SHARE
TWEET

Certbot help topic 102843 - nginx -T

a guest Sep 25th, 2019 6 in 345 days
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # configuration file /etc/nginx/nginx.conf:
  2.  
  3. user  nginx;
  4. worker_processes  1;
  5.  
  6. error_log  /var/log/nginx/error.log warn;
  7. pid        /var/run/nginx.pid;
  8.  
  9.  
  10. events {
  11.     worker_connections  1024;
  12. }
  13.  
  14.  
  15. http {
  16.     include       /etc/nginx/mime.types;
  17.     default_type  application/octet-stream;
  18.  
  19.     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
  20.                       '$status $body_bytes_sent "$http_referer" '
  21.                       '"$http_user_agent" "$http_x_forwarded_for"';
  22.  
  23.     access_log  /var/log/nginx/access.log  main;
  24.  
  25.     sendfile        on;
  26.     tcp_nopush     on;
  27.     tcp_nodelay on;
  28.     types_hash_max_size 2048;
  29.     server_tokens off;
  30.  
  31.     keepalive_timeout  65;
  32.  
  33.     #gzip  on;
  34.  
  35.     include /etc/nginx/conf.d/*.conf;
  36.     include /etc/nginx/sites-enabled/*;
  37. #    include /etc/nginx/sites-enabled/friendsofvalledeoro;    
  38. #    include /etc/nginx/sites-enabled/iteamnm-com;    
  39. }
  40.  
  41. # configuration file /etc/nginx/mime.types:
  42.  
  43. types {
  44.     text/html                                        html htm shtml;
  45.     text/css                                         css;
  46.     text/xml                                         xml;
  47.     image/gif                                        gif;
  48.     image/jpeg                                       jpeg jpg;
  49.     application/javascript                           js;
  50.     application/atom+xml                             atom;
  51.     application/rss+xml                              rss;
  52.  
  53.     text/mathml                                      mml;
  54.     text/plain                                       txt;
  55.     text/vnd.sun.j2me.app-descriptor                 jad;
  56.     text/vnd.wap.wml                                 wml;
  57.     text/x-component                                 htc;
  58.  
  59.     image/png                                        png;
  60.     image/svg+xml                                    svg svgz;
  61.     image/tiff                                       tif tiff;
  62.     image/vnd.wap.wbmp                               wbmp;
  63.     image/webp                                       webp;
  64.     image/x-icon                                     ico;
  65.     image/x-jng                                      jng;
  66.     image/x-ms-bmp                                   bmp;
  67.  
  68.     font/woff                                        woff;
  69.     font/woff2                                       woff2;
  70.  
  71.     application/java-archive                         jar war ear;
  72.     application/json                                 json;
  73.     application/mac-binhex40                         hqx;
  74.     application/msword                               doc;
  75.     application/pdf                                  pdf;
  76.     application/postscript                           ps eps ai;
  77.     application/rtf                                  rtf;
  78.     application/vnd.apple.mpegurl                    m3u8;
  79.     application/vnd.google-earth.kml+xml             kml;
  80.     application/vnd.google-earth.kmz                 kmz;
  81.     application/vnd.ms-excel                         xls;
  82.     application/vnd.ms-fontobject                    eot;
  83.     application/vnd.ms-powerpoint                    ppt;
  84.     application/vnd.oasis.opendocument.graphics      odg;
  85.     application/vnd.oasis.opendocument.presentation  odp;
  86.     application/vnd.oasis.opendocument.spreadsheet   ods;
  87.     application/vnd.oasis.opendocument.text          odt;
  88.     application/vnd.openxmlformats-officedocument.presentationml.presentation
  89.                                                      pptx;
  90.     application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
  91.                                                      xlsx;
  92.     application/vnd.openxmlformats-officedocument.wordprocessingml.document
  93.                                                      docx;
  94.     application/vnd.wap.wmlc                         wmlc;
  95.     application/x-7z-compressed                      7z;
  96.     application/x-cocoa                              cco;
  97.     application/x-java-archive-diff                  jardiff;
  98.     application/x-java-jnlp-file                     jnlp;
  99.     application/x-makeself                           run;
  100.     application/x-perl                               pl pm;
  101.     application/x-pilot                              prc pdb;
  102.     application/x-rar-compressed                     rar;
  103.     application/x-redhat-package-manager             rpm;
  104.     application/x-sea                                sea;
  105.     application/x-shockwave-flash                    swf;
  106.     application/x-stuffit                            sit;
  107.     application/x-tcl                                tcl tk;
  108.     application/x-x509-ca-cert                       der pem crt;
  109.     application/x-xpinstall                          xpi;
  110.     application/xhtml+xml                            xhtml;
  111.     application/xspf+xml                             xspf;
  112.     application/zip                                  zip;
  113.  
  114.     application/octet-stream                         bin exe dll;
  115.     application/octet-stream                         deb;
  116.     application/octet-stream                         dmg;
  117.     application/octet-stream                         iso img;
  118.     application/octet-stream                         msi msp msm;
  119.  
  120.     audio/midi                                       mid midi kar;
  121.     audio/mpeg                                       mp3;
  122.     audio/ogg                                        ogg;
  123.     audio/x-m4a                                      m4a;
  124.     audio/x-realaudio                                ra;
  125.  
  126.     video/3gpp                                       3gpp 3gp;
  127.     video/mp2t                                       ts;
  128.     video/mp4                                        mp4;
  129.     video/mpeg                                       mpeg mpg;
  130.     video/quicktime                                  mov;
  131.     video/webm                                       webm;
  132.     video/x-flv                                      flv;
  133.     video/x-m4v                                      m4v;
  134.     video/x-mng                                      mng;
  135.     video/x-ms-asf                                   asx asf;
  136.     video/x-ms-wmv                                   wmv;
  137.     video/x-msvideo                                  avi;
  138. }
  139.  
  140. # configuration file /etc/nginx/conf.d/default.conf:
  141. server {
  142.     listen       80;
  143.     server_name  localhost;
  144.  
  145.     #charset koi8-r;
  146.     #access_log  /var/log/nginx/host.access.log  main;
  147.  
  148.     location / {
  149.         root   /usr/share/nginx/html;
  150.         index  index.html index.htm;
  151.     }
  152.  
  153.     #error_page  404              /404.html;
  154.  
  155.     # redirect server error pages to the static page /50x.html
  156.     #
  157.     error_page   500 502 503 504  /50x.html;
  158.     location = /50x.html {
  159.         root   /usr/share/nginx/html;
  160.     }
  161.  
  162.     # proxy the PHP scripts to Apache listening on 127.0.0.1:80
  163.     #
  164.     #location ~ \.php$ {
  165.     #    proxy_pass   http://127.0.0.1;
  166.     #}
  167.  
  168.     # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
  169.     #
  170.     #location ~ \.php$ {
  171.     #    root           html;
  172.     #    fastcgi_pass   127.0.0.1:9000;
  173.     #    fastcgi_index  index.php;
  174.     #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
  175.     #    include        fastcgi_params;
  176.     #}
  177.  
  178.     # deny access to .htaccess files, if Apache's document root
  179.     # concurs with nginx's one
  180.     #
  181.     #location ~ /\.ht {
  182.     #    deny  all;
  183.     #}
  184. }
  185.  
  186.  
  187. # configuration file /etc/nginx/conf.d/fbclid.conf:
  188. # https://gist.github.com/tedliou/8407d1126e25b9a2589395cccb7fe8ac    
  189. # redirect map in http block - remove fbclid argument from the end
  190. map $request_uri $redirect_fbclid {
  191.   "~^(.*?)([?&]fbclid=[a-zA-Z0-9_-]+)$"  $1;
  192. }
  193.  
  194. # configuration file /etc/nginx/conf.d/fileupload.conf:
  195. # added to allow 5.4mb plugin at abq sane to upload
  196. client_max_body_size 150M;
  197.  
  198. # configuration file /etc/nginx/conf.d/tls.conf:
  199.     ssl_protocols TLSv1.2;# Requires nginx >= 1.13.0 else use TLSv1.2
  200.     ssl_prefer_server_ciphers on;
  201.     ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096
  202.     ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
  203.     # ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
  204.     ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
  205.     ssl_session_timeout  10m;
  206.     ssl_session_cache shared:SSL:10m;
  207.     ssl_session_tickets off; # Requires nginx >= 1.5.9
  208.     ssl_stapling on; # Requires nginx >= 1.3.7
  209. #    ssl_stapling_verify on; # Requires nginx => 1.3.7
  210. #    resolver $DNS-IP-1 $DNS-IP-2 valid=300s;
  211. #    resolver_timeout 5s;
  212.  
  213.     #skipping HSTS for global, will set by site.
  214.     #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
  215. #    add_header X-Frame-Options DENY;
  216. # commented on dec 13 2017 per chris - and abqsane
  217.     add_header X-XSS-Protection "1; mode=block";
  218.  
  219. # configuration file /etc/nginx/sites-enabled/abqsane:
  220. server {
  221.     listen 80;
  222.     listen 443 ssl http2;
  223.     #listen [::]:80;
  224.     server_name abqsane.org;
  225.  
  226.  
  227.     root /var/sftp/abqsane/abqsane;
  228.     index index.php index.html index.htm index.nginx-debian.html;
  229.     access_log  /var/log/nginx/abqsane.access.log  main;
  230.  
  231.     location / {
  232.         try_files $uri $uri/ /index.php?$args;
  233.     }
  234.  
  235. #error_page  404              /404.html;
  236.  
  237.  
  238.     # redirect server error pages to the static page /50x.html
  239.     #
  240.     error_page   500 502 503 504  /50x.html;
  241.     location = /50x.html {
  242.         root   /usr/share/nginx/html;
  243.     }
  244.  
  245.     location ~ \.php$ {
  246.         include /etc/nginx/fastcgi.conf;
  247.         fastcgi_pass unix:/run/php/php7.0-fpm-abqsane.sock;
  248.     }
  249.  
  250.     location ~ /\.ht {
  251.         deny all;
  252.     }
  253.  
  254.  
  255.     location = /favicon.ico {
  256.         log_not_found off;
  257.         access_log off;
  258.      }
  259.  
  260.     location = /robots.txt {
  261.         log_not_found off;
  262.         access_log off;
  263.         allow all;
  264.      }
  265.  
