#stream { #map $ssl_preread_server_name $targetBackend { #authserver.cacert-phoenix.org 127.0.0.4444; #} #} #server { # if ($host = authserver.cacert-phoenix.org) { #return 301 https://$host$request_uri; #} # managed by Certbot # inet 141.98.154.48/23 brd 141.98.155.255 scope global eth0 # valid_lft forever preferred_lft forever # inet6 2a02:c202:3014:5331::1/64 scope global # listen 141.98.154.48:4444; # # ssl on; # server_name authserver.cacert-phoenix.org; # return 404; # managed by Certbot # location / { #proxy_pass https://127.0.0.1:4444; #proxy_set_header Host $host; #p#roxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #} #} server { if ($host = authserver.cacert-phoenix.org) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name authserver.cacert-phoenix.org; return 404; # managed by Certbot } server { if ($host = idp.cacert-phoenix.org) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name idp.cacert-phoenix.org; return 404; # managed by Certbot } server { if ($host = registration.cacert-phoenix.org) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name registration.cacert-phoenix.org; return 404; # managed by Certbot } server { server_name authserver.cacert-phoenix.org; location / { proxy_pass https://127.0.0.1:4444; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } listen 443 ssl; # managed by Certbot listen 141.98.154.48:4444 ssl; ssl_certificate /etc/letsencrypt/live/registration.cacert-phoenix.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/registration.cacert-phoenix.org/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { server_name idp.cacert-phoenix.org; location / { proxy_pass https://127.0.0.1:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } listen 443 ssl; # managed by Certbot listen 141.98.154.48:3000 ssl; ssl_certificate /etc/letsencrypt/live/registration.cacert-phoenix.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/registration.cacert-phoenix.org/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { server_name registration.cacert-phoenix.org; root /var/www/html; index index.php; ssl_verify_client on; ssl_client_certificate /etc/nginx/certs/cas.pem; # ssl_verify_depth 1; location ~ ^/(.+\.php)$ { fastcgi_split_path_info ^(.+?\.php)(|/.*)$; if (!-f $document_root$fastcgi_script_name) { return 404; } include snippets/fastcgi-php.conf; include fastcgi_params; # fastcgi_index index.php; fastcgi_pass unix:/run/php/php8.2-fpm.sock; fastcgi_read_timeout 600s; #fastcgi_param SCRIPT_FILENAME /srv/www.example.org/html$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_intercept_errors on; fastcgi_param PHP_VALUE "memory_limit = 512M opcache.validate_root = 1 post_max_size = 32M max_execution_time = 240 max_input_time = 240 upload_max_filesize = 16M"; client_body_buffer_size 128k; http2_push_preload on; fastcgi_param TLS_SUCCESS $ssl_client_verify; fastcgi_param TLS_DN $ssl_client_s_dn; fastcgi_param TLS_CERT $ssl_client_cert; fastcgi_param TLS_FP $ssl_client_fingerprint; fastcgi_param TLS_SER $ssl_client_serial; fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn; } # deny access to Apache .htaccess on Nginx with PHP, # if Apache and Nginx document roots concur location ~ /\.ht { deny all; } listen 443 ssl http2; # managed by Certbot ssl_certificate /etc/letsencrypt/live/registration.cacert-phoenix.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/registration.cacert-phoenix.org/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot }