Add files

Signed-off-by: Bensuperpc <bensuperpc@gmail.com>

nginx-conf/flask_wsgi.conf

@@ -0,0 +1,39 @@
+include /etc/nginx/conf.d/sub/cache-uwsgi.conf;
+
+upstream flask_server {
+        # ip_hash;
+        server flask_website:8080;
+        # server flask_website:8080 weight=1 max_fails=3 fail_timeout=30s;
+
+        # Or: server unix:/app/flask_server.sock;
+}
+
+
+server {
+        listen 80;
+        listen [::]:80;
+        #listen 443;
+        #listen [::]:443;
+
+        server_name flask.bensuperpc.org www.flask.bensuperpc.org;
+
+        include /etc/nginx/conf.d/sub/gzip.conf;
+
+        location / { try_files $uri @flask_app; }
+
+        location @flask_app {
+                include uwsgi_params;
+                uwsgi_pass flask_server;
+
+                uwsgi_cache UWSGI;
+                uwsgi_cache_valid 200 302 10m;
+                uwsgi_cache_valid 301 1h;
+                uwsgi_cache_valid any 1m;
+                uwsgi_cache_lock on;
+
+                #uwsgi_ignore_headers Vary;
+                #uwsgi_hide_header Vary;
+
+                add_header X-cache $upstream_cache_status;
+        }
+}

nginx-conf/phpmyadmin.conf

@@ -0,0 +1,43 @@
+include /etc/nginx/conf.d/sub/cache-proxy.conf;
+
+upstream phpmyadmin_server {
+        # ip_hash;
+        server phpmyadmin:80;
+        # server phpmyadmin:80 weight=1 max_fails=3 fail_timeout=30s;
+}
+
+# PHPmyadmin
+server {
+        listen 80;
+        listen [::]:80;
+        #listen 443;
+        #listen [::]:443;
+
+        server_name phpmyadmin.bensuperpc.org www.phpmyadmin.bensuperpc.org;
+
+        include /etc/nginx/conf.d/sub/gzip.conf;
+
+        location / {
+                proxy_pass http://phpmyadmin_server;
+                proxy_redirect off;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-Proto $scheme;
+                proxy_set_header X-Forwarded-Host $host:$server_port;
+                proxy_set_header X-Forwarded-Server $host;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+                proxy_cache PROXY;
+                proxy_cache_valid 200 302 10m;
+                proxy_cache_valid 301 1h;
+                proxy_cache_valid any 1m;
+                proxy_cache_lock on;
+
+                proxy_ignore_headers Vary;
+                proxy_hide_header Vary;
+
+                add_header X-cache $upstream_cache_status;
+        }
+
+        # resolver 8.8.8.8;
+}

nginx-conf/sub/cache-fastcgi.conf

@@ -0,0 +1,23 @@
+# The path to store the cache files, limit the folder to 100MB
+fastcgi_cache_path /var/run/nginx-cache-fastcgi levels=1:2 keys_zone=WORDPRESS:100m inactive=120m max_size=1g use_temp_path=off;
+
+# A unique request is defined by this cache key
+fastcgi_cache_key "$scheme$request_method$host$request_uri";
+
+# Show the cached version if upstream gives a timeout or a HTTP 500 error
+fastcgi_cache_use_stale error timeout invalid_header http_500;
+
+# Revalidate items in the cache if they are update 
+fastcgi_cache_revalidate on;
+
+# Minimum time to store an item in the cache
+fastcgi_cache_min_uses 3;
+
+# Cache everything for 1 day
+fastcgi_cache_valid 1d;
+
+# Don't use the following headers to define the cache variables
+fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
+
+# Some parts of this file are from
+# https://gist.github.com/TrafeX/6d582b6d040702088722