  266.     location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
  267.         expires max;
  268.         log_not_found off;
  269.      }
  270.  
  271.     # no subdomains HSTS
  272.     add_header Strict-Transport-Security "max-age=63072000; preload" always;
  273.  
  274.  
  275. ssl_certificate /etc/letsencrypt/live/abqsane.org/fullchain.pem; # managed by Certbot
  276. ssl_certificate_key /etc/letsencrypt/live/abqsane.org/privkey.pem; # managed by Certbot
  277.  
  278.     if ($scheme != "https") {
  279.         return 301 https://$host$request_uri;
  280.     } # managed by Certbot
  281.  
  282. }
  283.  
  284. server {
  285.     listen       443 ssl http2;
  286.     server_name www.abqsane.org;
  287.     return 301 $scheme://abqsane.com$request_uri;
  288.  
  289.     ssl_certificate /etc/letsencrypt/live/www.abqsane.org/fullchain.pem; # managed by Certbot
  290.     ssl_certificate_key /etc/letsencrypt/live/www.abqsane.org/privkey.pem; # managed by Certbot
  291. }
  292.  
  293.  
  294.  
  295. server {
  296.     if ($host = www.abqsane.org) {
  297.         return 301 https://$host$request_uri;
  298.     } # managed by Certbot
  299.  
  300.  
  301.     listen       80;
  302.     server_name www.abqsane.org;
  303.     return 404; # managed by Certbot
  304.  
  305.  
  306. }
  307.  
  308. # configuration file /etc/nginx/fastcgi.conf:
  309.  
  310. fastcgi_param  QUERY_STRING       $query_string;
  311. fastcgi_param  REQUEST_METHOD     $request_method;
  312. fastcgi_param  CONTENT_TYPE       $content_type;
  313. fastcgi_param  CONTENT_LENGTH     $content_length;
  314.  
  315. fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
  316. fastcgi_param  REQUEST_URI        $request_uri;
  317. fastcgi_param  DOCUMENT_URI       $document_uri;
  318. fastcgi_param  DOCUMENT_ROOT      $document_root;
  319. fastcgi_param  SERVER_PROTOCOL    $server_protocol;
  320. fastcgi_param  REQUEST_SCHEME     $scheme;
  321. fastcgi_param  HTTPS              $https if_not_empty;
  322.  
  323. fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
  324. fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
  325.  
  326. fastcgi_param  REMOTE_ADDR        $remote_addr;
  327. fastcgi_param  REMOTE_PORT        $remote_port;
  328. fastcgi_param  SERVER_ADDR        $server_addr;
  329. fastcgi_param  SERVER_PORT        $server_port;
  330. fastcgi_param  SERVER_NAME        $server_name;
  331.  
  332. # PHP only, required if PHP was built with --enable-force-cgi-redirect
  333. fastcgi_param  REDIRECT_STATUS    200;
  334.  
  335. #from .conf
  336. #fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
  337. # from https://blog.martinfjordvald.com/2013/04/nginx-config-history-fastcgi_params-versus-fastcgi-conf/
  338. fastcgi_param  SCRIPT_FILENAME    $request_filename;
  339.  
  340. # configuration file /etc/nginx/sites-enabled/atwoodmalone:
  341. server {
  342.     listen 443 ssl http2;
  343.     #listen [::]:80;
  344.     server_name atwoodmalone.com;
  345.  
  346.     access_log  /var/log/nginx/atwoodmalone.access.log  main;
  347.  
  348.     root /var/sftp/atwoodmalone/atwoodmalone;
  349.     index index.php index.html index.htm index.nginx-debian.html;
  350.  
  351.  
  352.     location / {
  353.         try_files $uri $uri/ /index.php?$args;
  354.     }
  355.  
  356.     #error_page  404              /404.html;
  357.  
  358.  
  359.     # redirect server error pages to the static page /50x.html
  360.     #
  361.     error_page   500 502 503 504  /50x.html;
  362.     location = /50x.html {
  363.         root   /usr/share/nginx/html;
  364.     }
  365.  
  366.     location ~ \.php$ {
  367.         include /etc/nginx/fastcgi.conf;
  368.         fastcgi_pass unix:/run/php/php7.0-fpm-atwoodmalone.sock;
  369.     }
  370.  
  371.     location ~ /\.ht {
  372.         deny all;
  373.     }
  374.  
  375.     location = /favicon.ico {
  376.         log_not_found off;
  377.         access_log off;
  378.      }
  379.  
  380.     location = /robots.txt {
  381.         log_not_found off;
  382.         access_log off;
  383.         allow all;
  384.      }
  385.  
  386.     location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
  387.         expires max;
  388.         log_not_found off;
  389.      }
  390.  
  391.  
  392.     # no subdomains HSTS
  393.     #add_header Strict-Transport-Security "max-age=63072000; preload" always;
  394.  
  395.  
  396.     ssl_certificate /etc/letsencrypt/live/atwoodmalone.com/fullchain.pem; # managed by Certbot
  397.     ssl_certificate_key /etc/letsencrypt/live/atwoodmalone.com/privkey.pem; # managed by Certbot
  398. }
  399.  
  400. server {
  401.     listen       443 ssl http2;
  402.     server_name www.atwoodmalone.com;
  403.     return 301 $scheme://atwoodmalone.com$request_uri;
  404.  
  405.     ssl_certificate /etc/letsencrypt/live/www.atwoodmalone.com/fullchain.pem; # managed by Certbot
  406.     ssl_certificate_key /etc/letsencrypt/live/www.atwoodmalone.com/privkey.pem; # managed by Certbot
  407. }
  408.  
  409. server {
  410.     if ($host = atwoodmalone.com) {
  411.         return 301 https://$host$request_uri;
  412.     } # managed by Certbot
  413.  
  414.  
  415.     listen 80;
  416.     server_name atwoodmalone.com;
  417.     return 404; # managed by Certbot
  418.  
  419.  
  420. }
  421.  
  422. server {
  423.     if ($host = www.atwoodmalone.com) {
  424.         return 301 https://$host$request_uri;
  425.     } # managed by Certbot
  426.  
  427.  
  428.     listen       80;
  429.     server_name www.atwoodmalone.com;
  430.     return 404; # managed by Certbot
  431.  
  432.  
  433. }
  434. # configuration file /etc/nginx/sites-enabled/bacahoward-com:
  435. # Use this for upstream proxies if you wish to set them up as a variable
  436. #upstream bacahoward-com {
  437. #    server 127.0.0.1:3000;
  438. #    #server 127.0.0.1:3001;
  439. #    keepalive 8;
  440. #}
  441.  
  442. server {
  443.     # If you want the site to be TLS only, adjust the listen parameter
  444.     listen 443 ssl http2;
  445.     #listen [::]:80;
  446.     server_name bacahoward.com;
  447.  
  448.     access_log  /var/log/nginx/bacahoward-com.access.log  main;
  449.  
  450.     root /var/sftp/bacahoward-com/bacahoward-com;
  451.     index index.php index.html index.htm index.nginx-debian.html;
  452.  
  453.  
  454.     location / {
  455.         # try_files $uri $uri/ /index.html;
  456.  
  457.         # Use this line for PHP request handling
  458.         # try_files $uri $uri/ /index.php?$args;
  459.  
  460.         # Use this block for upstream proxies à la node
  461.         # This includes the needed parameters for websocket support
  462.         # You will need to set the host and port, use the upstream block above
  463.         proxy_set_header X-Real-IP $remote_addr;
  464.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  465.         proxy_set_header Host $http_host;
  466.         proxy_set_header X-NginX-Proxy true;
  467.        
  468.         # proxy_pass http://bacahoward-com;
  469.        
  470.         # You can also specify one target like this:
  471.         proxy_pass http://127.0.0.1:3004;
  472.        
  473.         proxy_redirect off;
  474.         proxy_http_version 1.1;
  475.         proxy_set_header Upgrade $http_upgrade;
  476.         proxy_set_header Connection "upgrade";
  477.     }
  478.  
  479.     #error_page  404              /404.html;
  480.  
  481.  
  482.     # redirect server error pages to the static page /50x.html
  483.     #
  484.     error_page   500 502 503 504  /50x.html;
  485.     location = /50x.html {
  486.         root   /usr/share/nginx/html;
  487.     }
  488.  
  489.      # Use this block for PHP request handling
  490.      # If you used the static site workflow, you will need to add a per-user php-fpm pool config.
  491. #    location ~ \.php$ {
  492. #        include /etc/nginx/fastcgi.conf;
  493. #        fastcgi_pass unix:/run/php/php7.0-fpm-bacahoward-com.sock;
  494. #    }
  495.  
  496.     location ~ /\.ht {
  497.         deny all;
  498.     }
  499.  
  500. #    location = /favicon.ico {
  501. #        log_not_found off;
  502. #        access_log off;
  503. #     }
  504.  
  505. #    location = /robots.txt {
  506. #        log_not_found off;
  507. #        access_log off;
  508. #        allow all;
  509. #     }
  510.  
  511. #    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
  512. #        expires max;
  513. #        log_not_found off;
  514. #     }
  515.  
  516.     # no subdomains HSTS
  517.     #add_header Strict-Transport-Security "max-age=63072000; preload" always;
  518.  
  519.     ssl_certificate /etc/letsencrypt/live/bacahoward.com/fullchain.pem; # managed by Certbot
  520.     ssl_certificate_key /etc/letsencrypt/live/bacahoward.com/privkey.pem; # managed by Certbot
  521. }
  522.  
  523. server {
  524.     listen       443 ssl http2;
  525.     server_name www.bacahoward.com;
  526.     return 301 $scheme://bacahoward.com$request_uri;
  527.  
  528.     ssl_certificate /etc/letsencrypt/live/www.bacahoward.com/fullchain.pem; # managed by Certbot
  529.     ssl_certificate_key /etc/letsencrypt/live/www.bacahoward.com/privkey.pem; # managed by Certbot
  530. }
  531.  
  532.  
  533. server {
  534.     if ($host = bacahoward.com) {
  535.         return 301 https://$host$request_uri;
  536.     } # managed by Certbot
  537.  
  538.  
  539.     listen 80;
  540.     server_name bacahoward.com;
  541.     return 404; # managed by Certbot
  542.  
  543.  
