servnest-mkosi/mkosi.extra/install/nginx/sites/interface.conf

# This server block is the publicly exposed ServNest control interface

log_format servnest '|$time_local| [$ip_start]@$server_name $status $body_bytes_sent "$request"';
server {
	listen [::1]:42443 ssl http2;
	listen 127.0.0.1:42443 ssl http2;
	server_name servnest.test;

	root /srv/servnest/core;

	include inc/messages.conf;

	more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none';";

	# Main ServNest interface
	location / {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		fastcgi_pass unix:/run/php-fpm/servnest.sock;
		include inc/fastcgi.conf;
		try_files /router.php =500;
	}

	# The router doesn't manage CSS files
	location /css {
		alias /srv/servnest/core/css;
	}

	location /docs {
		alias /srv/servnest/docs;
	}

	access_log /var/log/nginx/servnest-access.log servnest if=$loggable;

	# For a public server, these should point to a Let's Encrypt-trusted key pair
	ssl_certificate /etc/ssl/certs/servnest.test.crt;
	ssl_certificate_key /etc/ssl/private/servnest.test.key;
}
map $request_method $loggable { # Log only POST requests
	"POST" 1;
	default 0;
}
map $remote_addr $ip_start {
	"~^(?P<ipv6_start>[^:]+:[^:]+)" $ipv6_start; # Log 4 first bytes for IPv6
	"~^(?P<ipv4_start>[^.]+\.[^.]+\.[^.]+)" $ipv4_start; # Log 3 first bytes for IPv4
	default $remote_addr;
}
Move important scripts and configs to /install 2023-02-07 19:52:54 +01:00			`# This server block is the publicly exposed ServNest control interface`

Add Apache HTTP Server (keep nginx as reverse proxy) 2023-04-11 16:14:20 +02:00			`log_format servnest '\|$time_local\| [$ip_start]@$server_name $status $body_bytes_sent "$request"';`
Niver > ServNest 2023-01-29 21:14:36 +01:00			`server {`
			`listen [::1]:42443 ssl http2;`
			`listen 127.0.0.1:42443 ssl http2;`
			`server_name servnest.test;`

			`root /srv/servnest/core;`

Update nginx, configure empty security.txt 2023-04-25 19:30:53 +02:00			`include inc/messages.conf;`
Niver > ServNest 2023-01-29 21:14:36 +01:00
Update nginx, configure empty security.txt 2023-04-25 19:30:53 +02:00			`more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none';";`
Niver > ServNest 2023-01-29 21:14:36 +01:00
Move important scripts and configs to /install 2023-02-07 19:52:54 +01:00			`# Main ServNest interface`
Niver > ServNest 2023-01-29 21:14:36 +01:00			`location / {`
			`fastcgi_split_path_info ^(.+\.php)(/.+)$;`
			`fastcgi_pass unix:/run/php-fpm/servnest.sock;`
			`include inc/fastcgi.conf;`
			`try_files /router.php =500;`
			`}`

Move important scripts and configs to /install 2023-02-07 19:52:54 +01:00			`# The router doesn't manage CSS files`
Niver > ServNest 2023-01-29 21:14:36 +01:00			`location /css {`
			`alias /srv/servnest/core/css;`
			`}`

			`location /docs {`
			`alias /srv/servnest/docs;`
			`}`

Add Apache HTTP Server (keep nginx as reverse proxy) 2023-04-11 16:14:20 +02:00			`access_log /var/log/nginx/servnest-access.log servnest if=$loggable;`

Move important scripts and configs to /install 2023-02-07 19:52:54 +01:00			`# For a public server, these should point to a Let's Encrypt-trusted key pair`
Fix tests 2023-04-20 11:32:57 +02:00			`ssl_certificate /etc/ssl/certs/servnest.test.crt;`
			`ssl_certificate_key /etc/ssl/private/servnest.test.key;`
Niver > ServNest 2023-01-29 21:14:36 +01:00			`}`
Add Apache HTTP Server (keep nginx as reverse proxy) 2023-04-11 16:14:20 +02:00			`map $request_method $loggable { # Log only POST requests`
			`"POST" 1;`
			`default 0;`
			`}`
			`map $remote_addr $ip_start {`
			`"~^(?P<ipv6_start>[^:]+:[^:]+)" $ipv6_start; # Log 4 first bytes for IPv6`
			`"~^(?P<ipv4_start>[^.]+\.[^.]+\.[^.]+)" $ipv4_start; # Log 3 first bytes for IPv4`
			`default $remote_addr;`
			`}`