mirror of
https://github.com/monero-project/monero-site.git
synced 2024-12-23 12:09:49 +00:00
257 lines
No EOL
7.2 KiB
Nginx Configuration File
257 lines
No EOL
7.2 KiB
Nginx Configuration File
# This is included as an example of a config file that works for the site. This is important so that anyone can re-host it in the event of something going wrong with the main site.
|
|
# The main takeaways from this config file are the redirects, everything is relatively bog standard.
|
|
|
|
server {
|
|
listen 80;
|
|
|
|
# Specify this vhost's domain name
|
|
server_name dlsrc.getmonero.org downloads.getmonero.orgdlsrc.monero.mu downloads.monero.mu downloads.monero.cc;
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
server {
|
|
listen 80;
|
|
listen 443 ssl http2;
|
|
|
|
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
|
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# Specify this vhost's domain name
|
|
server_name updates.getmonero.org dlsrc.getmonero.org downloads.getmonero.org updates.monero.mu dlsrc.monero.mu downloads.monero.mu downloads.monero.cc;
|
|
root /var/www/downloads.getmonero.org/webroot;
|
|
index index.php index.html index.htm;
|
|
|
|
# Specify log locations for current site
|
|
access_log off;
|
|
error_log /var/log/nginx/default-site.log warn;
|
|
|
|
# Let's not give away too much info:
|
|
error_page 403 = 404;
|
|
|
|
# These are the restrictions I generally have on
|
|
# Disable logging for favicon
|
|
location = /favicon.ico {
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
# Disable logging for robots.txt
|
|
location = /robots.txt {
|
|
allow all;
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
location ~* \.(ico|css|js|gif|jpe?g|png)$
|
|
{
|
|
expires 31536000s;
|
|
access_log off;
|
|
log_not_found off;
|
|
add_header Pragma public;
|
|
add_header Cache-Control "max-age=31536000, public";
|
|
}
|
|
|
|
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
|
|
location ~ /\. {
|
|
deny all;
|
|
access_log off;
|
|
log_not_found off;
|
|
}
|
|
# End of general restrictions
|
|
|
|
# Downloads!
|
|
location /win64 {
|
|
rewrite ^ /cli/monero-win-x64-v0.13.0.2.zip redirect;
|
|
}
|
|
|
|
location /win32 {
|
|
rewrite ^ /cli/monero-win-x86-v0.13.0.2.zip redirect;
|
|
}
|
|
|
|
location /mac64 {
|
|
rewrite ^ /cli/monero-mac-x64-v0.13.0.2.tar.bz2 redirect;
|
|
}
|
|
|
|
location /linux64 {
|
|
rewrite ^ /cli/monero-linux-x64-v0.13.0.2.tar.bz2 redirect;
|
|
}
|
|
|
|
location /linux32 {
|
|
rewrite ^ /cli/monero-linux-x86-v0.13.0.2.tar.bz2 redirect;
|
|
}
|
|
|
|
location /linuxarm7 {
|
|
rewrite ^ /cli/monero-linux-armv7-v0.13.0.2.tar.bz2 redirect;
|
|
}
|
|
|
|
location /linuxarm8 {
|
|
rewrite ^ /cli/monero-linux-armv8-v0.13.0.2.tar.bz2 redirect;
|
|
}
|
|
|
|
location /freebsd64 {
|
|
rewrite ^ /cli/monero-freebsd-x64-v0.13.0.2.tar.bz2 redirect;
|
|
}
|
|
|
|
location /dragonflybsd64 {
|
|
rewrite ^ /cli/monero-dragonflybsd-x64-v0.13.0.2.tar.bz2 redirect;
|
|
}
|
|
|
|
# GUI downloads
|
|
location /gui/win64 {
|
|
rewrite ^ /gui/monero-gui-win-x64-v0.13.0.2.zip redirect;
|
|
}
|
|
|
|
location /gui/mac64 {
|
|
rewrite ^ /gui/monero-gui-mac-x64-v0.13.0.2.tar.bz2 redirect;
|
|
}
|
|
|
|
location /gui/linux64 {
|
|
rewrite ^ /gui/monero-gui-linux-x64-v0.13.0.2.tar.bz2 redirect;
|
|
}
|
|
|
|
location /gui/linux32 {
|
|
rewrite ^ /gui/monero-gui-linux-x86-v0.13.0.2.tar.bz2 redirect;
|
|
}
|
|