  544. }
  545.  
  546.  
  547. server {
  548.     if ($host = www.bacahoward.com) {
  549.         return 301 https://$host$request_uri;
  550.     } # managed by Certbot
  551.  
  552.  
  553.     listen       80;
  554.     server_name www.bacahoward.com;
  555.     return 404; # managed by Certbot
  556.  
  557.  
  558. }
  559. # configuration file /etc/nginx/sites-enabled/blackmesacoffeeco-com:
  560. server {
  561.     listen 80;
  562.     listen 443 ssl http2;
  563.     #listen [::]:80;
  564.     server_name blackmesacoffeeco.com;
  565.  
  566.     access_log  /var/log/nginx/blackmesacoffeeco-com.access.log  main;
  567.  
  568.     root /var/sftp/blackmesacoffeeco-com/blackmesacoffeeco-com;
  569.     index index.php index.html index.htm index.nginx-debian.html;
  570.  
  571.  
  572.     location / {
  573.         try_files $uri $uri/ /index.php?$args;
  574.     }
  575.  
  576.     #error_page  404              /404.html;
  577.  
  578.  
  579.     # redirect server error pages to the static page /50x.html
  580.     #
  581.     error_page   500 502 503 504  /50x.html;
  582.     location = /50x.html {
  583.         root   /usr/share/nginx/html;
  584.     }
  585.  
  586.     location ~ \.php$ {
  587.         include /etc/nginx/fastcgi.conf;
  588.         fastcgi_pass unix:/run/php/php7.0-fpm-blackmesacoffeeco-com.sock;
  589.     }
  590.  
  591.     location ~ /\.ht {
  592.         deny all;
  593.     }
  594.  
  595.     location = /favicon.ico {
  596.         log_not_found off;
  597.         access_log off;
  598.      }
  599.  
  600.     location = /robots.txt {
  601.         log_not_found off;
  602.         access_log off;
  603.         allow all;
  604.      }
  605.  
  606.     location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
  607.         expires max;
  608.         log_not_found off;
  609.      }
  610.  
  611.  
  612.     # no subdomains HSTS
  613.     #add_header Strict-Transport-Security "max-age=63072000; preload" always;
  614.  
  615. }
  616.  
  617. server {
  618.     listen       80;
  619.     listen       443 ssl http2;
  620.     server_name www.blackmesacoffeeco.com;
  621.     return 301 $scheme://blackmesacoffeeco.com$request_uri;
  622. }
  623.  
  624.  
  625. # configuration file /etc/nginx/sites-enabled/droplet-sf02-01:
  626. server {
  627.     listen 443 ssl http2;
  628.     #listen [::]:80;
  629.     server_name droplet-sf02-01.iteamnm.com;
  630.  
  631.  
  632.     root /var/sftp/droplet-sf02-01/droplet-sf02-01;
  633.     index index.php index.html index.htm index.nginx-debian.html;
  634.  
  635.  
  636.     location / {
  637.         try_files $uri $uri/ /index.php?$args;
  638.     }
  639.  
  640.     location /phpmyadmin {
  641.         # Comcast Fiber
  642.         allow 50.237.178.138;
  643.         # Level 3
  644.         allow 74.202.141.100/30;
  645.         allow 74.202.141.152/30;
  646.         allow 173.227.57.112/28;
  647.         # Comcast
  648.         allow 50.251.15.104/29;
  649.     #Treinen Law Office - Web Designer
  650.     allow 73.26.250.221;
  651.         #Examples
  652.         #deny  192.168.1.1;
  653.         #allow 192.168.1.0/24;
  654.         #allow 10.1.1.0/16;
  655.         #allow 2001:0db8::/32;
  656.         deny  all;
  657.     }
  658.  
  659.     #error_page  404              /404.html;
  660.  
  661.     # redirect server error pages to the static page /50x.html
  662.     #
  663.     error_page   500 502 503 504  /50x.html;
  664.     location = /50x.html {
  665.         root   /usr/share/nginx/html;
  666.     }
  667.  
  668.     location ~ \.php$ {
  669.         include /etc/nginx/fastcgi.conf;
  670.         fastcgi_pass unix:/run/php/php7.0-fpm-droplet-sf02-01.sock;
  671.     }
  672.  
  673.     location ~ /\.ht {
  674.         deny all;
  675.     }
  676.  
  677.     location = /favicon.ico {
  678.         log_not_found off;
  679.         access_log off;
  680.      }
  681.  
  682.     location = /robots.txt {
  683.         log_not_found off;
  684.         access_log off;
  685.         allow all;
  686.      }
  687.  
  688.     location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
  689.         expires max;
  690.         log_not_found off;
  691.      }
  692.  
  693.  
  694.     # no subdomains HSTS
  695.     add_header Strict-Transport-Security "max-age=63072000" always;
  696.     ssl_certificate /etc/letsencrypt/live/droplet-sf02-01.iteamnm.com/fullchain.pem; # managed by Certbot
  697.     ssl_certificate_key /etc/letsencrypt/live/droplet-sf02-01.iteamnm.com/privkey.pem; # managed by Certbot
  698.  
  699.     if ($scheme != "https") {
  700.         return 301 https://$host$request_uri;
  701.     } # managed by Certbot
  702.  
  703.  
  704. }
  705.  
  706. server {
  707.     listen       80;
  708.     listen       443 ssl http2;
  709.     server_name www.droplet-sf02-01.iteamnm.com;
  710.     return 301 $scheme://example.com$request_uri;
  711. }
  712.  
  713. server {
  714.     if ($host = droplet-sf02-01.iteamnm.com) {
  715.         return 301 https://$host$request_uri;
  716.     } # managed by Certbot
  717.  
  718.  
  719.     listen 80;
  720.     server_name droplet-sf02-01.iteamnm.com;
  721.     return 404; # managed by Certbot
  722.  
  723.  
  724. }
  725.  
  726. # configuration file /etc/nginx/sites-enabled/ebnm:
  727. upstream ebnm {
  728.     server 127.0.0.1:3001;
  729.     keepalive 8;
  730. }
  731.  
  732. server {
  733.     listen       80;
  734.     listen   443 ssl http2;
  735.     server_name  ebnm.com;
  736.  
  737.     #charset koi8-r;
  738.     access_log  /var/log/nginx/ebnm.access.log  main;
  739.  
  740.     location / {
  741.     proxy_set_header X-Real-IP $remote_addr;
  742.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  743.         proxy_set_header Host $http_host;
  744.         proxy_set_header X-NginX-Proxy true;
  745.  
  746.         proxy_pass http://127.0.0.1:3001/;
  747.         proxy_redirect off;
  748.     proxy_http_version 1.1;
  749.     proxy_set_header Upgrade $http_upgrade;
  750.     proxy_set_header Connection "upgrade";
  751.     }
  752.  
  753.     #error_page  404              /404.html;
  754.  
  755.     # redirect server error pages to the static page /50x.html
  756.     #
  757.     error_page   500 502 503 504  /50x.html;
  758.     location = /50x.html {
  759.         root   /usr/share/nginx/html;
  760.     }
  761.  
  762.     # proxy the PHP scripts to Apache listening on 127.0.0.1:80
  763.     #
  764.     #location ~ \.php$ {
  765.     #    proxy_pass   http://127.0.0.1;
  766.     #}
  767.  
  768.     # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
  769.     #
  770.     #location ~ \.php$ {
  771.     #    root           html;
  772.     #    fastcgi_pass   127.0.0.1:9000;
  773.     #    fastcgi_index  index.php;
  774.     #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
  775.     #    include        fastcgi.conf;
  776.     #}
  777.  
  778.     # deny access to .htaccess files, if Apache's document root
  779.     # concurs with nginx's one
  780.     #
  781.     #location ~ /\.ht {
  782.     #    deny  all;
  783.     #}
  784.  
  785.     #compress assets
  786.     #gzip on;
  787.  
  788.     # no subdomains HSTS
  789.     add_header Strict-Transport-Security "max-age=63072000; preload";
  790.  
  791. ssl_certificate /etc/letsencrypt/live/ebnm.com/fullchain.pem; # managed by Certbot
  792. ssl_certificate_key /etc/letsencrypt/live/ebnm.com/privkey.pem; # managed by Certbot
  793.  
  794.     if ($scheme != "https") {
  795.         return 301 https://$host$request_uri;
  796.     } # managed by Certbot
  797.  
  798. }
  799.  
  800. server {
  801.     listen       80;
  802.     listen       443 ssl http2;
  803.     server_name www.ebnm.com;
  804.     return 301 $scheme://ebnm.com$request_uri;
  805. }
  806.  
  807. # configuration file /etc/nginx/sites-enabled/ecinm:
  808. server {
  809.     listen 443 ssl http2;
  810.     #listen [::]:80;
  811.     server_name ecinm.com;
  812.  
  813.  
  814.     root /var/sftp/ecinm/ecinm;
  815.     index index.php index.html index.htm index.nginx-debian.html;
  816.  
  817.  
  818.     location / {
  819.         try_files $uri $uri/ /index.php?$args;
  820.     }
  821.  
  822.     #error_page  404              /404.html;
  823.  
  824.  
  825.     # redirect server error pages to the static page /50x.html
  826.     #
  827.     error_page   500 502 503 504  /50x.html;
  828.     location = /50x.html {
  829.         root   /usr/share/nginx/html;
  830.     }
  831.  
  832.     location ~ \.php$ {
  833.         include /etc/nginx/fastcgi.conf;
  834.         fastcgi_pass unix:/run/php/php7.0-fpm-ecinm.sock;
  835.     }
  836.  
  837.     location ~ /\.ht {
  838.         deny all;
  839.     }
  840.  
  841.     location = /favicon.ico {
  842.         log_not_found off;
  843.         access_log off;
  844.      }
  845.  
  846.     location = /robots.txt {
  847.         log_not_found off;
  848.         access_log off;
  849.         allow all;
  850.      }
  851.  
  852.     location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
  853.         expires max;
  854.         log_not_found off;
  855.      }
  856.  
  857.  
  858.     # no subdomains HSTS
  859.     #add_header Strict-Transport-Security "max-age=63072000; preload";
  860.  
  861.     ssl_certificate /etc/letsencrypt/live/ecinm.com/fullchain.pem; # managed by Certbot
  862.     ssl_certificate_key /etc/letsencrypt/live/ecinm.com/privkey.pem; # managed by Certbot
  863. }
  864.  