nginx-conf/sub/cache-proxy.conf

@@ -0,0 +1,20 @@
+# The path to store the cache files, limit the folder to 100MB
+proxy_cache_path /var/run/nginx-cache-proxy levels=1:2 keys_zone=PROXY:100m inactive=120m max_size=1g use_temp_path=off;
+
+# A unique request is defined by this cache key
+proxy_cache_key "$scheme$request_method$host$request_uri";
+
+# Show the cached version if upstream gives a timeout or a HTTP 500 error
+proxy_cache_use_stale error timeout invalid_header http_500;
+
+# Revalidate items in the cache if they are update 
+proxy_cache_revalidate on;
+
+# Minimum time to store an item in the cache
+proxy_cache_min_uses 3;
+
+# Cache everything for 1 day
+proxy_cache_valid 1d;
+
+# Don't use the following headers to define the cache variables
+proxy_ignore_headers Cache-Control Expires Set-Cookie;

nginx-conf/sub/cache-uwsgi.conf

@@ -0,0 +1,20 @@
+# The path to store the cache files, limit the folder to 100MB
+uwsgi_cache_path /var/run/nginx-cache-uwsgi levels=1:2 keys_zone=UWSGI:100m inactive=120m max_size=1g use_temp_path=off;
+
+# A unique request is defined by this cache key
+uwsgi_cache_key "$scheme$request_method$host$request_uri";
+
+# Show the cached version if upstream gives a timeout or a HTTP 500 error
+uwsgi_cache_use_stale error timeout invalid_header http_500;
+
+# Revalidate items in the cache if they are update 
+uwsgi_cache_revalidate on;
+
+# Minimum time to store an item in the cache
+uwsgi_cache_min_uses 3;
+
+# Cache everything for 1 day
+uwsgi_cache_valid 1d;
+
+# Don't use the following headers to define the cache variables
+uwsgi_ignore_headers Cache-Control Expires Set-Cookie;

nginx-conf/sub/gzip.conf

@@ -0,0 +1,13 @@
+# Compression config
+gzip on;
+gunzip on;
+
+gzip_static on;
+gzip_min_length 1000;
+gzip_buffers 4 32k;
+# gzip_http_version 1.1;
+gzip_proxied any;
+gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css;
+gzip_vary on;
+gzip_comp_level 6;
+gzip_disable "MSIE [1-6]\.(?!.*SV1)";

nginx-conf/sub/options-ssl-nginx.conf

@@ -0,0 +1,13 @@
+# generated 2022-11-23, Mozilla Guideline v5.6, nginx 1.23, OpenSSL 1.1.1k, modern configuration
+# https://ssl-config.mozilla.org/#server=nginx&version=1.23&config=modern&openssl=1.1.1k&guideline=5.6
+
+ssl_session_cache shared:le_nginx_SSL:10m;
+ssl_session_timeout 1440m;
+ssl_session_tickets off;
+
+ssl_protocols TLSv1.3;
+ssl_prefer_server_ciphers off;
+
+# OCSP stapling
+ssl_stapling on;
+ssl_stapling_verify on;

nginx-conf/test.conf

@@ -0,0 +1,16 @@
+server {
+        listen 80;
+        listen [::]:80;
+        #listen 443;
+        #listen [::]:443;
+        server_name test.bensuperpc.org www.test.bensuperpc.org;
+
+        location ~ /.well-known/acme-challenge {
+                allow all;
+                root /var/www/html;
+        }
+
+        location / {
+                return 301 https://www.bensuperpc.org$request_uri;
+        }
+}

