Aktualisiert die Config für den Webserver.

3 files changed, 160 insertions, 12 deletions

diff --git a/resources/gospeladlershof.conf b/resources/gospeladlershof.conf
index 5ca0cf7..1dc0177 100644
--- a/resources/gospeladlershof.conf
+++ b/resources/gospeladlershof.conf
@@ -1,9 +1,9 @@
 server {
 	listen 80;
-	listen 443 ssl spdy;
-
+	listen 443 ssl http2;
+	# kein IPv6
 	#listen [::]:80;
-	#listen [::]:443 ssl spdy;
+	#listen [::]:443 ssl http2;
 
 	server_name 		gospeladlershof.de;
 
@@ -13,7 +13,9 @@ server {
         include                 /etc/nginx/conf.d/nginx_conf/block_crawler;
         include                 /etc/nginx/conf.d/nginx_conf/block_facebook;
         include                 /etc/nginx/conf.d/nginx_conf/ssl_conf;
-        include                 /etc/nginx/conf.d/nginx_conf/robots.conf;
+
+	# Seite kann gecrawled werden!
+        #include                 /etc/nginx/conf.d/nginx_conf/robots.conf;
 
         ssl_certificate         /var/lib/acme/live/gospeladlershof.de/fullchain;
         ssl_certificate_key     /var/lib/acme/live/gospeladlershof.de/privkey;
@@ -21,6 +23,6 @@ server {
 	include snippets/letsencrypt.conf;
 
 	location / {
-		return 302		$scheme://www.gospeladlershof.de$request_uri;
+		return 301		https://www.gospeladlershof.de$request_uri;
 	}
 }
diff --git a/resources/intern.gospeladlershof.conf b/resources/intern.gospeladlershof.conf
new file mode 100644
index 0000000..13e3f03
--- /dev/null
+++ b/resources/intern.gospeladlershof.conf
@@ -0,0 +1,130 @@
+server {
+	listen 80;
+	listen 443 ssl http2;
+        server_name 		www.intern.gospeladlershof.de;
+	include			snippets/letsencrypt.conf;
+	include                 /etc/nginx/conf.d/nginx_conf/ssl_conf;
+	ssl_certificate         /var/lib/acme/live/www.intern.gospeladlershof.de/fullchain;
+	ssl_certificate_key     /var/lib/acme/live/www.intern.gospeladlershof.de/privkey;
+	include			conf.d/nginx_conf/robots.conf;
+
+	access_log 	/var/log/nginx/gospeladlershof.de/redirect.access.log verbose;
+	error_log 	/var/log/nginx/gospeladlershof.de/redirect.error.log;
+
+	return 301 	https://intern.gospeladlershof.de$request_uri;
+}
+
+server {
+	listen 80;
+        server_name 		intern.gospeladlershof.de;
+
+	location / {
+		return 302 https://$server_name$request_uri;
+	}
+
+	include			snippets/letsencrypt.conf;
+}
+
+server {
+	listen 443 ssl http2;
+	include			snippets/letsencrypt.conf;
+        server_name 		intern.gospeladlershof.de;
+	root            	/var/www/gospeladlershof.de/intern.gospeladlershof.de/;
+	#root            	/home/horus/sites/gospeladlershof.de/intern.gospeladlershof.de;
+
+	access_log 		/var/log/nginx/gospeladlershof.de/intern.access.log verbose;
+	error_log 		/var/log/nginx/gospeladlershof.de/intern.error.log;
+
+	index           	index.html index.php;
+
+	include                 /etc/nginx/conf.d/nginx_conf/ssl_conf;
+	ssl_certificate         /var/lib/acme/live/intern.gospeladlershof.de/fullchain;
+	ssl_certificate_key     /var/lib/acme/live/intern.gospeladlershof.de/privkey;
+	include			conf.d/nginx_conf/robots.conf;
+
+	error_page 404          /404.html;
+
+	# Solange wir keine ordentlichen Bilder haben wird nichts gecacht.
+        #location ~* \.(jpe?g|png|gif|css|js|swf|txt|ico|woff2?|ttf|svg)$ {
+        #        expires         365d;
+        #}
+
+        location ~* ^/favicon.ico$ {}
+
+	location / {
+		# In PHP implementiert, damit überflüssig.
+		# auth_basic "Passwort verlangt - Gospelchor Adlershof";
+		# auth_basic_user_file passwd/gospelchor_passwd;
+
+		# Andere Permission!
+		location ~ ^/code/deploy.php$ {
+			include         snippets/fastcgi-php.conf;
+			fastcgi_pass    unix:/var/run/horus-php5-fpm.sock;
+		}
+
+		location ~ \.php$ {
+			include         snippets/fastcgi-php.conf;
+			fastcgi_pass    unix:/var/run/php5-fpm.sock;
+		}
+
+		location = /mailman/ {
+			return 302 https://$server_name/mailman/listinfo;
+		}
+
+		location = /mailman {
+			return 302 https://$server_name/mailman/listinfo;
+		}
+
+		location /mailman {
+			root                    /usr/lib/cgi-bin;
+			fastcgi_hide_header Content-Type;
+			add_header Content-Type "text/html; charset=us-ascii";
+			fastcgi_split_path_info (^/mailman/[^/]*)(.*)$;
+			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+			fastcgi_param PATH_INFO $fastcgi_path_info;
+			include /etc/nginx/fastcgi_params;
+			fastcgi_pass  unix:/var/run/fcgiwrap.socket;
+		}   
+
+		location /mailman/private {
+			root                    /usr/lib/cgi-bin;
+			fastcgi_split_path_info (^/mailman/[^/]*)(.*)$;
+			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+			fastcgi_param PATH_INFO $fastcgi_path_info;
+			include /etc/nginx/fastcgi_params;
+			fastcgi_pass  unix:/var/run/fcgiwrap.socket;
+		}
+
+		location /mailman/public {
+			root                    /usr/lib/cgi-bin;
+			fastcgi_split_path_info (^/mailman/[^/]*)(.*)$;
+			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+			fastcgi_param PATH_INFO $fastcgi_path_info;
+			include /etc/nginx/fastcgi_params;
+			fastcgi_pass  unix:/var/run/fcgiwrap.socket;
+		}
+
+		location /images/mailman {
+			alias /var/lib/mailman/icons ;
+		}   
+
+		location /icons {
+			alias /usr/lib/mailman/icons;
+		}   
+
+		location /archives {
+			alias /var/lib/mailman/archives/public;
+			autoindex on;
+		}
+
+		location /pipermail {
+			disable_symlinks off;
+			alias /var/lib/mailman/archives/public;
+			autoindex on;
+		}
+	}
+
+
+	include conf.d/nginx_conf/restrict.conf;
+}
+
diff --git a/resources/www.gospeladlershof.conf b/resources/www.gospeladlershof.conf
index 9643cbb..c136655 100644
--- a/resources/www.gospeladlershof.conf
+++ b/resources/www.gospeladlershof.conf
@@ -1,6 +1,15 @@
 server {
 	listen 80;
-	listen 443 ssl;
+	include		snippets/letsencrypt.conf;
+        server_name 	www.gospeladlershof.de;
+
+	location / {
+		return 301 https://$server_name$request_uri;
+	}
+}
+
+server {
+	listen 443 ssl http2;
 	include		snippets/letsencrypt.conf;
         server_name 	www.gospeladlershof.de;
 	root            /var/www/gospeladlershof.de/gospeladlershof.de;
@@ -13,13 +22,16 @@ server {
 	include                 /etc/nginx/conf.d/nginx_conf/ssl_conf;
 	ssl_certificate         /var/lib/acme/live/www.gospeladlershof.de/fullchain;
 	ssl_certificate_key     /var/lib/acme/live/www.gospeladlershof.de/privkey;
-	#include		conf.d/nginx_conf/robots.conf;
+	#include			conf.d/nginx_conf/robots.conf;
 
