From ee05a512bc7633864f4382735e3ae77b075e7836 Mon Sep 17 00:00:00 2001 From: Paul Lecuq Date: Fri, 23 Jun 2023 08:46:17 +0200 Subject: [PATCH] updated nginx state --- states/nginx/templates/mime.types.j2 | 30 +++++++++----- states/nginx/templates/ssl_params.j2 | 2 + states/nginx/templates/types/dokuwiki.j2 | 4 ++ states/nginx/templates/types/nextcloud.j2 | 4 ++ states/nginx/templates/types/rainloop.j2 | 4 ++ states/nginx/templates/types/rd.j2 | 49 ----------------------- states/nginx/templates/types/simple.j2 | 8 ++++ states/nginx/templates/types/zabbix.j2 | 4 ++ 8 files changed, 46 insertions(+), 59 deletions(-) delete mode 100644 states/nginx/templates/types/rd.j2 diff --git a/states/nginx/templates/mime.types.j2 b/states/nginx/templates/mime.types.j2 index 3ba20d4..5b93bac 100644 --- a/states/nginx/templates/mime.types.j2 +++ b/states/nginx/templates/mime.types.j2 @@ -16,16 +16,19 @@ types { text/vnd.wap.wml wml; text/x-component htc; + image/avif avif; image/png png; + image/svg+xml svg svgz; image/tiff tif tiff; image/vnd.wap.wbmp wbmp; + image/webp webp; image/x-icon ico; image/x-jng jng; image/x-ms-bmp bmp; - image/svg+xml svg svgz; - image/webp webp; - application/font-woff woff; + font/woff woff; + font/woff2 woff2; + application/java-archive jar war ear; application/json json; application/mac-binhex40 hqx; @@ -33,12 +36,21 @@ types { application/pdf pdf; application/postscript ps eps ai; application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; application/vnd.ms-excel xls; application/vnd.ms-fontobject eot; application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; application/vnd.wap.wmlc wmlc; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; + application/wasm wasm; application/x-7z-compressed 7z; application/x-cocoa cco; application/x-java-archive-diff jardiff; @@ -55,6 +67,7 @@ types { application/x-x509-ca-cert der pem crt; application/x-xpinstall xpi; application/xhtml+xml xhtml; + application/xspf+xml xspf; application/zip zip; application/octet-stream bin exe dll; @@ -63,10 +76,6 @@ types { application/octet-stream iso img; application/octet-stream msi msp msm; - application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; - application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; - audio/midi mid midi kar; audio/mpeg mp3; audio/ogg ogg; @@ -74,6 +83,7 @@ types { audio/x-realaudio ra; video/3gpp 3gpp 3gp; + video/mp2t ts; video/mp4 mp4; video/mpeg mpeg mpg; video/quicktime mov; @@ -84,4 +94,4 @@ types { video/x-ms-asf asx asf; video/x-ms-wmv wmv; video/x-msvideo avi; -} \ No newline at end of file +} diff --git a/states/nginx/templates/ssl_params.j2 b/states/nginx/templates/ssl_params.j2 index ef8de29..aba5dec 100644 --- a/states/nginx/templates/ssl_params.j2 +++ b/states/nginx/templates/ssl_params.j2 @@ -4,7 +4,9 @@ add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; prelo add_header X-Content-Type-Options nosniff; add_header X-Frame-Options DENY; add_header X-XSS-Protection "1; mode=block"; + resolver_timeout 5s; + ssl_certificate /etc/acme/certs/paulbsd.com.cert; ssl_certificate_key /etc/acme/keys/paulbsd.com.key; ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20; diff --git a/states/nginx/templates/types/dokuwiki.j2 b/states/nginx/templates/types/dokuwiki.j2 index 327b958..88dad10 100644 --- a/states/nginx/templates/types/dokuwiki.j2 +++ b/states/nginx/templates/types/dokuwiki.j2 @@ -32,6 +32,10 @@ server { fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; } + location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ { + expires 2d; + } + location /robots.txt { return 200 "User-agent: *\r\nDisallow: /"; } diff --git a/states/nginx/templates/types/nextcloud.j2 b/states/nginx/templates/types/nextcloud.j2 index ebb247c..6fa2fb4 100644 --- a/states/nginx/templates/types/nextcloud.j2 +++ b/states/nginx/templates/types/nextcloud.j2 @@ -55,6 +55,10 @@ server { try_files $1 =404; } + location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ { + expires 2d; + } + location /robots.txt { return 200 "User-agent: *\r\nDisallow: /"; } diff --git a/states/nginx/templates/types/rainloop.j2 b/states/nginx/templates/types/rainloop.j2 index 2e97dcc..999157c 100644 --- a/states/nginx/templates/types/rainloop.j2 +++ b/states/nginx/templates/types/rainloop.j2 @@ -32,6 +32,10 @@ server { fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; } + location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ { + expires 2d; + } + location /robots.txt { return 200 "User-agent: *\r\nDisallow: /"; } diff --git a/states/nginx/templates/types/rd.j2 b/states/nginx/templates/types/rd.j2 deleted file mode 100644 index 3537f4a..0000000 --- a/states/nginx/templates/types/rd.j2 +++ /dev/null @@ -1,49 +0,0 @@ -## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }} - -server { - include http; - server_name {{ vhost_name }}; - return 301 https://$server_name$request_uri; -} - -server { - include https; - {%- if internal %} - #include access; - if ($allow = 0) { - return 403; - } - {%- endif %} - server_name {{ vhost_name }}; - {%- if not proxy %} - root "{{ root_dir }}"; - ssl_certificate /etc/acme/certs/services-rd.cert; - ssl_certificate_key /etc/acme/keys/services-rd.key; - {%- endif %} - - location / { - {%- if proxy %} - proxy_pass {{ proxy_pass }}; - {%- if not cache %} - proxy_no_cache 1; - proxy_cache_bypass 1; - {%- endif %} - {%- endif %} - {%- if autoindex %} - autoindex on; - autoindex_localtime on; - {%- else %} - index index.html; - {% endif %} - } - - {%- for dir in dirs %} - location {{ dir.name }} { - alias {{ dir.alias }}; - } - {%- endfor %} - - location /robots.txt { - return 200 "User-agent: *\r\nDisallow: /"; - } -} diff --git a/states/nginx/templates/types/simple.j2 b/states/nginx/templates/types/simple.j2 index 3f575c6..f1c44b3 100644 --- a/states/nginx/templates/types/simple.j2 +++ b/states/nginx/templates/types/simple.j2 @@ -51,9 +51,17 @@ server { {%- for dir in dirs %} location {{ dir.name }} { alias {{ dir.alias }}; + + location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ { + expires 2d; + } } {%- endfor %} + location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ { + expires 2d; + } + location /robots.txt { return 200 "User-agent: *\r\nDisallow: /"; } diff --git a/states/nginx/templates/types/zabbix.j2 b/states/nginx/templates/types/zabbix.j2 index ac108cb..d892e2d 100644 --- a/states/nginx/templates/types/zabbix.j2 +++ b/states/nginx/templates/types/zabbix.j2 @@ -28,6 +28,10 @@ server { fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; } + location ~* .(png|ico|gif|jpg|jpeg|css|js|svg)$ { + expires 2d; + } + location /robots.txt { return 200 "User-agent: *\r\nDisallow: /"; }