nginx-conf/wordpress.conf

@@ -0,0 +1,157 @@
+include /etc/nginx/conf.d/sub/cache-fastcgi.conf;
+
+# All upstream serveur
+upstream wordpress_server {
+        # ip_hash;
+        server wordpress:9000;
+        # server wordpress:9000 weight=1 max_fails=3 fail_timeout=30s;
+}
+
+# Redirect all http requests to the main server wordpress_server
+server {
+        listen 80;
+        listen [::]:80;
+
+        server_name bensuperpc.org www.bensuperpc.org;
+
+        location ~ /.well-known/acme-challenge {
+                allow all;
+                root /var/www/html;
+        }
+
+        location / {
+                return 301 https://$host$request_uri;
+        }
+}
+
+# Main server wordpress_server
+server {
+        listen 443 ssl http2;
+        listen [::]:443 ssl http2;
+        server_name bensuperpc.org www.bensuperpc.org;
+
+        root /var/www/html;
+        index index.php index.html index.htm;
+
+        # Keepalive for 70 seconds
+        keepalive_timeout 70;
+
+        # Number of requests per connection
+        keepalive_requests 100;
+
+        reset_timedout_connection on;
+
+        # Increase proxy buffers for large requests
+        proxy_buffer_size 128k;
+        proxy_buffers 4 256k;
+        proxy_busy_buffers_size 256k;
+
+        fastcgi_buffer_size 128k;
+        fastcgi_buffers 256 16k;
+        fastcgi_busy_buffers_size 256k;
+        fastcgi_temp_file_write_size 256k;
+
+        # Upload limit
+        client_max_body_size 50m;
+        client_body_buffer_size 128k;
+
+        # Initialize the variable that specified to skip the cache
+        set $skip_cache 0;
+
+        # POST requests and url's with a query string should always skip cache
+        if ($request_method = POST) {
+                set $skip_cache 1;
+        }
+        if ($query_string != "") {
+                set $skip_cache 1;
+        }
+
+        # Don't cache url's containing the following segments
+        if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
+                set $skip_cache 1;
+        }
+
+        # Don't use the cache for logged in users or recent commenters
+        if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
+                set $skip_cache 1;
+        }
+
+        server_tokens off;
+
+        include /etc/nginx/conf.d/sub/gzip.conf;
+        
+        # All things related to SSL
+        ssl_certificate /etc/letsencrypt/live/www.bensuperpc.org/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/www.bensuperpc.org/privkey.pem;
+        ssl_trusted_certificate /etc/letsencrypt/live/www.bensuperpc.org/chain.pem;
+
+        include /etc/nginx/conf.d/sub/options-ssl-nginx.conf;
+
+        # Logging
+        access_log /var/log/nginx/wordpress.access.log;
+        error_log  /var/log/nginx/wordpress.error.log;
+
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header Referrer-Policy "no-referrer-when-downgrade" always;
+        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+
+        location / {
+                try_files $uri $uri/ /index.php$is_args$args;
+                #  try_files $uri $uri/ /index.php?$args;
+        }
+
+        location ~ \.php$ {
+                try_files $uri =404;
+                fastcgi_split_path_info ^(.+\.php)(/.+)$;
+                fastcgi_pass wordpress_server;
+                fastcgi_index index.php;
+                include fastcgi_params;
+                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+                fastcgi_param PATH_INFO $fastcgi_path_info;
+                
+                fastcgi_intercept_errors on;
+
+                # Don't cache when $skip_cache is true
+                fastcgi_cache_bypass $skip_cache;
+                fastcgi_no_cache $skip_cache;
+
+                # Use the WORDPRESS zone
+                fastcgi_cache WORDPRESS;
+        }
+
+        # Don't write to accesslog for these files
+        location = /favicon.ico {
+                log_not_found off;
+                access_log off;
+        }
+        location = /robots.txt {
+                allow all;
+                log_not_found off;
+                access_log off;
+        }
+
+        # Media files with one of these extensions should be cached by the browser
+        location ~* \.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
+                expires max;
+                log_not_found off;
+        }
+
+        # Deny access to .* files
+        location ~ /\. {
+                deny all;
+                access_log off;
+                log_not_found off;
+        }
+        
+        # Add cache status header for easy debugging
+        add_header X-cache $upstream_cache_status;
+
+        # From cat /etc/resolv.conf
+        resolver 8.8.8.8;
+
+        # Some parts of this file are from
+        # https://gist.github.com/TrafeX/6d582b6d040702088722
+}