jdormit-infra/prod/wallabag/packer/files/wallabag-nginx.conf

server {
    root /var/www/wallabag/web;

    location / {
        # try to serve file directly, fallback to app.php
        try_files $uri /app.php$is_args$args;
    }
    location ~ ^/app\.php(/|$) {
        # if, for some reason, you are still using PHP 5,
        # then replace /run/php/php7.0 by /var/run/php5
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        # When you are using symlinks to link the document root to the
        # current version of your application, you should pass the real
        # application path instead of the path to the symlink to PHP
        # FPM.
        # Otherwise, PHP's OPcache may not properly detect changes to
        # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
        # for more information).
        fastcgi_param  SCRIPT_FILENAME  $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        # Prevents URIs that include the front controller. This will 404:
        # http://domain.tld/app.php/some-path
        # Remove the internal directive to allow URIs like this
        internal;
    }

    # return 404 for all other php files not matching the front controller
    # this prevents access to other php files you don't want to be accessible.
    location ~ \.php$ {
        return 404;
    }

    listen [::]:443 ssl ipv6only=on;
    listen 443 ssl;

    ssl_certificate /var/www/wallabag/fullchain.pem;
    ssl_certificate_key /var/www/wallabag/privkey.pem;

    ssl_session_cache shared:le_nginx_SSL:1m;
    ssl_session_timeout 1440m;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";


    error_log /var/log/nginx/wallabag_error.log;
    access_log /var/log/nginx/wallabag_access.log;

    client_max_body_size 512M; # allows file uploads up to 512 megabytes
}

server {
       listen 80;
       listen [::]:80;
       return 301 https://$host$request_uri;
}
[WIP] Initial packer/terraform config for wallabag 2021-01-06 17:46:47 +00:00			`server {`
			`root /var/www/wallabag/web;`

			`location / {`
			`# try to serve file directly, fallback to app.php`
			`try_files $uri /app.php$is_args$args;`
			`}`
			`location ~ ^/app\.php(/\|$) {`
			`# if, for some reason, you are still using PHP 5,`
			`# then replace /run/php/php7.0 by /var/run/php5`
			`fastcgi_pass unix:/run/php/php7.2-fpm.sock;`
			`fastcgi_split_path_info ^(.+\.php)(/.*)$;`
			`include fastcgi_params;`
			`# When you are using symlinks to link the document root to the`
			`# current version of your application, you should pass the real`
			`# application path instead of the path to the symlink to PHP`
			`# FPM.`
			`# Otherwise, PHP's OPcache may not properly detect changes to`
			`# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126`
			`# for more information).`
			`fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;`
			`fastcgi_param DOCUMENT_ROOT $realpath_root;`
			`# Prevents URIs that include the front controller. This will 404:`
			`# http://domain.tld/app.php/some-path`
			`# Remove the internal directive to allow URIs like this`
			`internal;`
			`}`

			`# return 404 for all other php files not matching the front controller`
			`# this prevents access to other php files you don't want to be accessible.`
			`location ~ \.php$ {`
			`return 404;`
			`}`

Finish wallabag packer image 2021-01-07 15:48:14 +00:00			`listen [::]:443 ssl ipv6only=on;`
			`listen 443 ssl;`

			`ssl_certificate /var/www/wallabag/fullchain.pem;`
			`ssl_certificate_key /var/www/wallabag/privkey.pem;`

			`ssl_session_cache shared:le_nginx_SSL:1m;`
			`ssl_session_timeout 1440m;`

			`ssl_protocols TLSv1 TLSv1.1 TLSv1.2;`
			`ssl_prefer_server_ciphers on;`

			ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";


[WIP] Initial packer/terraform config for wallabag 2021-01-06 17:46:47 +00:00			`error_log /var/log/nginx/wallabag_error.log;`
			`access_log /var/log/nginx/wallabag_access.log;`

			`client_max_body_size 512M; # allows file uploads up to 512 megabytes`
Finish wallabag packer image 2021-01-07 15:48:14 +00:00			`}`

			`server {`
			`listen 80;`
			`listen [::]:80;`
			`return 301 https://$host$request_uri;`
[WIP] Initial packer/terraform config for wallabag 2021-01-06 17:46:47 +00:00			`}`