Refresh sample nginx vhost configuration with prod

BNETDocs · Sep 29, 2020 · 8e2d764 · 8e2d764
1 parent 5fd054b
commit 8e2d764
Showing 1 changed file with 63 additions and 54 deletions.
diff --git a/etc/nginx-vhost-sample.conf b/etc/nginx-vhost-sample.conf
@@ -1,6 +1,6 @@
 #
 # BNETDocs, the Battle.net(TM) protocol documentation and discussion website
-# Copyright (C) 2008-2016  Carl Bennett
+# Copyright (C) 2008-2020  "Arta", Don Cullen "Kyro", Carl Bennett, others
 # This file is part of BNETDocs.
 #
 # BNETDocs is free software: you can redistribute it and/or modify
@@ -20,87 +20,96 @@
 # It is NOT intended to be used in place of your actual configuration.
 #
 server {
+  listen      80;
+  listen [::]:80;
+  server_name bnetdocs.org;
 
-  listen       80;
-  listen       [::]:80;
-  server_name  bnetdocs.org;
-
-  include      conf.d/error-pages.conf;
-  include      conf.d/gzip.conf;
-  include      conf.d/url-filter*.conf;
+  include conf.d/error-pages.conf;
+  include conf.d/gzip.conf;
+  include conf.d/url-filter*.conf;
 
   location / {
-    return  301  https://$host$uri$is_args$args;
+    return 301 https://$host$request_uri;
   }
-
 }
 server {
+  ssl_certificate /etc/letsencrypt/live/bnetdocs.org/fullchain.pem; # managed by Certbot
+  ssl_certificate_key /etc/letsencrypt/live/bnetdocs.org/privkey.pem; # managed by Certbot
 
-  ssl_certificate      sites-certs/bnetdocs-www.crt;
-  ssl_certificate_key  sites-certs/bnetdocs-www.key;
-
-  listen       80;
-  listen       [::]:80;
-  listen       443 ssl http2;
-  listen       [::]:443 ssl http2;
-  server_name  .www.bnetdocs.org;
+  listen      80;
+  listen [::]:80;
+  listen      443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name www.bnetdocs.org;
 
-  include      conf.d/error-pages.conf;
-  include      conf.d/gzip.conf;
-  include      conf.d/url-filter*.conf;
+  include conf.d/error-pages.conf;
+  include conf.d/url-filter*.conf;
 
   location / {
-    return  301  https://bnetdocs.org$uri$is_args$args;
+    return 301 https://bnetdocs.org$request_uri;
   }
 }
 map $sent_http_content_type $bnetdocs_expires {
-  default        off;
-  ~application/  1y;
-  ~image/        1y;
-  ~text/         1y;
-  ~video/        1y;
+  default       off;
+  ~application/ 1y;
+  ~image/       1y;
+  ~text/        1y;
+  ~video/       1y;
 }
 server {
+  ssl_certificate /etc/letsencrypt/live/bnetdocs.org/fullchain.pem; # managed by Certbot
+  ssl_certificate_key /etc/letsencrypt/live/bnetdocs.org/privkey.pem; # managed by Certbot
 
-  ssl_certificate      sites-certs/bnetdocs-www.crt;
-  ssl_certificate_key  sites-certs/bnetdocs-www.key;
+  listen      443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name bnetdocs.org;
 
-  listen       443 ssl http2;
-  listen       [::]:443 ssl http2;
-  server_name  bnetdocs.org;
+  include conf.d/error-pages.conf;
+  include conf.d/url-filter*.conf;
 
-  include      conf.d/error-pages.conf;
-  include      conf.d/gzip.conf;
-  include      conf.d/url-filter*.conf;
-
-  root   /home/nginx/bnetdocs-www/src;
-  index  index.html index.xml index.htm;
+  root /var/www/www.bnetdocs.org/src;
+  index index.html index.xml index.htm;
 
   location / {
+    expires   $bnetdocs_expires;
+    try_files /static$uri /main.php$is_args$args;
+  }
+
+  location /a/ {
     expires    $bnetdocs_expires;
     try_files  /static$uri /main.php$is_args$args;
+    add_header 'Access-Control-Allow-Origin' '*';
+    add_header 'Access-Control-Allow-Methods' 'GET,HEAD,OPTIONS';
+    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+    add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
   }
 
-  rewrite ^/archives(/.*)?$ https://redux.bnetdocs.org/archives$1 last;
+  rewrite ^/archives(/.*)?$ $scheme://files.bnetdocs.org$1 last;
 
   location = /favicon.ico {
-    return  302  $scheme://$host/favicon.png$is_args$args;
+    return 302 $scheme://$host/favicon.png$is_args$args;
   }
 
-  location = /main.php {
-    fastcgi_hide_header           X-Powered-By;
-    add_header                    Strict-Transport-Security  max-age=86400;
-    fastcgi_buffer_size           128k;
-    fastcgi_buffers               256 16k;
-    fastcgi_busy_buffers_size     256k;
-    fastcgi_intercept_errors      off;
-    fastcgi_param                 PHP_VALUE
-                                 "display_errors = On
-                                  error_reporting = E_ALL
-                                  short_open_tag = Off";
-    fastcgi_pass                  unix:/run/php-fpm/www.sock;
-    fastcgi_temp_file_write_size  256k;
-    include                       fastcgi.conf;
+  location = /google7a3f778535b1424a.html {
+    return 200 "google-site-verification: google7a3f778535b1424a.html";
   }
 
+  location = /main.php {
+    add_header Strict-Transport-Security max-age=15552000; # 15552000 = 180 days
+
+    fastcgi_hide_header X-Powered-By;
+
+    fastcgi_buffer_size          128k;
+    fastcgi_buffers              256 16k;
+    fastcgi_busy_buffers_size    256k;
+    fastcgi_temp_file_write_size 256k;
+
+    fastcgi_intercept_errors off;
+    fastcgi_param            PHP_VALUE "date.timezone = Etc/UTC
+                                        display_errors = Off
+                                        error_reporting = E_ALL
+                                        short_open_tag = On";
+    fastcgi_pass unix:/var/run/php-fpm/www.sock;
+    include fastcgi.conf;
+  }
 }