  865. server {
  866.     listen       80;
  867.     listen       443 ssl http2;
  868.     server_name www.ecinm.com;
  869.     return 301 $scheme://ecinm.com$request_uri;
  870. }
  871.  
  872. server {
  873.     if ($host = ecinm.com) {
  874.         return 301 https://$host$request_uri;
  875.     } # managed by Certbot
  876.  
  877.  
  878.     listen 80;
  879.     server_name ecinm.com;
  880.     return 404; # managed by Certbot
  881.  
  882.  
  883. }
  884.  
  885. # configuration file /etc/nginx/sites-enabled/form-cove:
  886. server {
  887.     listen   443 ssl http2;
  888.     server_name  form-cove.com;
  889.  
  890.     #charset koi8-r;
  891.     #access_log  /var/log/nginx/iteamnm.access.log  main;
  892.  
  893.     root   /var/sftp/form-cove/form-cove;
  894.     index  index.html index.htm;
  895.    
  896.     location / {
  897.         try_files $uri $uri/ =404;
  898.     }
  899.  
  900.     error_page  404              /404.html;
  901.  
  902.     # redirect server error pages to the static page /50x.html
  903.     error_page   500 502 503 504  /50x.html;
  904.     location = /50x.html {
  905.         root   /usr/share/nginx/html;
  906.     }
  907.  
  908.     # deny access to .htaccess files, if Apache's document root
  909.     # concurs with nginx's one
  910.     #
  911.     #location ~ /\.ht {
  912.     #    deny  all;
  913.     #}
  914.  
  915.     # no subdomains HSTS
  916.     add_header Strict-Transport-Security "max-age=63072000; preload";
  917.  
  918.     ssl_certificate /etc/letsencrypt/live/form-cove.com/fullchain.pem; # managed by Certbot
  919.     ssl_certificate_key /etc/letsencrypt/live/form-cove.com/privkey.pem; # managed by Certbot
  920. }
  921.  
  922. server {
  923.     listen       80;
  924.     listen       443 ssl http2;
  925.     server_name www.form-cove.com;
  926.     return 301 $scheme://form-cove.com$request_uri;
  927.  
  928.     ssl_certificate /etc/letsencrypt/live/www.form-cove.com/fullchain.pem; # managed by Certbot
  929.     ssl_certificate_key /etc/letsencrypt/live/www.form-cove.com/privkey.pem; # managed by Certbot
  930. }
  931. server {
  932.     if ($host = form-cove.com) {
  933.         return 301 https://$host$request_uri;
  934.     } # managed by Certbot
  935.  
  936.  
  937.     listen       80;
  938.     server_name  form-cove.com;
  939.     return 404; # managed by Certbot
  940.  
  941.  
  942. }
  943. # configuration file /etc/nginx/sites-enabled/franklinsearthmoving-com:
  944. upstream franklinsearthmoving-com {
  945.     server 127.0.0.1:3002;
  946.     keepalive 8;
  947. }
  948.  
  949. server {
  950.     listen   443 ssl http2;
  951.     server_name  feinm.com;
  952.  
  953.     #charset koi8-r;
  954.     access_log  /var/log/nginx/franklinsearthmoving.access.log  main;
  955.  
  956.     location / {
  957.     proxy_set_header X-Real-IP $remote_addr;
  958.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  959.         proxy_set_header Host $http_host;
  960.         proxy_set_header X-NginX-Proxy true;
  961.  
  962.         proxy_pass http://127.0.0.1:3002/;
  963.         proxy_redirect off;
  964.     proxy_http_version 1.1;
  965.     proxy_set_header Upgrade $http_upgrade;
  966.     proxy_set_header Connection "upgrade";
  967.     }
  968.  
  969.     #error_page  404              /404.html;
  970.  
  971.     # redirect server error pages to the static page /50x.html
  972.     #
  973.     error_page   500 502 503 504  /50x.html;
  974.     location = /50x.html {
  975.         root   /usr/share/nginx/html;
  976.     }
  977.  
  978.     # no subdomains HSTS
  979.     add_header Strict-Transport-Security "max-age=63072000; preload";
  980.  
  981.     ssl_certificate /etc/letsencrypt/live/feinm.com/fullchain.pem; # managed by Certbot
  982.     ssl_certificate_key /etc/letsencrypt/live/feinm.com/privkey.pem; # managed by Certbot
  983. }
  984.  
  985. server {
  986.     listen       80;
  987.     listen       443 ssl http2;
  988.     server_name www.feinm.com;
  989.     return 301 $scheme://feinm.com$request_uri;
  990. }
  991.  
  992.  
  993. server {
  994.     if ($host = feinm.com) {
  995.         return 301 https://$host$request_uri;
  996.     } # managed by Certbot
  997.  
  998.  
  999.     listen       80;
  1000.     server_name  feinm.com;
  1001.     return 404; # managed by Certbot
  1002.  
  1003.  
  1004. }
  1005. # configuration file /etc/nginx/sites-enabled/friendsofvalledeoro:
  1006. server {
  1007.     listen 443 ssl http2;
  1008.     listen 80;
  1009.     server_name friendsofvalledeoro.org;
  1010.  
  1011.     access_log  /var/log/nginx/friendsofvalledeoro.access.log  main;
  1012.  
  1013.     root /var/sftp/friendsofvalledeoro/friendsofvalledeoro;
  1014.     index index.php index.html index.htm index.nginx-debian.html;
  1015.  
  1016.     # if redirect map is active, do 301 to the new url
  1017.     if ( $redirect_fbclid ) {
  1018.       return 301 $redirect_fbclid;
  1019.     }
  1020.  
  1021.  
  1022.  
  1023.     location / {
  1024.         try_files $uri $uri/ /index.php?$args;
  1025.     }
  1026.  
  1027.     #error_page  404              /404.html;
  1028.  
  1029.  
  1030.     # redirect server error pages to the static page /50x.html
  1031.     #
  1032.     error_page   500 502 503 504  /50x.html;
  1033.     location = /50x.html {
  1034.         root   /usr/share/nginx/html;
  1035.     }
  1036.  
  1037.     location ~ \.php$ {
  1038.         include /etc/nginx/fastcgi.conf;
  1039.         fastcgi_pass unix:/run/php/php7.0-fpm-friendsofvalledeoro.sock;
  1040.     }
  1041.  
  1042.     location ~ /\.ht {
  1043.         deny all;
  1044.     }
  1045.  
  1046.     location = /favicon.ico {
  1047.         log_not_found off;
  1048.         access_log off;
  1049.      }
  1050.  
  1051.     location = /robots.txt {
  1052.         log_not_found off;
  1053.         access_log off;
  1054.         allow all;
  1055.      }
  1056.  
  1057.     location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
  1058.         expires max;
  1059.         log_not_found off;
  1060.      }
  1061.  
  1062.  
  1063.     # no subdomains HSTS
  1064.     #add_header Strict-Transport-Security "max-age=63072000; preload" always;
  1065.  
  1066.  
  1067.     ssl_certificate /etc/letsencrypt/live/friendsofvalledeoro.org/fullchain.pem; # managed by Certbot
  1068.     ssl_certificate_key /etc/letsencrypt/live/friendsofvalledeoro.org/privkey.pem; # managed by Certbot
  1069. }
  1070.  
  1071.  
  1072. server{
  1073.     listen       80;
  1074.     listen       443 ssl http2;
  1075.     server_name www.friendsofvalledeoro.org;
  1076.     return 301 $scheme://friendsofvalledeoro.org$request_uri;
  1077.     ssl_certificate /etc/letsencrypt/live/www.friendsofvalledeoro.org/fullchain.pem; # managed by Certbot
  1078.     ssl_certificate_key /etc/letsencrypt/live/www.friendsofvalledeoro.org/privkey.pem; # managed by Certbot
  1079. }
  1080.  
  1081. # configuration file /etc/nginx/sites-enabled/friendsofvalledeoro-store:
  1082. server {
  1083.     listen   443 ssl http2;
  1084.     server_name  shop.friendsofvalledeoro.org;
  1085.  
  1086.     location / {
  1087.         root   /var/sftp/friendsofvalledeoro-store/friendsofvalledeoro-store;
  1088.         index  index.html index.htm;
  1089.         try_files $uri $uri/ /index.html;
  1090.     }
  1091.  
  1092.     #error_page  404              /404.html;
  1093.  
  1094.     # redirect server error pages to the static page /50x.html
  1095.     error_page   500 502 503 504  /50x.html;
  1096.     location = /50x.html {
  1097.         root   /usr/share/nginx/html;
  1098.     }
  1099.  
  1100.     # no subdomains HSTS
  1101.     add_header Strict-Transport-Security "max-age=63072000; preload";
  1102.  
  1103.     ssl_certificate /etc/letsencrypt/live/shop.friendsofvalledeoro.org/fullchain.pem; # managed by Certbot
  1104.     ssl_certificate_key /etc/letsencrypt/live/shop.friendsofvalledeoro.org/privkey.pem; # managed by Certbot
  1105. }
  1106.  
  1107. server {
  1108.     if ($host = shop.friendsofvalledeoro.org) {
  1109.         return 301 https://$host$request_uri;
  1110.     } # managed by Certbot
  1111.  
  1112.  
  1113.     listen       80;
  1114.     server_name  shop.friendsofvalledeoro.org;
  1115.     return 404; # managed by Certbot
  1116.  
  1117.  
  1118. }
  1119. # configuration file /etc/nginx/sites-enabled/heavyhog:
  1120. server {
  1121.     listen       80;
  1122.     listen   443 ssl http2;
  1123.     server_name  heavyhog.com;
  1124.  
  1125.     #charset koi8-r;
  1126.     #access_log  /var/log/nginx/heavyhog.access.log  main;
  1127.  
  1128.     location / {
  1129.         root   /var/sftp/heavyhog/heavyhog;
  1130.         index  index.html index.htm;
  1131.         try_files $uri $uri/ /index.html;
  1132.     }
  1133.  
  1134.     #error_page  404              /404.html;
  1135.  
  1136.     # redirect server error pages to the static page /50x.html
  1137.     #
  1138.     error_page   500 502 503 504  /50x.html;
  1139.     location = /50x.html {
  1140.         root   /usr/share/nginx/html;
  1141.     }
  1142.  