|
|
# Other download redirects
|
|
location /cli/win64 {
|
|
rewrite ^ /win64 permanent;
|
|
}
|
|
|
|
location /cli/win32 {
|
|
rewrite ^ /win32 permanent;
|
|
}
|
|
|
|
location /cli/mac64 {
|
|
rewrite ^ /mac64 permanent;
|
|
}
|
|
|
|
location /cli/linux64 {
|
|
rewrite ^ /linux64 permanent;
|
|
}
|
|
|
|
location /cli/linux32 {
|
|
rewrite ^ /linux32 permanent;
|
|
}
|
|
|
|
location /cli/linuxarm7 {
|
|
rewrite ^ /linuxarm7 permanent;
|
|
}
|
|
|
|
location /cli/linuxarm8 {
|
|
rewrite ^ /linuxarm8 permanent;
|
|
}
|
|
|
|
location /cli/freebsd64 {
|
|
rewrite ^ /freebsd64 permanent;
|
|
}
|
|
|
|
location /cli/dragonflybsd64 {
|
|
rewrite ^ /dragonflybsd64 permanent;
|
|
}
|
|
|
|
location /win {
|
|
rewrite ^ /win64 permanent;
|
|
}
|
|
|
|
location /mac {
|
|
rewrite ^ /mac64 permanent;
|
|
}
|
|
|
|
location /linux {
|
|
rewrite ^ /linux64 permanent;
|
|
}
|
|
|
|
location /freebsd {
|
|
rewrite ^ /freebsd64 permanent;
|
|
}
|
|
|
|
location /dragonflybsd {
|
|
rewrite ^ /dragonflybsd64 permanent;
|
|
}
|
|
|
|
location /arm {
|
|
rewrite ^ /linuxarm7 permanent;
|
|
}
|
|
|
|
location /arm64 {
|
|
rewrite ^ /linuxarm8 permanent;
|
|
}
|
|
|
|
location /arm7 {
|
|
rewrite ^ /linuxarm7 permanent;
|
|
}
|
|
|
|
location /arm8 {
|
|
rewrite ^ /linuxarm8 permanent;
|
|
}
|
|
|
|
location /monero.win.x64.latest.zip {
|
|
rewrite ^ /win64 permanent;
|
|
}
|
|
|
|
location /monero.win.x32.latest.zip {
|
|
rewrite ^ /win32 permanent;
|
|
}
|
|
|
|
location /monero.mac.x64.latest.tar.bz2 {
|
|
rewrite ^ /mac64 permanent;
|
|
}
|
|
|
|
location /monero.linux.x64.latest.tar.bz2 {
|
|
rewrite ^ /linux64 permanent;
|
|
}
|
|
|
|
location /monero.linux.x86.latest.tar.bz2 {
|
|
rewrite ^ /linux86 permanent;
|
|
}
|
|
|
|
location /monero.linux.arm7.latest.tar.bz2 {
|
|
rewrite ^ /linuxarm7 permanent;
|
|
}
|
|
|
|
location /monero.linux.arm8.latest.tar.bz2 {
|
|
rewrite ^ /linuxarm8 permanent;
|
|
}
|
|
|
|
location /monero.freebsd.x64.latest.tar.bz2 {
|
|
rewrite ^ /freebsd64 permanent;
|
|
}
|
|
|
|
location /monero.dragonflybsd.x64.latest.tar.bz2 {
|
|
rewrite ^ /dragonflybsd64 permanent;
|
|
}
|
|
|
|
location / {
|
|
try_files $uri $uri/ $uri.php $uri.htm $uri.html =404;
|
|
index index.html index.htm index.php;
|
|
# post_action @download_complete;
|
|
}
|
|
|
|
# location @download_complete {
|
|
# resolver 8.8.8.8;
|
|
# proxy_pass http://statcounter.monero.cc/stat_counter.php?zz=yy&status=$request_completion&uri=$uri&remote_addr=$remote_addr&http_x_forwarded_for=$http_x_forwarded_for&body_bytes_sent=$body_bytes_sent&request_time=$request_time&scheme=$scheme&server_name=$server_name&http_user_agent=$http_user_agent;
|
|
# internal;
|
|
# }
|
|
|
|
# Block for processing PHP files
|
|
# Specifically matches URIs ending in .php
|
|
location ~ \.php$ {
|
|
try_files $uri =404;
|
|
|
|
# Fix for server variables that behave differently under nginx/php-fpm than typically expected
|
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
# Include the standard fastcgi_params file included with nginx
|
|
include fastcgi_params;
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
fastcgi_index index.php;
|
|
# Override the SCRIPT_FILENAME variable set by fastcgi_params
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
# Pass to upstream PHP-FPM; This must match whatever you name your upstream connection
|
|
fastcgi_pass phpfpm;
|
|
}
|
|
|
|
} |