 	error_page 404          /404.html;
 
         location ~* \.(jpe?g|png|gif|css|js|swf|txt|ico|woff2?|ttf|svg)$ {
-        #        expires         365d;
+        #       expires         365d;
                 expires         10m;
+	#	add_header 	"Access-Control-Allow-Origin" "intern.gospeladlershof.de";
+		add_header 	"Access-Control-Allow-Origin" "*";
+	#	add_header	"Vary" "Accept-Encoding";
         }
 
 
@@ -35,6 +47,11 @@ server {
 
 	location ~ ^/api/v1/{
 		rewrite ^/api/v1/([a-zA-Z]+)/? /intern/api/$1.php last;
+		location ~ \.php$ {
+			include         snippets/fastcgi-php.conf;
+			fastcgi_read_timeout 300; 
+			fastcgi_pass    unix:/var/run/php5-fpm.sock;
+		}
 	}
 
 	location /intern/api {
@@ -46,10 +63,12 @@ server {
 		}
 	}
 
+	include conf.d/nginx_conf/restrict.conf;
+
 	# pagespeed
 
-	pagespeed on;
 	include 			/etc/nginx/conf.d/nginx_conf/pagespeed.conf;
+	pagespeed off;
 
 	pagespeed EnableFilters 	remove_comments;
 	pagespeed EnableFilters 	collapse_whitespace;
@@ -80,8 +99,5 @@ server {
 	pagespeed EnableFilters		prioritize_critical_css;
 	pagespeed EnableFilters		rewrite_style_attributes_with_url;
 	pagespeed EnableFilters		sprite_images;
-
-	include conf.d/nginx_conf/restrict.conf;
-
 }