  1143.     # proxy the PHP scripts to Apache listening on 127.0.0.1:80
  1144.     #
  1145.     #location ~ \.php$ {
  1146.     #    proxy_pass   http://127.0.0.1;
  1147.     #}
  1148.  
  1149.     # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
  1150.     #
  1151.     #location ~ \.php$ {
  1152.     #    root           html;
  1153.     #    fastcgi_pass   127.0.0.1:9000;
  1154.     #    fastcgi_index  index.php;
  1155.     #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
  1156.     #    include        fastcgi.conf;
  1157.     #}
  1158.  
  1159.     # deny access to .htaccess files, if Apache's document root
  1160.     # concurs with nginx's one
  1161.     #
  1162.     #location ~ /\.ht {
  1163.     #    deny  all;
  1164.     #}
  1165.  
  1166.     #compress assets
  1167.     #gzip on;
  1168.  
  1169.     # no subdomains HSTS
  1170.     add_header Strict-Transport-Security "max-age=63072000; preload";
  1171.  
  1172.  
  1173. ssl_certificate /etc/letsencrypt/live/heavyhog.com/fullchain.pem; # managed by Certbot
  1174. ssl_certificate_key /etc/letsencrypt/live/heavyhog.com/privkey.pem; # managed by Certbot
  1175.  
  1176.     if ($scheme != "https") {
  1177.         return 301 https://$host$request_uri;
  1178.     } # managed by Certbot
  1179.  
  1180. }
  1181.  
  1182. server {
  1183.     listen       80;
  1184.     listen       443 ssl http2;
  1185.     server_name www.heavyhog.com;
  1186.     return 301 $scheme://heavyhog.com$request_uri;
  1187. }
  1188.  
  1189. # configuration file /etc/nginx/sites-enabled/iteamnm-com:
  1190. server {
  1191.     listen       80 default_server;
  1192.     #listen  443 ssl http2;
  1193.     #Commented default_server as I am testing an issue of double certs, attaching the iteam cert to all sites
  1194.     listen   443 default_server ssl http2;
  1195.     #server_name  iteamnm.com;
  1196.     server_name  iteamnm.com default_server;
  1197.  
  1198.     #charset koi8-r;
  1199.     #access_log  /var/log/nginx/iteamnm.access.log  main;
  1200.  
  1201.     location / {
  1202.         root   /var/sftp/iteamnm-com/iteamnm-com;
  1203.         index  index.html index.htm;
  1204.         try_files $uri $uri/ /index.html;
  1205.     }
  1206.  
  1207.     #error_page  404              /404.html;
  1208.  
  1209.     # redirect server error pages to the static page /50x.html
  1210.     #
  1211.     error_page   500 502 503 504  /50x.html;
  1212.     location = /50x.html {
  1213.         root   /usr/share/nginx/html;
  1214.     }
  1215.  
  1216.     # proxy the PHP scripts to Apache listening on 127.0.0.1:80
  1217.     #
  1218.     #location ~ \.php$ {
  1219.     #    proxy_pass   http://127.0.0.1;
  1220.     #}
  1221.  
  1222.     # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
  1223.     #
  1224.     #location ~ \.php$ {
  1225.     #    root           html;
  1226.     #    fastcgi_pass   127.0.0.1:9000;
  1227.     #    fastcgi_index  index.php;
  1228.     #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
  1229.     #    include        fastcgi.conf;
  1230.     #}
  1231.  
  1232.     # deny access to .htaccess files, if Apache's document root
  1233.     # concurs with nginx's one
  1234.     #
  1235.     #location ~ /\.ht {
  1236.     #    deny  all;
  1237.     #}
  1238.  
  1239.     #compress assets
  1240.     #gzip on;
  1241.  
  1242.     # no subdomains HSTS
  1243.     add_header Strict-Transport-Security "max-age=63072000; preload";
  1244.  
  1245.     ssl_certificate /etc/letsencrypt/live/iteamnm.com/fullchain.pem; # managed by Certbot
  1246.     ssl_certificate_key /etc/letsencrypt/live/iteamnm.com/privkey.pem; # managed by Certbot
  1247.  
  1248.     if ($scheme != "https") {
  1249.         return 301 https://$host$request_uri;
  1250.     } # managed by Certbot
  1251.  
  1252. }
  1253.  
  1254. server {
  1255.     listen       80;
  1256.     listen       443 ssl http2;
  1257.     server_name www.iteamnm.com;
  1258.     return 301 $scheme://iteamnm.com$request_uri;
  1259.     ssl_certificate /etc/letsencrypt/live/www.iteamnm.com/fullchain.pem; # managed by Certbot
  1260.     ssl_certificate_key /etc/letsencrypt/live/www.iteamnm.com/privkey.pem; # managed by Certbot
  1261. }
  1262.  
  1263. # configuration file /etc/nginx/sites-enabled/macsnm:
  1264. server {
  1265.     listen 443 ssl http2;
  1266.     #listen [::]:80;
  1267.     server_name macsnm.com;
  1268.  
  1269.     access_log  /var/log/nginx/macsnm.access.log  main;
  1270.  
  1271.     root /var/sftp/macsnm/macsnm;
  1272.     index index.php index.html index.htm index.nginx-debian.html;
  1273.  
  1274.  
  1275.     location / {
  1276.         try_files $uri $uri/ /index.php?$args;
  1277.     }
  1278.  
  1279.     #error_page  404              /404.html;
  1280.  
  1281.  
  1282.     # redirect server error pages to the static page /50x.html
  1283.     #
  1284.     error_page   500 502 503 504  /50x.html;
  1285.     location = /50x.html {
  1286.         root   /usr/share/nginx/html;
  1287.     }
  1288.  
  1289.     location ~ \.php$ {
  1290.         include /etc/nginx/fastcgi.conf;
  1291.         fastcgi_pass unix:/run/php/php7.0-fpm-macsnm.sock;
  1292.     }
  1293.  
  1294.     location ~ /\.ht {
  1295.         deny all;
  1296.     }
  1297.  
  1298.     location = /favicon.ico {
  1299.         log_not_found off;
  1300.         access_log off;
  1301.      }
  1302.  
  1303.     location = /robots.txt {
  1304.         log_not_found off;
  1305.         access_log off;
  1306.         allow all;
  1307.      }
  1308.  
  1309.     location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
  1310.         expires max;
  1311.         log_not_found off;
  1312.      }
  1313.  
  1314.  
  1315.     # no subdomains HSTS
  1316.     #add_header Strict-Transport-Security "max-age=63072000; preload" always;
  1317.  
  1318.  
  1319.     ssl_certificate /etc/letsencrypt/live/macsnm.com/fullchain.pem; # managed by Certbot
  1320.     ssl_certificate_key /etc/letsencrypt/live/macsnm.com/privkey.pem; # managed by Certbot
  1321. }
  1322.  
  1323. server {
  1324.     listen       80;
  1325.     listen       443 ssl http2;
  1326.     server_name www.macsnm.com;
  1327.     return 301 $scheme://macsnm.com$request_uri;
  1328. }
  1329.  
  1330. server {
  1331.     if ($host = macsnm.com) {
  1332.         return 301 https://$host$request_uri;
  1333.     } # managed by Certbot
  1334.  
  1335.  
  1336.     listen 80;
  1337.     server_name macsnm.com;
  1338.     return 404; # managed by Certbot
  1339.  
  1340.  
  1341. }
  1342. # configuration file /etc/nginx/sites-enabled/mcclearyrichter-freund:
  1343. #upstream mcclearyrichter-freund {
  1344. #    server 127.0.0.1:3003;
  1345. #    keepalive 8;
  1346. #}
  1347.  
  1348. server {
  1349.     listen   443 ssl http2;
  1350.     server_name  mcclearyrichter-freund.com;
  1351.  
  1352.     #charset koi8-r;
  1353.     access_log  /var/log/nginx/mcclearyrichter-freund.access.log  main;
  1354.  
  1355.     location / {
  1356.     proxy_set_header X-Real-IP $remote_addr;
  1357.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  1358.         proxy_set_header Host $http_host;
  1359.         proxy_set_header X-NginX-Proxy true;
  1360.  
  1361.         proxy_pass http://127.0.0.1:3003/;
  1362.         proxy_redirect off;
  1363.     proxy_http_version 1.1;
  1364.     proxy_set_header Upgrade $http_upgrade;
  1365.     proxy_set_header Connection "upgrade";
  1366.     }
  1367.  
  1368.     #error_page  404              /404.html;
  1369.  
  1370.     # redirect server error pages to the static page /50x.html
  1371.     #
  1372.     error_page   500 502 503 504  /50x.html;
  1373.     location = /50x.html {
  1374.         root   /usr/share/nginx/html;
  1375.     }
  1376.  
  1377.     # no subdomains HSTS
  1378.     add_header Strict-Transport-Security "max-age=63072000; preload";
  1379.  
  1380.     ssl_certificate /etc/letsencrypt/live/mcclearyrichter-freund.com/fullchain.pem; # managed by Certbot
  1381.     ssl_certificate_key /etc/letsencrypt/live/mcclearyrichter-freund.com/privkey.pem; # managed by Certbot
  1382. }
  1383.  
  1384. server {
  1385.     listen       80;
  1386.     listen       443 ssl http2;
  1387.     server_name www.mcclearyrichter-freund.com;
  1388.     return 301 $scheme://mcclearyrichter-freund.com$request_uri;
  1389. }
  1390.  
  1391.  
  1392. server {
  1393.     if ($host = mcclearyrichter-freund.com) {
  1394.         return 301 https://$host$request_uri;
  1395.     } # managed by Certbot
  1396.  
  1397.  
  1398.     listen       80;
  1399.     server_name  mcclearyrichter-freund.com;
  1400.     return 404; # managed by Certbot
  1401.  
  1402.  
  1403. }
  1404. # configuration file /etc/nginx/sites-enabled/metalcrafters-abq:
  1405. server {
  1406.     listen       80;
  1407.     listen   443 ssl http2;
  1408.     server_name  metalcrafters-abq.iteamdemo.com;
  1409.  
  1410.     #charset koi8-r;
  1411.     #access_log  /var/log/nginx/metalcrafters-abq.access.log  main;
  1412.  
