From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED autolearn=no autolearn_force=no version=3.4.4 Received: (qmail 25377 invoked from network); 16 Dec 2020 03:28:58 -0000 Received: from bsd.lv (HELO mandoc.bsd.lv) (66.111.2.12) by inbox.vuxu.org with ESMTPUTF8; 16 Dec 2020 03:28:58 -0000 Received: from fantadrom.bsd.lv (localhost [127.0.0.1]) by mandoc.bsd.lv (OpenSMTPD) with ESMTP id 787797ba for ; Tue, 15 Dec 2020 22:28:51 -0500 (EST) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) by mandoc.bsd.lv (OpenSMTPD) with ESMTP id ffc23d9f for ; Tue, 15 Dec 2020 22:28:50 -0500 (EST) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id DDBD15C0105; Tue, 15 Dec 2020 22:28:49 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 15 Dec 2020 22:28:49 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sgregoratto.me; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm1; bh=8mMn89S+i0SVJOGemtelNL6Yn4F 4zxPvMkMHVD65WWM=; b=AzDkxqpuEMbJDZ57ODlskqnUSahALn8CtN/sQAunJ3b IfsryPY7KnwLc65cUqAt0tsN8ZM/UitPc/CqxgUrgi2jnadM2NgCyoN7UY08Oqin eOCw0+vcmsk38oAJfD8KgLN/ExcYtMfBPsIpMtt7N8rhui2V3P7E9tv/d5xHxtA1 gSxChRu+AgzvLs5OM+eweGvZSjYSOGZUYJvqBtb1iWQyrq4PYlBWQsrwdElxu8GC JQD9lZU3c8trZaNEIyNsQuwQiulJgvnfsYgphjOmVjB47ljo8k9agORubkSU0Ud7 9XDj0UD3N7Qoz1DfVc1qkhRQQjBlGG05cV7/HoskK1g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=8mMn89 S+i0SVJOGemtelNL6Yn4F4zxPvMkMHVD65WWM=; b=HFFCrRclDLqdOw7W3iLBX/ u69pfvtXhl3IzzazacZrgLpiwoDszI5Q0cQqAeAX2sNYu0B/gaQneQotn4eLEK0S GietKJWlJnpIEayf/5ec8q+aK/PMAPUZCkSrNzPbzFbF9ejuC4qRx4brT1G0/2Dc nw6a1cO6g3ai1M2GYgFJYqb1bSr4dT/vdaIpRI58dFVKy5hWChzI3+sjDWIQw/9p Nv6+AOZnOrW8O5smrkWAoMeAEbFx/2I6SkmqVSdOYu9Ezo8t31gWZSTGw1aInrNi APSBJTZIVBuMg7D/5j3ezcizpyLOsJVQ1eb6hJlygNbFTVtkn/kVRoym7CQID64g == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudeluddgheelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujgesthdtre dttddtjeenucfhrhhomhepufhtvghphhgvnhcuifhrvghgohhrrghtthhouceouggvvhes shhgrhgvghhorhgrthhtohdrmhgvqeenucggtffrrghtthgvrhhnpeehtdehudeuveetff efvedvueegkedufedtieduffeifeehjeduudehjeeiuedukeenucffohhmrghinhepshhg rhgvghhorhgrthhtohdrmhgvpdhophgvnhgsshgurdhorhhgnecukfhppedvtdefrdekrd duudekrddutdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhr ohhmpeguvghvsehsghhrvghgohhrrghtthhordhmvg X-ME-Proxy: Received: from localhost (unknown [203.8.118.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 59E691080066; Tue, 15 Dec 2020 22:28:48 -0500 (EST) Date: Wed, 16 Dec 2020 14:28:17 +1100 From: Stephen Gregoratto To: discuss@mandoc.bsd.lv Cc: Aisha Tammy Subject: Re: Help with setting up man.cgi with nginx Message-ID: <20201216032817.ps6d7455ebkxftbw@BlackBox> Mail-Followup-To: discuss@mandoc.bsd.lv, Aisha Tammy References: <00b30a32-e90b-7f72-3120-63e0d38fe36a@aisha.cc> <20201210134616.GF69368@athene.usta.de> <97060694-da6a-0717-7790-8e474c66b48f@aisha.cc> <20201210150110.GG69368@athene.usta.de> X-Mailinglist: mandoc-discuss Reply-To: discuss@mandoc.bsd.lv MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20201210150110.GG69368@athene.usta.de> Hi Aisha, Here is what I use for man.sgregoratto.me, which I cribbed from the Void Linux Project: server { listen 80; listen [::]:80; server_name man.sgregoratto.me; include /etc/nginx/templates/acme-client.tmpl; return 302 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name man.sgregoratto.me; location = /mandoc.css { root /var/www/htdocs; } location / { gzip off; fastcgi_split_path_info ^(/)(.*)$; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME /cgi-bin/man.cgi; fastcgi_pass unix:/run/slowcgi.sock; } ssl_certificate /etc/ssl/man.sgregoratto.me.pem; ssl_certificate_key /etc/ssl/private/man.sgregoratto.me.key; ssl_stapling_file /etc/ssl/man.sgregoratto.me.der; include /etc/nginx/templates/*.tmpl; } The templates are things like setting headers, OCSP stapling and ACME challenge stuff. This setup allows all requests to go to the root of the domain, similar to man.openbsd.org. Speaking of, here's a similar config for httpd that I got from Ingo a while back: server "man.sgregoratto.me" { listen on * port 80 location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } location * { block return 302 "https://$SERVER_NAME$REQUEST_URI" } } server "man.sgregoratto.me" { listen on * tls port 443 hsts max-age 31536000 root "/htdocs" tls { certificate "/etc/ssl/man.sgregoratto.me.pem" key "/etc/ssl/private/man.sgregoratto.me.key" ocsp "/etc/ssl/man.sgregoratto.me.der" } location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 pass } location "/mandoc.css" { root "/htdocs" } location "*" { fastcgi root "/cgi-bin/man.cgi" } } -- Stephen Gregoratto -- To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv