From e9a5b63911da7f18ff6950b1e6e7283b1cf92856 Mon Sep 17 00:00:00 2001
From: "b.waal" <b.waal79@upcmail.nl>
Date: Wed, 11 Sep 2019 12:11:18 +0200
Subject: [PATCH] Add 'config/nginx/site-enabled'

---
 config/nginx/site-enabled | 206 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 206 insertions(+)
 create mode 100644 config/nginx/site-enabled

diff --git a/config/nginx/site-enabled b/config/nginx/site-enabled
new file mode 100644
index 0000000..bfd62eb
--- /dev/null
+++ b/config/nginx/site-enabled
@@ -0,0 +1,206 @@
+#fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m;
+
+server {
+    listen       80;
+    server_name   www.mail.ictdownwerk.com;
+    return       301 http://mail.ictdownwerk.com$request_uri;
+}
+
+server {
+    root /var/www/mail.ictdownwerk.com/html;
+    index index.php index.html index.htm index.nginx-debian.html;
+    server_name mail.ictdownwerk.com;
+    #return 301 $scheme:/$domain$request_uri; Redirect to non-www
+    #return 301 https://domein.nl; Redirect to other domain
+
+    #add_header X-Cache "$upstream_cache_status";
+
+    #netdata here
+        
+    gzip on;
+    gzip_proxied any;
+    gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon;
+    gzip_comp_level 2;
+    gzip_disable "msie6";
+    gzip_buffers 16 8k;
+
+#    location /rspamd {
+#    proxy_pass http://127.0.0.1:11334/;
+#    proxy_set_header Host $host;
+#    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#}
+
+        location / {
+            #try_files $uri $uri/ =404;
+            try_files $uri $uri/ /index.php$is_args$args;
+            #try_files $uri $uri/ $uri.html $uri.php$is_args$query_string;
+        }
+
+        location = /favicon.ico { log_not_found off; access_log off; }
+        location = /robots.txt { log_not_found off; access_log off; allow all; }
+        location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|webp|eot|otf|woff|woff2|ttf|ogg)$ {
+            expires max;
+            log_not_found off;
+            add_header Cache-Control "public, no-transform";
+        }
+
+        location ~ \.php$ {
+            include snippets/fastcgi-php.conf;
+            fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
+            #fastcgi_cache MYAPP;
+            #fastcgi_cache_valid 200 302 301 1m;
+            #fastcgi_cache_valid 404 1m;
+            #fastcgi_cache_bypass $no_cache;
+            #fastcgi_no_cache $no_cache;
+            #fastcgi_cache_revalidate on;
+            #fastcgi_cache_background_update on;
+            #fastcgi_cache_lock on;
+            #fastcgi_cache_use_stale updating;
+            #fastcgi_buffer_size 128k;
+            #fastcgi_buffers 256 16k;
+            #fastcgi_busy_buffers_size 256k;
+            #fastcgi_temp_file_write_size 256k;
+        }
+
+        location ~ /\.ht {
+            deny all;
+        }
+
+        location /phpmyadmin {
+            index index.php;
+        }
+
+        #Cache everything by default
+        set $no_cache 0;
+
+        #Don't cache POST requests
+        if ($request_method = POST) {
+            set $no_cache 1;
+        }
+
+        #Don't cache if the URL contains a query string
+        if ($query_string != "") {
+            set $no_cache 1;
+        }
+
+        #Don't cache the following URLs
+        if ($request_uri ~* "/(administrator/|login.php)") {
+            set $no_cache 1;
+        }
+
+        #Don't cache if there is a cookie called PHPSESSID
+        if ($http_cookie = "PHPSESSID") {
+            set $no_cache 1;
+        }
+    
+    listen [::]:443 ssl http2 ipv6only=on; # managed by Certbot
+    listen 443 ssl http2; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/mail.ictdownwerk.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/mail.ictdownwerk.com/privkey.pem; # managed by Certbot
+    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+
+    add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
+
+}
+
+
+server {
+    if ($host = mail.ictdownwerk.com) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen 80;
+    listen [::]:80;
+    root /var/www/mail.ictdownwerk.com/html;
+    index index.php index.html index.htm index.nginx-debian.html;
+    server_name mail.ictdownwerk.com;
+    #return 301 $scheme:/$domain$request_uri; Redirect to non-www
+    #return 301 https://domein.nl; Redirect to other domain
+
+    #add_header X-Cache "$upstream_cache_status";
+
+    #netdata here
+        
+    gzip on;
+    gzip_proxied any;
+    gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon;
+    gzip_comp_level 2;
+    gzip_disable "msie6";
+    gzip_buffers 16 8k;
+
+#    location /rspamd {
+#    proxy_pass http://127.0.0.1:11334/;
+#    proxy_set_header Host $host;
+#    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#}
+
+        location / {
+            #try_files $uri $uri/ =404;
+            try_files $uri $uri/ /index.php$is_args$args;
+            #try_files $uri $uri/ $uri.html $uri.php$is_args$query_string;
+        }
+
+        location = /favicon.ico { log_not_found off; access_log off; }
+        location = /robots.txt { log_not_found off; access_log off; allow all; }
+        location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|webp|eot|otf|woff|woff2|ttf|ogg)$ {
+            expires max;
+            log_not_found off;
+            add_header Cache-Control "public, no-transform";
+        }
+
+        location ~ \.php$ {
+            include snippets/fastcgi-php.conf;
+            fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
+            #fastcgi_cache MYAPP;
+            #fastcgi_cache_valid 200 302 301 1m;
+            #fastcgi_cache_valid 404 1m;
+            #fastcgi_cache_bypass $no_cache;
+            #fastcgi_no_cache $no_cache;
+            #fastcgi_cache_revalidate on;
+            #fastcgi_cache_background_update on;
+            #fastcgi_cache_lock on;
+            #fastcgi_cache_use_stale updating;
+            #fastcgi_buffer_size 128k;
+            #fastcgi_buffers 256 16k;
+            #fastcgi_busy_buffers_size 256k;
+            #fastcgi_temp_file_write_size 256k;
+        }
+
+        location ~ /\.ht {
+            deny all;
+        }
+
+        location /phpmyadmin {
+            index index.php;
+        }
+
+        #Cache everything by default
+        set $no_cache 0;
+
+        #Don't cache POST requests
+        if ($request_method = POST) {
+            set $no_cache 1;
+        }
+
+        #Don't cache if the URL contains a query string
+        if ($query_string != "") {
+            set $no_cache 1;
+        }
+
+        #Don't cache the following URLs
+        if ($request_uri ~* "/(administrator/|login.php)") {
+            set $no_cache 1;
+        }
+
+        #Don't cache if there is a cookie called PHPSESSID
+        if ($http_cookie = "PHPSESSID") {
+            set $no_cache 1;
+        }
+    
+
+
+
+}
\ No newline at end of file