From: Stephen Gregoratto <dev@sgregoratto.me>
To: discuss@mandoc.bsd.lv
Cc: Aisha Tammy <openbsd@aisha.cc>
Subject: Re: Help with setting up man.cgi with nginx
Date: Wed, 16 Dec 2020 14:28:17 +1100 [thread overview]
Message-ID: <20201216032817.ps6d7455ebkxftbw@BlackBox> (raw)
In-Reply-To: <20201210150110.GG69368@athene.usta.de>
Hi Aisha,
Here is what I use for man.sgregoratto.me, which I cribbed from the Void
Linux Project:
server {
listen 80;
listen [::]:80;
server_name man.sgregoratto.me;
include /etc/nginx/templates/acme-client.tmpl;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name man.sgregoratto.me;
location = /mandoc.css {
root /var/www/htdocs;
}
location / {
gzip off;
fastcgi_split_path_info ^(/)(.*)$;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME /cgi-bin/man.cgi;
fastcgi_pass unix:/run/slowcgi.sock;
}
ssl_certificate /etc/ssl/man.sgregoratto.me.pem;
ssl_certificate_key /etc/ssl/private/man.sgregoratto.me.key;
ssl_stapling_file /etc/ssl/man.sgregoratto.me.der;
include /etc/nginx/templates/*.tmpl;
}
The templates are things like setting headers, OCSP stapling and ACME
challenge stuff. This setup allows all requests to go to the root of the
domain, similar to man.openbsd.org. Speaking of, here's a similar config
for httpd that I got from Ingo a while back:
server "man.sgregoratto.me" {
listen on * port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location * {
block return 302 "https://$SERVER_NAME$REQUEST_URI"
}
}
server "man.sgregoratto.me" {
listen on * tls port 443
hsts max-age 31536000
root "/htdocs"
tls {
certificate "/etc/ssl/man.sgregoratto.me.pem"
key "/etc/ssl/private/man.sgregoratto.me.key"
ocsp "/etc/ssl/man.sgregoratto.me.der"
}
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
pass
}
location "/mandoc.css" {
root "/htdocs"
}
location "*" {
fastcgi
root "/cgi-bin/man.cgi"
}
}
--
Stephen Gregoratto
--
To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv
next prev parent reply other threads:[~2020-12-16 3:28 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-10 0:06 Aisha Tammy
2020-12-10 13:46 ` Ingo Schwarze
2020-12-10 14:26 ` Aisha Tammy
2020-12-10 15:01 ` Ingo Schwarze
2020-12-10 15:26 ` Aisha Tammy
2020-12-10 15:26 ` Aisha Tammy
2020-12-16 3:28 ` Stephen Gregoratto [this message]
2020-12-16 4:51 ` Aisha Tammy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201216032817.ps6d7455ebkxftbw@BlackBox \
--to=dev@sgregoratto.me \
--cc=discuss@mandoc.bsd.lv \
--cc=openbsd@aisha.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).