0.10.3.1.tar.bz2 redirect; } location /linux64 { rewrite ^ /cli/monero-linux-x64-v0.10.3.1.tar.bz2 redirect; } location /linux32 { rewrite ^ /cli/monero-linux-x86-v0.10.3.1.tar.bz2 redirect; } location /linuxarm7 { rewrite ^ /cli/monero-linux-armv7-v0.10.3.1.tar.bz2 redirect; } location /linuxarm8 { rewrite ^ /cli/monero-linux-armv8-v0.10.3.1.tar.bz2 redirect; } location /freebsd64 { rewrite ^ /cli/monero-freebsd-x64-v0.10.3.1.tar.bz2 redirect; } location /dragonflybsd64 { rewrite ^ /cli/monero-dragonflybsd-x64-v0.10.3.1.tar.bz2 redirect; } # GUI downloads location /gui/win64 { rewrite ^ /gui/monero-win-x64-v0.10.3.1.zip redirect; } location /gui/mac64 { rewrite ^ /gui/monero-mac-x64-v0.10.3.1.tar.bz2 redirect; } location /gui/linux64 { rewrite ^ /gui/monero-linux-x64-v0.10.3.1.tar.bz2 redirect; } location /gui/linux32 { rewrite ^ /gui/monero-linux-x86-v0.10.3.1.tar.bz2 redirect; } # Other download redirects location /cli/win64 { rewrite ^ /win64 permanent; } location /cli/win32 { rewrite ^ /win32 permanent; } location /cli/mac64 { rewrite ^ /mac64 permanent; } location /cli/linux64 { rewrite ^ /linux64 permanent; } location /cli/linux32 { rewrite ^ /linux32 permanent; } location /cli/linuxarm7 { rewrite ^ /linuxarm7 permanent; } location /cli/linuxarm8 { rewrite ^ /linuxarm8 permanent; } location /cli/freebsd64 { rewrite ^ /freebsd64 permanent; } location /cli/dragonflybsd64 { rewrite ^ /dragonflybsd64 permanent; } location /win { rewrite ^ /win64 permanent; } location /mac { rewrite ^ /mac64 permanent; } location /linux { rewrite ^ /linux64 permanent; } location /freebsd { rewrite ^ /freebsd64 permanent; } location /dragonflybsd { rewrite ^ /dragonflybsd64 permanent; } location /arm { rewrite ^ /linuxarm7 permanent; } location /arm64 { rewrite ^ /linuxarm8 permanent; } location /arm7 { rewrite ^ /linuxarm7 permanent; } location /arm8 { rewrite ^ /linuxarm8 permanent; } location /monero.win.x64.latest.zip { rewrite ^ /win64 permanent; } location /monero.win.x32.latest.zip { rewrite ^ /win32 permanent; } location /monero.mac.x64.latest.tar.bz2 { rewrite ^ /mac64 permanent; } location /monero.linux.x64.latest.tar.bz2 { rewrite ^ /linux64 permanent; } location /monero.linux.x86.latest.tar.bz2 { rewrite ^ /linux86 permanent; } location /monero.linux.arm7.latest.tar.bz2 { rewrite ^ /linuxarm7 permanent; } location /monero.linux.arm8.latest.tar.bz2 { rewrite ^ /linuxarm8 permanent; } location /monero.freebsd.x64.latest.tar.bz2 { rewrite ^ /freebsd64 permanent; } location /monero.dragonflybsd.x64.latest.tar.bz2 { rewrite ^ /dragonflybsd64 permanent; } location / { try_files $uri $uri/ $uri.php $uri.htm $uri.html =404; index index.html index.htm index.php; } # Block for processing PHP files # Specifically matches URIs ending in .php location ~ \.php$ { try_files $uri =404; # Fix for server variables that behave differently under nginx/php-fpm than typically expected fastcgi_split_path_info ^(.+\.php)(/.+)$; # Include the standard fastcgi_params file included with nginx include fastcgi_params; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_index index.php; # Override the SCRIPT_FILENAME variable set by fastcgi_params fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # Pass to upstream PHP-FPM; This must match whatever you name your upstream connection fastcgi_pass phpfpm; } }