  1413.     location / {
  1414.         root   /var/sftp/metalcrafters-abq/metalcrafters-abq;
  1415.         index  index.html index.htm;
  1416.         try_files $uri $uri/ /index.html;
  1417.     }
  1418.  
  1419.     #error_page  404              /404.html;
  1420.  
  1421.     # redirect server error pages to the static page /50x.html
  1422.     #
  1423.     error_page   500 502 503 504  /50x.html;
  1424.     location = /50x.html {
  1425.         root   /usr/share/nginx/html;
  1426.     }
  1427.  
  1428.     # proxy the PHP scripts to Apache listening on 127.0.0.1:80
  1429.     #
  1430.     #location ~ \.php$ {
  1431.     #    proxy_pass   http://127.0.0.1;
  1432.     #}
  1433.  
  1434.     # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
  1435.     #
  1436.     #location ~ \.php$ {
  1437.     #    root           html;
  1438.     #    fastcgi_pass   127.0.0.1:9000;
  1439.     #    fastcgi_index  index.php;
  1440.     #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
  1441.     #    include        fastcgi.conf;
  1442.     #}
  1443.  
  1444.     # deny access to .htaccess files, if Apache's document root
  1445.     # concurs with nginx's one
  1446.     #
  1447.     #location ~ /\.ht {
  1448.     #    deny  all;
  1449.     #}
  1450.  
  1451. ssl_certificate /etc/letsencrypt/live/metalcrafters-abq.iteamdemo.com/fullchain.pem; # managed by Certbot
  1452. ssl_certificate_key /etc/letsencrypt/live/metalcrafters-abq.iteamdemo.com/privkey.pem; # managed by Certbot
  1453.  
  1454.     if ($scheme != "https") {
  1455.         return 301 https://$host$request_uri;
  1456.     } # managed by Certbot
  1457.  
  1458. }
  1459.  
  1460.  
  1461. # configuration file /etc/nginx/sites-enabled/natalie-and-matt-get-married-com:
  1462. # Use this for upstream proxies if you wish to set them up as a variable
  1463. upstream natalie-and-matt-get-married-com {
  1464.     server 127.0.0.1:3006;
  1465.     keepalive 8;
  1466. }
  1467.  
  1468. server {
  1469.     # If you want the site to be TLS only, adjust the listen parameter
  1470.     listen 443 ssl http2;
  1471.     #listen [::]:80;
  1472.     server_name natalieandmattgetmarried.com;
  1473.  
  1474.     access_log  /var/log/nginx/natalie-and-matt-get-married-com.access.log  main;
  1475.  
  1476.     location / {
  1477.     # Uncomment this line for static request serving.
  1478.     # This line must be commented if you are blindly passing all requests
  1479.     # to an upstream proxy, as with a node/keystone site.
  1480.     # (causes redirection loop with $uri/)
  1481.         # try_files $uri $uri/ /index.html;
  1482.  
  1483.         # Use this line for PHP request handling
  1484.         # try_files $uri $uri/ /index.php?$args;
  1485.  
  1486.         # Use this block for upstream proxies à la node
  1487.         # This includes the needed parameters for websocket support
  1488.         # You will need to set the host and port, use the upstream block above
  1489.  
  1490.     proxy_set_header X-Real-IP $remote_addr;
  1491.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  1492.         proxy_set_header Host $http_host;
  1493.         proxy_set_header X-NginX-Proxy true;
  1494.        
  1495.         # proxy_pass http://natalie-and-matt-get-married-com;
  1496.        
  1497.         # You can also specify one target like this:
  1498.         proxy_pass http://127.0.0.1:3006;
  1499.        
  1500.         proxy_redirect off;
  1501.         proxy_http_version 1.1;
  1502.         proxy_set_header Upgrade $http_upgrade;
  1503.         proxy_set_header Connection "upgrade";
  1504.     }
  1505.  
  1506.     #error_page  404              /404.html;
  1507.  
  1508.  
  1509.     # redirect server error pages to the static page /50x.html
  1510.     #
  1511.     error_page   500 502 503 504  /50x.html;
  1512.     location = /50x.html {
  1513.         root   /usr/share/nginx/html;
  1514.     }
  1515.  
  1516.      # Use this block for PHP request handling
  1517.      # If you used the static site workflow, you will need to add a per-user php-fpm pool config.
  1518. #    location ~ \.php$ {
  1519. #        include /etc/nginx/fastcgi.conf;
  1520. #        fastcgi_pass unix:/run/php/php7.0-fpm-natalie-and-matt-get-married-com.sock;
  1521. #    }
  1522.  
  1523.     location ~ /\.ht {
  1524.         deny all;
  1525.     }
  1526.  
  1527.     # These blocks may be helpful if nginx is serving static files
  1528.  
  1529. #   location = /favicon.ico {
  1530. #       log_not_found off;
  1531. #       access_log off;
  1532. #    }
  1533.  
  1534. #    location = /robots.txt {
  1535. #        log_not_found off;
  1536. #        access_log off;
  1537. #        allow all;
  1538. #     }
  1539.  
  1540. #    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
  1541. #       expires max;
  1542. #       log_not_found off;
  1543. #    }
  1544.  
  1545.  
  1546.     # no subdomains HSTS
  1547.     add_header Strict-Transport-Security "max-age=63072000; preload" always;
  1548.  
  1549.  
  1550.     ssl_certificate /etc/letsencrypt/live/natalieandmattgetmarried.com/fullchain.pem; # managed by Certbot
  1551.     ssl_certificate_key /etc/letsencrypt/live/natalieandmattgetmarried.com/privkey.pem; # managed by Certbot
  1552. }
  1553.  
  1554. server {
  1555.     listen       443 ssl http2;
  1556.     server_name www.natalieandmattgetmarried.com;
  1557.     return 301 $scheme://natalieandmattgetmarried.com$request_uri;
  1558.  
  1559.     ssl_certificate /etc/letsencrypt/live/www.natalieandmattgetmarried.com/fullchain.pem; # managed by Certbot
  1560.     ssl_certificate_key /etc/letsencrypt/live/www.natalieandmattgetmarried.com/privkey.pem; # managed by Certbot
  1561. }
  1562.  
  1563.  
  1564. server {
  1565.     if ($host = www.natalieandmattgetmarried.com) {
  1566.         return 301 https://$host$request_uri;
  1567.     } # managed by Certbot
  1568.  
  1569.  
  1570.     listen       80;
  1571.     server_name www.natalieandmattgetmarried.com;
  1572.     return 404; # managed by Certbot
  1573.  
  1574.  
  1575. }
  1576.  
  1577. server {
  1578.     if ($host = natalieandmattgetmarried.com) {
  1579.         return 301 https://$host$request_uri;
  1580.     } # managed by Certbot
  1581.  
  1582.  
  1583.     listen 80;
  1584.     server_name natalieandmattgetmarried.com;
  1585.     return 404; # managed by Certbot
  1586.  
  1587.  
  1588. }
  1589.  
  1590. # configuration file /etc/nginx/sites-enabled/nmautismsociety-org:
  1591. # Use this for upstream proxies if you wish to set them up as a variable
  1592. #upstream nmautismsociety-org {
  1593. #    server 127.0.0.1:3000;
  1594. #    #server 127.0.0.1:3001;
  1595. #    keepalive 8;
  1596. #}
  1597.  
  1598. server {
  1599.     # If you want the site to be TLS only, adjust the listen parameter
  1600.     listen 443 ssl http2;
  1601.     #listen [::]:80;
  1602.     server_name nmautismsociety.org;
  1603.  
  1604.     access_log  /var/log/nginx/nmautismsociety-org.access.log  main;
  1605.  
  1606.     root /var/sftp/nmautismsociety-org/nmautismsociety-org;
  1607.     index index.php index.html index.htm index.nginx-debian.html;
  1608.  
  1609.  
  1610.     location / {
  1611.         # Uncomment this line for static request serving.
  1612.         # This line must be commented if you are blindly passing all requests
  1613.         # to an upstream proxy, as with a node/keystone site.
  1614.         # (causes redirection loop with $uri/)
  1615.         # try_files $uri $uri/ /index.html;
  1616.  
  1617.         # Use this line for PHP request handling
  1618.         # try_files $uri $uri/ /index.php?$args;
  1619.  
  1620.         # Use this block for upstream proxies à la node
  1621.         # This includes the needed parameters for websocket support
  1622.         # You will need to set the host and port, use the upstream block above
  1623.         proxy_set_header X-Real-IP $remote_addr;
  1624.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  1625.         proxy_set_header Host $http_host;
  1626.         proxy_set_header X-NginX-Proxy true;
  1627.  
  1628.         # proxy_pass http://nmautismsociety-org;
  1629.  
  1630.         # You can also specify one target like this:
  1631.         proxy_pass http://127.0.0.1:3005;
  1632.  
  1633.         proxy_redirect off;
  1634.         proxy_http_version 1.1;
  1635.         proxy_set_header Upgrade $http_upgrade;
  1636.         proxy_set_header Connection "upgrade";
  1637.     }
  1638.  
  1639.     #error_page  404              /404.html;
  1640.  
  1641.  
  1642.     # redirect server error pages to the static page /50x.html
  1643.     #
  1644.     error_page   500 502 503 504  /50x.html;
  1645.     location = /50x.html {
  1646.         root   /usr/share/nginx/html;
  1647.     }
  1648.  
  1649.      # Use this block for PHP request handling
  1650.      # If you used the static site workflow, you will need to add a per-user php-fpm pool config.
  1651. #    location ~ \.php$ {
  1652. #        include /etc/nginx/fastcgi.conf;
  1653. #        fastcgi_pass unix:/run/php/php7.0-fpm-nmautismsociety-org.sock;
  1654. #    }
  1655.  
  1656.     location ~ /\.ht {
  1657.         deny all;
  1658.     }
  1659.  
  1660.     # These blocks may be helpful if nginx is serving static files
  1661.  
  1662. #   location = /favicon.ico {
  1663. #       log_not_found off;
  1664. #       access_log off;
  1665. #    }
  1666.  
  1667. #    location = /robots.txt {
  1668. #        log_not_found off;
  1669. #        access_log off;
  1670. #        allow all;
  1671. #     }
  1672.  
