From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, NICE_REPLY_A autolearn=no autolearn_force=no version=3.4.4 Received: (qmail 2274 invoked from network); 16 Dec 2020 04:51:56 -0000 Received: from bsd.lv (HELO mandoc.bsd.lv) (66.111.2.12) by inbox.vuxu.org with ESMTPUTF8; 16 Dec 2020 04:51:56 -0000 Received: from fantadrom.bsd.lv (localhost [127.0.0.1]) by mandoc.bsd.lv (OpenSMTPD) with ESMTP id 490a19a0 for ; Tue, 15 Dec 2020 23:51:49 -0500 (EST) Received: from mail.aisha.cc (mail.aisha.cc [108.61.81.40]) by mandoc.bsd.lv (OpenSMTPD) with ESMTP id ef13a1b4 for ; Tue, 15 Dec 2020 23:51:47 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aisha.cc; s=excisionRSA; t=1608094305; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LDr+CA61aLoQvigoLFgqipbFe5zPw9LfFTe9mWpNyrg=; b=PVkZlvy5Fk3Dl6LxEadtsHJMiaB/fLWP4R/R70ExBlMZfv8Xg1K7g8DIAIT5zZ6jU/s4nO CVYU7PI3/TAyseZ0hltPBa/3yC7O3WOKdBsxV7+sSBdknrQWPOdE/GC01wEFuj/Uhe1za4 SpaNiTCXirv5s84KR0JFQAKjuOI9lPRRoLYXJACvYuvSfXN/EIgBeMRiaJmCvAgwK2R4zA J6T549SGsaT8stPaZrW57ks0sQ2TmDuEmQVEFLlzNYh9QPEJosRYzzaCLAhHXLfqxVRCL7 OCvN5o5wnPS1Tg9iNZoIyeE8pyxIz/EMkufMKe4YWFwheyrxIB5hNLZ3KgQNmA== Received: from [192.168.1.129] (c-73-215-141-174.hsd1.nj.comcast.net [73.215.141.174]) by mail.aisha.cc (OpenSMTPD) with ESMTPSA id dadcbfc5 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) auth=yes user=aisha@aisha.cc for ; Tue, 15 Dec 2020 23:51:44 -0500 (EST) Subject: Re: Help with setting up man.cgi with nginx To: discuss@mandoc.bsd.lv References: <00b30a32-e90b-7f72-3120-63e0d38fe36a@aisha.cc> <20201210134616.GF69368@athene.usta.de> <97060694-da6a-0717-7790-8e474c66b48f@aisha.cc> <20201210150110.GG69368@athene.usta.de> <20201216032817.ps6d7455ebkxftbw@BlackBox> From: Aisha Tammy Organization: aisha.cc Message-ID: <849c6571-8d3c-1bd0-2b55-9d7ad85de683@aisha.cc> Date: Tue, 15 Dec 2020 23:51:42 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.5.1 X-Mailinglist: mandoc-discuss Reply-To: discuss@mandoc.bsd.lv MIME-Version: 1.0 In-Reply-To: <20201216032817.ps6d7455ebkxftbw@BlackBox> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 12/15/20 10:28 PM, Stephen Gregoratto wrote: > Hi Aisha, > > Here is what I use for man.sgregoratto.me, which I cribbed from the Void > Linux Project: > > server { > listen 80; > listen [::]:80; > server_name man.sgregoratto.me; > include /etc/nginx/templates/acme-client.tmpl; > return 302 https://$host$request_uri; > } > > server { > listen 443 ssl http2; > listen [::]:443 ssl http2; > server_name man.sgregoratto.me; > > location = /mandoc.css { > root /var/www/htdocs; > } > location / { > gzip off; > fastcgi_split_path_info ^(/)(.*)$; > > fastcgi_param QUERY_STRING $query_string; > fastcgi_param REQUEST_METHOD $request_method; > fastcgi_param PATH_INFO $fastcgi_path_info; > fastcgi_param SCRIPT_FILENAME /cgi-bin/man.cgi; > fastcgi_pass unix:/run/slowcgi.sock; > } > > ssl_certificate /etc/ssl/man.sgregoratto.me.pem; > ssl_certificate_key /etc/ssl/private/man.sgregoratto.me.key; > ssl_stapling_file /etc/ssl/man.sgregoratto.me.der; > include /etc/nginx/templates/*.tmpl; > } > > The templates are things like setting headers, OCSP stapling and ACME > challenge stuff. This setup allows all requests to go to the root of the > domain, similar to man.openbsd.org. Speaking of, here's a similar config > for httpd that I got from Ingo a while back: > > server "man.sgregoratto.me" { > listen on * port 80 > location "/.well-known/acme-challenge/*" { > root "/acme" > request strip 2 > } > location * { > block return 302 "https://$SERVER_NAME$REQUEST_URI" > } > } > server "man.sgregoratto.me" { > listen on * tls port 443 > hsts max-age 31536000 > root "/htdocs" > > tls { > certificate "/etc/ssl/man.sgregoratto.me.pem" > key "/etc/ssl/private/man.sgregoratto.me.key" > ocsp "/etc/ssl/man.sgregoratto.me.der" > } > location "/.well-known/acme-challenge/*" { > root "/acme" > request strip 2 > pass > } > location "/mandoc.css" { > root "/htdocs" > } > location "*" { > fastcgi > root "/cgi-bin/man.cgi" > } > } > !!!! Thanks a lot, I really appreciate it :D Cheers, Aisha -- To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv