From 4d43e952fff25b5b131e8699858da663a5ac2c42 Mon Sep 17 00:00:00 2001
From: Martin Fischer <martin@push-f.com>
Date: Sun, 28 Feb 2021 09:18:48 +0100
Subject: initial commit

---
 infra/nginx/lex.surf_dev  |  35 ++++++++++++++
 infra/nginx/lex.surf_prod | 114 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 149 insertions(+)
 create mode 100644 infra/nginx/lex.surf_dev
 create mode 100644 infra/nginx/lex.surf_prod

(limited to 'infra/nginx')

diff --git a/infra/nginx/lex.surf_dev b/infra/nginx/lex.surf_dev
new file mode 100644
index 0000000..a00ebba
--- /dev/null
+++ b/infra/nginx/lex.surf_dev
@@ -0,0 +1,35 @@
+server {
+	listen 80;
+	listen [::]:80;
+	server_name lex.localhost;
+
+	location / {
+		proxy_pass http://127.0.0.1:8000;
+		proxy_set_header Host lex.localhost;
+	}
+
+	root /var/www/lex.surf;
+
+	location /assets/ {
+		try_files $uri =404;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+	server_name ~^(?<cc>[a-z]+).lex.localhost$;
+
+	location / {
+		proxy_pass http://127.0.0.1:8000;
+		proxy_set_header Host $cc.lex.localhost;
+	}
+
+	root /var/www/lex.surf;
+
+	location = /laws.json {
+		gzip on;
+		gzip_types *;
+		try_files /laws/$cc.json =404;
+	}
+}
diff --git a/infra/nginx/lex.surf_prod b/infra/nginx/lex.surf_prod
new file mode 100644
index 0000000..7d49f63
--- /dev/null
+++ b/infra/nginx/lex.surf_prod
@@ -0,0 +1,114 @@
+server {
+	listen 80;
+	listen [::]:80;
+	server_name lex.surf;
+	return 301 https://$host$request_uri;
+}
+
+server {
+    listen [::]:443 ssl;
+    listen 443 ssl;
+	server_name lex.surf;
+
+    ssl_certificate /etc/letsencrypt/live/lex.surf/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/lex.surf/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+	location / {
+		proxy_pass http://127.0.0.1:8000;
+		proxy_set_header Host $host;
+	}
+
+	root /var/www/lex.surf;
+
+	location /assets/ {
+		try_files $uri =404;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+	server_name ~^(ac|ad|ae|af|ag|ai|al|am|ao|aq|ar|as|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|bj|bl|bm|bn|bo|bq|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cu|cv|cw|cx|cy|cz|de|dj|dk|dm|do|dz|ec|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gd|ge|gf|gg|gh|gi|gl|gm|gn|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|in|io|iq|ir|is|it|je|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mf|mg|mh|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|ne|nf|ng|ni|nl|no|np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|ss|st|su|sv|sx|sy|sz|tc|td|tf|tg|th|tj|tk|tl|tm|tn|to|tr|tt|tv|tw|tz|ua|ug|uk|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|za|zm|zw).lex.surf$;
+    return 301 https://$host$request_uri;
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+	server_name ~\.lex\.surf$;
+	return 302 https://lex.surf/cc404;
+}
+
+server {
+    listen [::]:443 ssl;
+    listen 443 ssl;
+	server_name ~^(?<cc>ac|ad|ae|af|ag|ai|al|am|ao|aq|ar|as|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|bj|bl|bm|bn|bo|bq|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cu|cv|cw|cx|cy|cz|de|dj|dk|dm|do|dz|ec|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gd|ge|gf|gg|gh).lex.surf$;
+
+    ssl_certificate /etc/letsencrypt/live/cc1.lex.surf/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/cc1.lex.surf/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+	location / {
+		proxy_pass http://127.0.0.1:8000;
+		proxy_set_header Host $host;
+	}
+
+	root /var/www/lex.surf;
+
+	location = /laws.json {
+		gzip on;
+		gzip_types *;
+		try_files /laws/$cc.json =404;
+	}
+}
+
+server {
+    listen [::]:443 ssl;
+    listen 443 ssl;
+	server_name ~^(?<cc>gi|gl|gm|gn|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|in|io|iq|ir|is|it|je|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mf|mg|mh|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|ne|nf|ng|ni|nl).lex.surf$;
+
+    ssl_certificate /etc/letsencrypt/live/cc2.lex.surf/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/cc2.lex.surf/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+	location / {
+		proxy_pass http://127.0.0.1:8000;
+		proxy_set_header Host $host;
+	}
+
+	root /var/www/lex.surf;
+
+	location = /laws.json {
+		gzip on;
+		gzip_types *;
+		try_files /laws/$cc.json =404;
+	}
+}
+
+server {
+    listen [::]:443 ssl;
+    listen 443 ssl;
+	server_name ~^(?<cc>no|np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|ss|st|su|sv|sx|sy|sz|tc|td|tf|tg|th|tj|tk|tl|tm|tn|to|tr|tt|tv|tw|tz|ua|ug|uk|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|za|zm|zw).lex.surf$;
+
+    ssl_certificate /etc/letsencrypt/live/cc3.lex.surf/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/cc3.lex.surf/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+	location / {
+		proxy_pass http://127.0.0.1:8000;
+		proxy_set_header Host $host;
+	}
+
+	root /var/www/lex.surf;
+
+	location = /laws.json {
+		gzip on;
+		gzip_types *;
+		try_files /laws/$cc.json =404;
+	}
+}
-- 
cgit v1.2.3