  1673. #    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
  1674. #       expires max;
  1675. #       log_not_found off;
  1676. #    }
  1677.  
  1678.  
  1679.     # no subdomains HSTS
  1680.     #add_header Strict-Transport-Security "max-age=63072000; preload" always;
  1681.     ssl_certificate /etc/letsencrypt/live/nmautismsociety.org/fullchain.pem; # managed by Certbot
  1682.     ssl_certificate_key /etc/letsencrypt/live/nmautismsociety.org/privkey.pem; # managed by Certbot
  1683.  
  1684. }
  1685.  
  1686. server {
  1687.     listen       80;
  1688.     listen       443 ssl http2;
  1689.     server_name  www.nmautismsociety.org;
  1690.     return 301 $scheme://nmautismsociety.org$request_uri;
  1691.  
  1692.     ssl_certificate /etc/letsencrypt/live/www.nmautismsociety.org/fullchain.pem; # managed by Certbot
  1693.     ssl_certificate_key /etc/letsencrypt/live/www.nmautismsociety.org/privkey.pem; # managed by Certbot
  1694. }
  1695.  
  1696. # configuration file /etc/nginx/sites-enabled/nmms-msmem:
  1697. upstream nmms-msmem {
  1698.     server 127.0.0.1:3000;
  1699.     keepalive 8;
  1700. }
  1701.  
  1702. server {
  1703.     listen   443 ssl http2;
  1704.     server_name  msmem.nmms.org;
  1705.  
  1706.     #charset koi8-r;
  1707.     access_log  /var/log/nginx/nmms-msmem.access.log  main;
  1708.  
  1709.     location / {
  1710.     proxy_set_header X-Real-IP $remote_addr;
  1711.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  1712.         proxy_set_header Host $http_host;
  1713.         proxy_set_header X-NginX-Proxy true;
  1714.  
  1715.         proxy_pass http://127.0.0.1:3000/;
  1716.         proxy_redirect off;
  1717.     proxy_http_version 1.1;
  1718.     proxy_set_header Upgrade $http_upgrade;
  1719.     proxy_set_header Connection "upgrade";
  1720.     }
  1721.  
  1722.     # redirect server error pages to the static page /50x.html
  1723.     #
  1724.     error_page   500 502 503 504  /50x.html;
  1725.     location = /50x.html {
  1726.         root   /usr/share/nginx/html;
  1727.     }
  1728.  
  1729.     # no subdomains HSTS
  1730.     add_header Strict-Transport-Security "max-age=63072000; preload";
  1731.  
  1732.     ssl_certificate /etc/letsencrypt/live/msmem.nmms.org/fullchain.pem; # managed by Certbot
  1733.     ssl_certificate_key /etc/letsencrypt/live/msmem.nmms.org/privkey.pem; # managed by Certbot
  1734. }
  1735.  
  1736. server {
  1737.     listen       80;
  1738.     listen       443 ssl http2;
  1739.     server_name www.msmem.nmms.org;
  1740.     return 301 $scheme://msmem.nmms.org$request_uri;
  1741. }
  1742.  
  1743.  
  1744. server {
  1745.     if ($host = msmem.nmms.org) {
  1746.         return 301 https://$host$request_uri;
  1747.     } # managed by Certbot
  1748.  
  1749.  
  1750.     listen       80;
  1751.     server_name  msmem.nmms.org;
  1752.     return 404; # managed by Certbot
  1753.  
  1754.  
  1755. }
  1756. # configuration file /etc/nginx/sites-enabled/otapnm-com:
  1757. # Use this for upstream proxies if you wish to set them up as a variable
  1758. #upstream otapnm-com {
  1759. #    server 127.0.0.1:3000;
  1760. #    #server 127.0.0.1:3001;
  1761. #    keepalive 8;
  1762. #}
  1763.  
  1764. server {
  1765.     # If you want the site to be TLS only, adjust the listen parameter
  1766.     listen 80;
  1767.     listen 443 ssl http2;
  1768.     #listen [::]:80;
  1769.     server_name otapnm.com;
  1770.  
  1771.     access_log  /var/log/nginx/otapnm-com.access.log  main;
  1772.  
  1773.     root /var/sftp/otapnm-com/otapnm-com;
  1774.     index index.php index.html index.htm index.nginx-debian.html;
  1775.  
  1776.  
  1777.     location / {
  1778.         try_files $uri $uri/ /index.html;
  1779.  
  1780.         # Use this line for PHP request handling
  1781.         # try_files $uri $uri/ /index.php?$args;
  1782.  
  1783.         # Use this block for upstream proxies à la node
  1784.         # This includes the needed parameters for websocket support
  1785.         # You will need to set the host and port, use the upstream block above
  1786.         # proxy_set_header X-Real-IP $remote_addr;
  1787.         # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  1788.         # proxy_set_header Host $http_host;
  1789.         # proxy_set_header X-NginX-Proxy true;
  1790.        
  1791.         # proxy_pass http://otapnm-com;
  1792.        
  1793.         # You can also specify one target like this:
  1794.         # proxy_pass http://127.0.0.1:3000;
  1795.        
  1796.         # proxy_redirect off;
  1797.         # proxy_http_version 1.1;
  1798.         # proxy_set_header Upgrade $http_upgrade;
  1799.         # proxy_set_header Connection "upgrade";
  1800.     }
  1801.  
  1802.     #error_page  404              /404.html;
  1803.  
  1804.  
  1805.     # redirect server error pages to the static page /50x.html
  1806.     #
  1807.     error_page   500 502 503 504  /50x.html;
  1808.     location = /50x.html {
  1809.         root   /usr/share/nginx/html;
  1810.     }
  1811.  
  1812.      # Use this block for PHP request handling
  1813.      # If you used the static site workflow, you will need to add a per-user php-fpm pool config.
  1814. #    location ~ \.php$ {
  1815. #        include /etc/nginx/fastcgi.conf;
  1816. #        fastcgi_pass unix:/run/php/php7.0-fpm-otapnm-com.sock;
  1817. #    }
  1818.  
  1819.     location ~ /\.ht {
  1820.         deny all;
  1821.     }
  1822.  
  1823.     location = /favicon.ico {
  1824.         log_not_found off;
  1825.         access_log off;
  1826.      }
  1827.  
  1828.     location = /robots.txt {
  1829.         log_not_found off;
  1830.         access_log off;
  1831.         allow all;
  1832.      }
  1833.  
  1834.     location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
  1835.         expires max;
  1836.         log_not_found off;
  1837.      }
  1838.  
  1839.  
  1840.     # no subdomains HSTS
  1841.     #add_header Strict-Transport-Security "max-age=63072000; preload" always;
  1842.  
  1843. }
  1844.  
  1845. server {
  1846.     listen       80;
  1847.     listen       443 ssl http2;
  1848.     server_name www.otapnm.com;
  1849.     return 301 $scheme://otapnm.com$request_uri;
  1850. }
  1851.  
  1852. # configuration file /etc/nginx/sites-enabled/secure-demo:
  1853. # Use this for upstream proxies if you wish to set them up as a variable
  1854. upstream ngrok {
  1855.      server ngrok.iteamdemo.com:443;
  1856. #    server 2aywqvghn.cname.us.ngrok.io:443;
  1857. #    server 127.0.0.1:3000;
  1858. #    #server 127.0.0.1:3001;
  1859.  
  1860. # https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
  1861.     keepalive 8;
  1862. }
  1863.  
  1864. server {
  1865.     # If you want the site to be TLS only, adjust the listen parameter
  1866.     listen 443 ssl http2;
  1867.     #listen [::]:80;
  1868.     server_name secure-demo.iteamnm.com;
  1869.  
  1870.     access_log  /var/log/nginx/secure-demo.access.log  main;
  1871.  
  1872.     root /var/sftp/secure-demo/secure-demo;
  1873.     index index.php index.html index.htm index.nginx-debian.html;
  1874.  
  1875.  
  1876.     location / {
  1877.     # Uncomment this line for static request serving.
  1878.     # This line must be commented if you are blindly passing all requests
  1879.     # to an upstream proxy, as with a node/keystone site.
  1880.     # (causes redirection loop with $uri/)
  1881.         # try_files $uri $uri/ /index.html;
  1882.  
  1883.         # Use this line for PHP request handling
  1884.         # try_files $uri $uri/ /index.php?$args;
  1885.  
  1886.         # Use this block for upstream proxies à la node
  1887.         # This includes the needed parameters for websocket support
  1888.         # You will need to set the host and port, use the upstream block above
  1889.  
  1890.     proxy_set_header X-Real-IP $remote_addr;
  1891.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  1892.         proxy_set_header Host $http_host;
  1893.         proxy_set_header X-NginX-Proxy true;
  1894.        
  1895.     #added per matt
  1896.     proxy_set_header Connection $http_connection;
  1897.         proxy_cache_bypass $http_upgrade;
  1898.         proxy_set_header X-Forwarded-Proto $scheme;
  1899.  
  1900.         proxy_pass https://ngrok;
  1901.        
  1902.         # You can also specify one target like this:
  1903.         #proxy_pass https://ngrok.iteamdemo.com;
  1904.         #proxy_pass https://ngrok.iteamdemo.com:443;
  1905.        
  1906.         proxy_redirect off;
  1907.         proxy_http_version 1.1;
  1908.         proxy_set_header Upgrade $http_upgrade;
  1909.  
  1910.     # https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-nginx?view=aspnetcore-2.2
  1911.         proxy_set_header Connection keep-alive;
  1912.  
  1913.     # Disabled, only needed for websockets?
  1914. #       proxy_set_header Connection "upgrade";
  1915.  
  1916.         # https://docs.nginx.com/nginx/admin-guide/security-controls/securing-http-traffic-upstream/
  1917.         # https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_name
  1918.         proxy_ssl_verify off;
  1919.         proxy_ssl_session_reuse on;
  1920.         proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  1921.         proxy_ssl_ciphers   HIGH:!aNULL:!MD5;
  1922.     proxy_ssl_name ngrok.iteamdemo.com;
  1923.     proxy_ssl_server_name on;
  1924.  
  1925.     }
  1926.  
  1927.     #error_page  404              /404.html;
  1928.  
  1929.  
