2 listen 0.0.0.0:443 ssl;
3 server_name api.<%=$systemDomain%>;
4 server_name secure.<%=$systemDomain%>;
5 ssl_certificate /etc/ssl/private/gigi.crt;
6 ssl_certificate_key /etc/ssl/private/gigi.key;
8 ssl_client_certificate /etc/ssl/root.crt;
13 proxy_pass http://<%=$gigi_ip%>;
14 proxy_set_header Host $host;
15 proxy_set_header X-Real-IP $remote_addr;
16 proxy_set_header X-Real-Proto https;
17 proxy_set_header X-Client-Cert $ssl_client_cert;
22 listen 0.0.0.0:443 ssl;
23 server_name *.<%=$systemDomain%>;
24 server_name <%=$systemDomain%>;
25 ssl_certificate /etc/ssl/private/gigi.crt;
26 ssl_certificate_key /etc/ssl/private/gigi.key;
29 proxy_pass http://<%=$gigi_ip%>;
30 proxy_set_header Host $host;
31 proxy_set_header X-Real-IP $remote_addr;
32 proxy_set_header X-Real-Proto https;
33 proxy_set_header X-Client-Cert $ssl_client_cert;
34 <% if($protected != 'no') { %>
35 auth_basic "closed site";
36 auth_basic_user_file /etc/nginx/access.txt;
39 location ~* /.well-known/someca-challenge/* {
46 server_name *.<%=$systemDomain%>;
47 server_name <%=$systemDomain%>;
50 proxy_pass http://<%=$gigi_ip%>;
51 proxy_set_header Host $host;
52 proxy_set_header X-Real-IP $remote_addr;
53 proxy_set_header X-Real-Proto http;
54 proxy_set_header X-Client-Cert "";
55 <% if($protected != 'no') { %>
56 auth_basic "closed site";
57 auth_basic_user_file /etc/nginx/access.txt;
60 location ~* /.well-known/someca-challenge/.* {
65 # `map` can only be used at the http level
66 map $uri $redir_dest {
68 /policy "https://policy.wpia.club";
69 /policy/dataPrivacy "https://policy.wpia.club/data_protection_policy.html";
70 /policy/ToS "https://policy.wpia.club/terms_of_service.pdf";
71 /policy/CPS "https://policy.wpia.club/cp.pdf";
72 /policy/verification "https://policy.wpia.club/verification_policy.html";
73 /policy/raagent "https://policy.wpia.club/policies/ra_agent_verification_policy.html";
74 /policy/organisation "https://policy.wpia.club/policies/organisation_verification_policy.html";
75 /policy/ttp "https://policy.wpia.club/policies/ttp_verification_policy.html";
76 /policy/nucleus "https://policy.wpia.club/policies/nucleus_verification_policy.html";
77 /kb/acceptableDocuments "https://documents.wpia.club/kb/acceptableDocuments.html";
78 /kb/agentQualifyingChallenge "https://documents.wpia.club/agent-qualifying-challenge.html";
79 /kb/gigi "https://documents.wpia.club/gigi-user-documentation.html";
80 /kb/CSR "https://documents.wpia.club/index.html#how-to-other-documents";
81 /kb/names "https://policy.wpia.club/handbooks/names_handbook.html";
82 /kb/lostPassword "https://documents.wpia.club/index.html#how-to-password";
83 /kb/goodPassword "https://documents.wpia.club/index.html#how-to-password";
84 /kb/knownPasswordHash "https://documents.wpia.club/index.html#how-to-password";
85 /kb/verificationHandbook "https://documents.wpia.club/kb/verificationHandbook";
86 /kb/truststores "https://documents.wpia.club/index.html#how-to-other-documents";
87 /ttp/user "https://documents.wpia.club";
88 /ttp/country "https://documents.wpia.club";
89 /blog "https://wpia.club";
90 /imprint "https://documents.wpia.club/imprint.html";
91 /isocode "https://www.iso.org/iso/home/standards/country_codes/iso-3166-1_decoding_table.htm";
95 listen 0.0.0.0:443 ssl;
96 server_name link.<%=$systemDomain%>;
97 ssl_certificate /etc/ssl/private/gigi.crt;
98 ssl_certificate_key /etc/ssl/private/gigi.key;
100 if ($redir_dest = "") {
104 return 302 $redir_dest;
projects / infra.git / blob