  1930.     # redirect server error pages to the static page /50x.html
  1931.     #
  1932.     #error_page   500 502 503 504  /50x.html;
  1933.     #location = /50x.html {
  1934.     #    root   /usr/share/nginx/html;
  1935.     #}
  1936.  
  1937.      # Use this block for PHP request handling
  1938.      # If you used the static site workflow, you will need to add a per-user php-fpm pool config.
  1939. #    location ~ \.php$ {
  1940. #        include /etc/nginx/fastcgi.conf;
  1941. #        fastcgi_pass unix:/run/php/php7.0-fpm-secure-demo.sock;
  1942. #    }
  1943.  
  1944.     location ~ /\.ht {
  1945.         deny all;
  1946.     }
  1947.  
  1948.     # These blocks may be helpful if nginx is serving static files
  1949.  
  1950. #   location = /favicon.ico {
  1951. #       log_not_found off;
  1952. #       access_log off;
  1953. #    }
  1954.  
  1955. #    location = /robots.txt {
  1956. #        log_not_found off;
  1957. #        access_log off;
  1958. #        allow all;
  1959. #     }
  1960.  
  1961. #    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
  1962. #       expires max;
  1963. #       log_not_found off;
  1964. #    }
  1965.  
  1966.  
  1967.     # no subdomains HSTS
  1968.     #add_header Strict-Transport-Security "max-age=63072000; preload" always;
  1969.  
  1970.  
  1971.     ssl_certificate /etc/letsencrypt/live/secure-demo.iteamnm.com/fullchain.pem; # managed by Certbot
  1972.     ssl_certificate_key /etc/letsencrypt/live/secure-demo.iteamnm.com/privkey.pem; # managed by Certbot
  1973. }
  1974.  
  1975.  
  1976. server {
  1977.     if ($host = secure-demo.iteamnm.com) {
  1978.         return 301 https://$host$request_uri;
  1979.     } # managed by Certbot
  1980.  
  1981.  
  1982.     listen 80;
  1983.     server_name secure-demo.iteamnm.com;
  1984.     return 404; # managed by Certbot
  1985.  
  1986.  
  1987. }
  1988.  
  1989. # configuration file /etc/nginx/sites-enabled/simonsfirm-com:
  1990. # Use this for upstream proxies if you wish to set them up as a variable
  1991. #upstream simonsfirm-com {
  1992. #    server 127.0.0.1:3000;
  1993. #    #server 127.0.0.1:3001;
  1994. #    keepalive 8;
  1995. #}
  1996.  
  1997. server {
  1998.     # If you want the site to be TLS only, adjust the listen parameter
  1999.     listen 80;
  2000.     listen 443 ssl http2;
  2001.     #listen [::]:80;
  2002.     server_name simonsfirm.com;
  2003.  
  2004.     access_log  /var/log/nginx/simonsfirm-com.access.log  main;
  2005.  
  2006.     root /var/sftp/simonsfirm-com/simonsfirm-com;
  2007.     index index.php index.html index.htm index.nginx-debian.html;
  2008.  
  2009.  
  2010.     location / {
  2011.         try_files $uri $uri/ /index.html;
  2012.  
  2013.         # Use this line for PHP request handling
  2014.         # try_files $uri $uri/ /index.php?$args;
  2015.  
  2016.         # Use this block for upstream proxies à la node
  2017.         # This includes the needed parameters for websocket support
  2018.         # You will need to set the host and port, use the upstream block above
  2019.         # proxy_set_header X-Real-IP $remote_addr;
  2020.         # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  2021.         # proxy_set_header Host $http_host;
  2022.         # proxy_set_header X-NginX-Proxy true;
  2023.        
  2024.         # proxy_pass http://simonsfirm-com;
  2025.        
  2026.         # You can also specify one target like this:
  2027.         # proxy_pass http://127.0.0.1:3000;
  2028.        
  2029.         # proxy_redirect off;
  2030.         # proxy_http_version 1.1;
  2031.         # proxy_set_header Upgrade $http_upgrade;
  2032.         # proxy_set_header Connection "upgrade";
  2033.     }
  2034.  
  2035.     #error_page  404              /404.html;
  2036.  
  2037.  
  2038.     # redirect server error pages to the static page /50x.html
  2039.     #
  2040.     error_page   500 502 503 504  /50x.html;
  2041.     location = /50x.html {
  2042.         root   /usr/share/nginx/html;
  2043.     }
  2044.  
  2045.      # Use this block for PHP request handling
  2046.      # If you used the static site workflow, you will need to add a per-user php-fpm pool config.
  2047. #    location ~ \.php$ {
  2048. #        include /etc/nginx/fastcgi.conf;
  2049. #        fastcgi_pass unix:/run/php/php7.0-fpm-simonsfirm-com.sock;
  2050. #    }
  2051.  
  2052.     location ~ /\.ht {
  2053.         deny all;
  2054.     }
  2055.  
  2056.     location = /favicon.ico {
  2057.         log_not_found off;
  2058.         access_log off;
  2059.      }
  2060.  
  2061.     location = /robots.txt {
  2062.         log_not_found off;
  2063.         access_log off;
  2064.         allow all;
  2065.      }
  2066.  
  2067.     location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
  2068.         expires max;
  2069.         log_not_found off;
  2070.      }
  2071.  
  2072.  
  2073.     # no subdomains HSTS
  2074.     #add_header Strict-Transport-Security "max-age=63072000; preload" always;
  2075.  
  2076. }
  2077.  
  2078. server {
  2079.     listen       80;
  2080.     listen       443 ssl http2;
  2081.     server_name www.simonsfirm.com;
  2082.     return 301 $scheme://simonsfirm.com$request_uri;
  2083. }
  2084.  
  2085. # configuration file /etc/nginx/sites-enabled/swipsnm-com:
  2086. # Use this for upstream proxies if you wish to set them up as a variable
  2087. #upstream swipsnm-com {
  2088. #    server 127.0.0.1:3000;
  2089. #    #server 127.0.0.1:3001;
  2090. #    keepalive 8;
  2091. #}
  2092.  
  2093. server {
  2094.     # If you want the site to be TLS only, adjust the listen parameter
  2095.     listen 443 ssl http2;
  2096.     #listen [::]:80;
  2097.     server_name swipsnm.com;
  2098.  
  2099.     access_log  /var/log/nginx/swipsnm-com.access.log  main;
  2100.  
  2101.     root /var/sftp/swipsnm-com/swipsnm-com;
  2102.     index index.php index.html index.htm index.nginx-debian.html;
  2103.  
  2104.  
  2105.     location / {
  2106.         try_files $uri $uri/ /index.html;
  2107.  
  2108.         # Use this line for PHP request handling
  2109.         # try_files $uri $uri/ /index.php?$args;
  2110.  
  2111.         # Use this block for upstream proxies à la node
  2112.         # This includes the needed parameters for websocket support
  2113.         # You will need to set the host and port, use the upstream block above
  2114.         # proxy_set_header X-Real-IP $remote_addr;
  2115.         # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  2116.         # proxy_set_header Host $http_host;
  2117.         # proxy_set_header X-NginX-Proxy true;
  2118.        
  2119.         # proxy_pass http://swipsnm-com;
  2120.        
  2121.         # You can also specify one target like this:
  2122.         # proxy_pass http://127.0.0.1:3000;
  2123.        
  2124.         # proxy_redirect off;
  2125.         # proxy_http_version 1.1;
  2126.         # proxy_set_header Upgrade $http_upgrade;
  2127.         # proxy_set_header Connection "upgrade";
  2128.     }
  2129.  
  2130.     #error_page  404              /404.html;
  2131.  
  2132.  
  2133.     # redirect server error pages to the static page /50x.html
  2134.     #
  2135.     error_page   500 502 503 504  /50x.html;
  2136.     location = /50x.html {
  2137.         root   /usr/share/nginx/html;
  2138.     }
  2139.  
  2140.      # Use this block for PHP request handling
  2141.      # If you used the static site workflow, you will need to add a per-user php-fpm pool config.
  2142. #    location ~ \.php$ {
  2143. #        include /etc/nginx/fastcgi.conf;
  2144. #        fastcgi_pass unix:/run/php/php7.0-fpm-swipsnm-com.sock;
  2145. #    }
  2146.  
  2147.     location ~ /\.ht {
  2148.         deny all;
  2149.     }
  2150.  
  2151.     location = /favicon.ico {
  2152.         log_not_found off;
  2153.         access_log off;
  2154.      }
  2155.  
  2156.     location = /robots.txt {
  2157.         log_not_found off;
  2158.         access_log off;
  2159.         allow all;
  2160.      }
  2161.  
  2162.     location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
  2163.         expires max;
  2164.         log_not_found off;
  2165.      }
  2166.  
  2167.  
  2168.     # no subdomains HSTS
  2169.     #add_header Strict-Transport-Security "max-age=63072000; preload" always;
  2170.  
  2171.  
  2172.     ssl_certificate /etc/letsencrypt/live/swipsnm.com/fullchain.pem; # managed by Certbot
  2173.     ssl_certificate_key /etc/letsencrypt/live/swipsnm.com/privkey.pem; # managed by Certbot
  2174. }
  2175.  
  2176. server {
  2177.     listen       443 ssl http2;
  2178.     server_name www.swipsnm.com;
  2179.     return 301 $scheme://swipsnm.com$request_uri;
  2180.  
  2181.     ssl_certificate /etc/letsencrypt/live/www.swipsnm.com/fullchain.pem; # managed by Certbot
  2182.     ssl_certificate_key /etc/letsencrypt/live/www.swipsnm.com/privkey.pem; # managed by Certbot
  2183. }
  2184.  
  2185.  
  2186. server {
  2187.     if ($host = www.swipsnm.com) {
  2188.         return 301 https://$host$request_uri;
  2189.     } # managed by Certbot
  2190.  
  2191.  
  2192.     listen       80;
  2193.     server_name www.swipsnm.com;
  2194.     return 404; # managed by Certbot
  2195.  
  2196.  
  2197. }
  2198.  
  2199. server {
  2200.     if ($host = swipsnm.com) {
  2201.         return 301 https://$host$request_uri;
  2202.     } # managed by Certbot
  2203.  
  2204.  
  2205.     listen 80;
  2206.     server_name swipsnm.com;
  2207.     return 404; # managed by Certbot
  2208.  
  2209.  
  2210. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top